Bug 13181

Summary: elfutils new security issue CVE-2014-0172
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: mageia, sysadmin-bugs
Version: 4Keywords: validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/595046/
Whiteboard: MGA3TOO has_procedure advisory mga3-32-ok mga3-64-ok mga4-32-ok mga4-64-ok
Source RPM: elfutils-0.157-3.mga4.src.rpm CVE:
Status comment:

Description David Walser 2014-04-09 20:32:13 CEST 
Details on a security issue in elfutils were released today (April 9):
http://openwall.com/lists/oss-security/2014/04/09/12

Patched packages uploaded for Mageia 3, Mageia 4, and Cauldron.

Advisory:
========================

Updated elfutils packages fix security vulnerability:

The libdw library provides support for accessing DWARF debugging information
inside ELF files. An integer overflow flaw in check_section(), leading to a
heap-based buffer overflow, was found in the libdw library. A malicious ELF
file could cause an application using libdw (such as eu-readelf) to crash or,
potentially, execute arbitrary code with the privileges of the user running
the application (CVE-2014-0172).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0172
https://bugzilla.redhat.com/show_bug.cgi?id=1085663
========================

Updated packages in core/updates_testing:
========================
elfutils-0.155-2.1.mga3
libelfutils-devel-0.155-2.1.mga3
libelfutils-static-devel-0.155-2.1.mga3
libelfutils1-0.155-2.1.mga3
elfutils-0.157-3.1.mga4
libelfutils-devel-0.157-3.1.mga4
libelfutils-static-devel-0.157-3.1.mga4
libelfutils1-0.157-3.1.mga4

from SRPMS:
elfutils-0.155-2.1.mga3.src.rpm
elfutils-0.157-3.1.mga4.src.rpm

Reproducible: 

Steps to Reproduce:
David Walser 2014-04-09 20:32:19 CEST

Whiteboard: (none) => MGA3TOO

Comment 1 claire robinson 2014-04-14 18:56:30 CEST 
No PoC.

Easy to test. It dumps pages of gobbledegook.
Find commands available in the package..
$ urpmf elfutils | grep bin

Test using one of them..

$ eu-objdump -s /usr/bin/eu-objdump

/usr/bin/eu-objdump: elf32-elf_i386

Contents of section .interp:
 0000 2f6c6962 2f6c642d 6c696e75 782e736f  /lib/ld-linux.so
 0010 2e3200                               .2.

Contents of section .init:
 0000 5383ec08 e88b0500 0081c30b 6100008b  S...........a...
 0010 83f4ffff ff85c074 05e8c601 000083c4  .......t........
 0020 085bc3      
...etc.

Whiteboard: MGA3TOO => MGA3TOO has_procedure

Comment 2 claire robinson 2014-04-14 19:00:07 CEST 
Testing complete mga3 32 and mga4 32 & 64.

Needs testing mga3 64 to validate.

Whiteboard: MGA3TOO has_procedure => MGA3TOO has_procedure mga3-32-ok mga4-32-ok mga4-64-ok

Comment 3 claire robinson 2014-04-14 19:16:56 CEST 
Advisory uploaded.

Whiteboard: MGA3TOO has_procedure mga3-32-ok mga4-32-ok mga4-64-ok => MGA3TOO has_procedure advisory mga3-32-ok mga4-32-ok mga4-64-ok

Comment 4 claire robinson 2014-04-16 14:26:29 CEST 
Testing complete mga3 64

Validating. Could sysadmin please push to 3 & 4 updates

Thanks

Keywords: (none) => validated_update
Whiteboard: MGA3TOO has_procedure advisory mga3-32-ok mga4-32-ok mga4-64-ok => MGA3TOO has_procedure advisory mga3-32-ok mga3-64-ok mga4-32-ok mga4-64-ok
CC: (none) => sysadmin-bugs

Comment 5 Colin Guthrie 2014-04-16 15:19:50 CEST 
Update pushed: http://advisories.mageia.org/MGASA-2014-0177.html

Status: NEW => RESOLVED
CC: (none) => mageia
Resolution: (none) => FIXED

David Walser 2014-04-17 00:13:45 CEST

URL: (none) => http://lwn.net/Vulnerabilities/595046/