Bug 15259

Summary: Update request: glibc-2.18-9.9.mga4
Product: Mageia Reporter: Thomas Backlund <tmb>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: olchal, sysadmin-bugs
Version: 4Keywords: validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/633832/
Whiteboard: has_procedure advisory MGA4-32-OK mga4-64-ok
Source RPM: glibc-2.18-9.9.mga4.src.rpm CVE:
Status comment:

Description Thomas Backlund 2015-02-10 21:23:59 CET 
Advisory:

Under certain conditions wscanf can allocate too little memory for the
to-be-scanned arguments and overflow the allocated buffer (CVE-2015-1472).

The incorrect use of "__libc_use_alloca (newsize)" caused a different
(and weaker) policy to be enforced which could allow a denial of service
attack (CVE-2015-1473).

Reference:
http://www.openwall.com/lists/oss-security/2015/02/04/1

SRPM:
glibc-2.18-9.9.mga4.src.rpm

i586:
glibc-2.18-9.9.mga4.i586.rpm
glibc-devel-2.18-9.9.mga4.i586.rpm
glibc-doc-2.18-9.9.mga4.noarch.rpm
glibc-i18ndata-2.18-9.9.mga4.i586.rpm
glibc-profile-2.18-9.9.mga4.i586.rpm
glibc-static-devel-2.18-9.9.mga4.i586.rpm
glibc-utils-2.18-9.9.mga4.i586.rpm
nscd-2.18-9.9.mga4.i586.rpm


x86_64:
glibc-2.18-9.9.mga4.x86_64.rpm
glibc-devel-2.18-9.9.mga4.x86_64.rpm
glibc-doc-2.18-9.9.mga4.noarch.rpm
glibc-i18ndata-2.18-9.9.mga4.x86_64.rpm
glibc-profile-2.18-9.9.mga4.x86_64.rpm
glibc-static-devel-2.18-9.9.mga4.x86_64.rpm
glibc-utils-2.18-9.9.mga4.x86_64.rpm
nscd-2.18-9.9.mga4.x86_64.rpm


Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2015-02-10 21:54:57 CET 
Had this running on my 6 machines that I tested the kernel on since the weekend or yesterday.  No general regressions.

PoC for the security issue here:
https://sourceware.org/bugzilla/show_bug.cgi?id=16618

Compile the program in the bug report there as follows:
gcc scan.c -std=c99

Then run the program:
./a.out

Before the glibc update it gives an error output due to the free() call.  After it gives no output.

Testing complete Mageia 4 i586.

Whiteboard: (none) => has_procedure MGA4-32-OK

Comment 2 claire robinson 2015-02-13 13:29:55 CET 
Performed two installations one x86_64 and one i586 with kernel, 3 x nvidia, fglrx, broadcom-wl, vbox, xtables-addons and also glibc, dbus, x11 and cups at the same time. 

Also tested PoC 64bit.

All Ok.

Whiteboard: has_procedure MGA4-32-OK => has_procedure MGA4-32-OK mga4-64-ok

Comment 3 claire robinson 2015-02-13 19:09:46 CET 
Advisory uploaded.

Whiteboard: has_procedure MGA4-32-OK mga4-64-ok => has_procedure advisory MGA4-32-OK mga4-64-ok

Comment 4 Thomas Backlund 2015-02-13 19:32:30 CET 
Running fine on 3 live x86_64 systems here
Comment 5 olivier charles 2015-02-14 12:11:43 CET 
Testing on Mageia4x32 real hardware (intel core i3, 8 Series/C220 Series Chipset, nvidia GTX750)

glibc-2.18-9.9.mga4

with latest kernel-desktop, dbus and x11-server

OK

CC: (none) => olchal

Comment 6 claire robinson 2015-02-17 18:10:11 CET 
Validating.

Please push to 4 updates

Thanks

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 7 Mageia Robot 2015-02-17 19:39:00 CET 
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2015-0072.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

David Walser 2015-02-18 23:08:43 CET

URL: (none) => http://lwn.net/Vulnerabilities/633832/