Bug 15173

Summary: perl-Gtk2 possible security issue from memory management bug
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: olchal, sysadmin-bugs, thierry.vignaud
Version: 4Keywords: validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/633094/
Whiteboard: has_procedure advisory MGA4-64-OK MGA4-32-OK
Source RPM: perl-Gtk2-1.249.200-5.mga5.src.rpm CVE:
Status comment:
Attachments: perl-Gtk2 script files

Description David Walser 2015-01-31 18:39:38 CET 
As Thierry pointed out on the dev mailing list, there's a memory management bug that was fixed in perl-Gtk2 1.2495:
http://cpansearch.perl.org/src/XAOC/Gtk2-1.2495/NEWS

He forwarded an e-mail from the gtk-perl-list@gnome.org list that addressed the possible security implications.  The response was rather unfortunate, as this is how we end up with things like GHOST, but I digress...

https://www.mail-archive.com/gtk-perl-list@gnome.org/msg07796.html

So we should update Mageia 4 and Cauldron to 1.2495.

Reproducible: 

Steps to Reproduce:
David Walser 2015-01-31 18:39:57 CET

Whiteboard: (none) => MGA4TOO

Comment 1 David Walser 2015-02-04 13:39:55 CET 
Updated packages uploaded for Mageia 4 and Cauldron by tv.

perl-Gtk2-1.249.500-2.mga4
perl-Gtk2-doc-1.249.500-2.mga4

from perl-Gtk2-1.249.500-2.mga4.src.rpm

Assigning to QA.  Advisory to come later.  For now, see the upstream NEWS file.

CC: (none) => thierry.vignaud
Assignee: thierry.vignaud => qa-bugs
Whiteboard: MGA4TOO => (none)
Version: Cauldron => 4

Comment 2 olivier charles 2015-02-05 22:59:15 CET 
Created attachment 5860 [details]
perl-Gtk2 script files


5 perl-Gtk2 script files I used for my test.

They were found here :

http://www.drdobbs.com/web-development/programming-graphical-applications-with/184416060?pgno=1

CC: (none) => olchal

Comment 3 olivier charles 2015-02-05 23:02:04 CET 
Testing on Mageia4x64 real hardware using script files in Comment 2
Did not find any PoC

From current package :
--------------------
perl-Gtk2-1.249.0-2.mga4

To updated package :
------------------
perl-Gtk2-1.249.500-2.mga4.x86_64

Perl-Gtk2 scripts ran well with both versions.

Whiteboard: (none) => MGA4-64-OK

claire robinson 2015-02-09 20:01:04 CET

Whiteboard: MGA4-64-OK => has_procedure MGA4-64-OK

Comment 4 David Walser 2015-02-10 14:18:35 CET 
The seven programs from the Dr. Dobbs article work fine on Mageia 4 i586.

Whiteboard: has_procedure MGA4-64-OK => has_procedure MGA4-64-OK MGA4-32-OK

Comment 5 claire robinson 2015-02-11 12:50:40 CET 
Need an advisory for this one please David.
Comment 6 David Walser 2015-02-11 13:04:26 CET 
Advisory:
========================

Updated perl-Gtk2 packages fix security vulnerability:

Incorrect memory management in Gtk2::Gdk::Display::list_devices in perl-Gtk2
before 1.2495, where, the code was freeing memory that gtk+ still holds onto
and might access later.

The perl-Gtk2 package has been updated to version 1.2495 to fix this issue and
other bugs.

References:
https://www.mail-archive.com/gtk-perl-list@gnome.org/msg07793.html
http://cpansearch.perl.org/src/XAOC/Gtk2-1.2495/NEWS
Comment 7 claire robinson 2015-02-11 13:17:09 CET 
Thanks. Validating.

Advisory uploaded.

Please push to 4 updates

Keywords: (none) => validated_update
Whiteboard: has_procedure MGA4-64-OK MGA4-32-OK => has_procedure advisory MGA4-64-OK MGA4-32-OK
CC: (none) => sysadmin-bugs

Comment 8 Mageia Robot 2015-02-11 21:48:33 CET 
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2015-0059.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

David Walser 2015-02-12 16:36:50 CET

URL: (none) => http://lwn.net/Vulnerabilities/633094/

Comment 9 David Walser 2015-03-12 22:51:33 CET 
A CVE was requested for this, but it's unclear whether one is appropriate.  MITRE cited our bug in the discussion:
http://openwall.com/lists/oss-security/2015/03/12/12