Bug 14240

Summary: suricata new security issue CVE-2014-6603
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Daniel Lucio <luis.daniel.lucio>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: guillomovitch, pterjan
Version: Cauldron   
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/615073/
Whiteboard:
Source RPM: suricata-2.0.2-3.mga5.src.rpm CVE:
Status comment:

Description David Walser 2014-10-06 19:28:14 CEST 
Fedora has issued an advisory on September 25:
https://lists.fedoraproject.org/pipermail/package-announce/2014-October/139821.html

The issue is fixed upstream in 2.0.4.

The initial report says that versions older than 2.0.3 *may* be affected, but I haven't seen a clarification as to whether they are:
http://seclists.org/fulldisclosure/2014/Sep/79

Reproducible: 

Steps to Reproduce:
David Walser 2014-10-06 19:28:36 CEST

CC: (none) => guillomovitch, pterjan
Whiteboard: (none) => MGA4TOO, MGA3TOO

Comment 1 David Walser 2014-10-06 21:40:22 CEST 
Guillaume fixed this in Cauldron with suricata-2.0.4-1.mga5.  Thanks Guillaume!

We might need more investigation to see if 1.4.x in Mageia 3 and 4 are affected, or we could just update it if it's OK to do so.

Version: Cauldron => 4
Whiteboard: MGA4TOO, MGA3TOO => MGA3TOO

Comment 2 Pascal Terjan 2014-10-06 22:29:12 CEST 
Reading the code in 1.4 and 1.4.7 they don't seem affected as they don't use "\r" to find the end of the string, they just discard it if the version ends up finishing with it.
I'll try to get some upstream confirmation.
Comment 3 Pascal Terjan 2014-10-06 22:45:12 CEST 
Got confirmation that 1.4 is fine https://twitter.com/Regiteric/status/519226322166763520
Comment 4 David Walser 2014-10-06 22:50:32 CEST 
Thanks Pascal!

Status: NEW => RESOLVED
Version: 4 => Cauldron
Resolution: (none) => FIXED
Whiteboard: MGA3TOO => (none)