Bug 15804

Summary: libtasn1 new security issue fixed upstream in 4.5 (CVE-2015-3622)
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: sysadmin-bugs
Version: 4Keywords: validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/643577/
Whiteboard: has_procedure advisory MGA4-32-OK mga4-64-ok
Source RPM: libtasn1-4.2-3.mga5.src.rpm CVE:
Status comment:

Description David Walser 2015-04-30 18:41:46 CEST 
A CVE was requested (though it could have been more explicit) for a heap overflow issue fixed in libtasn1:
http://openwall.com/lists/oss-security/2015/04/30/3

Mageia 4 and Mageia 5 are affected.

Reproducible: 

Steps to Reproduce:
David Walser 2015-04-30 18:41:58 CEST

Whiteboard: (none) => MGA5TOO, MGA4TOO

Comment 1 David Walser 2015-04-30 20:13:35 CEST 
CVE-2015-3622 has been assigned:
http://openwall.com/lists/oss-security/2015/04/30/6

Patches added in Mageia 4 and Cauldron SVN.  Freeze push requested.

Summary: libtasn1 new security issue fixed upstream in 4.5 => libtasn1 new security issue fixed upstream in 4.5 (CVE-2015-3622)

Comment 2 David Walser 2015-04-30 23:38:08 CEST 
Patched packages uploaded for Mageia 4 and Cauldron.

Note that there's a PoC linked from the post linked in Comment 0.

General Testing procedure:
https://bugs.mageia.org/show_bug.cgi?id=5128#c10

Advisory:
========================

Updated libtasn1 packages fix security vulnerability:

A malformed certificate input could cause a heap overflow read in the DER
decoding functions of Libtasn1. The heap overflow happens in the function
_asn1_extract_der_octet() (CVE-2015-3622).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3622
https://blog.fuzzing-project.org/9-Heap-overflow-invalid-read-in-Libtasn1-TFPA-0052015.html
http://openwall.com/lists/oss-security/2015/04/30/6
========================

Updated packages in core/updates_testing:
========================
libtasn1_6-3.6-1.2.mga4
libtasn1-tools-3.6-1.2.mga4
libtasn1-devel-3.6-1.2.mga4

from libtasn1-3.6-1.2.mga4.src.rpm

Version: Cauldron => 4
Assignee: bugsquad => qa-bugs
Whiteboard: MGA5TOO, MGA4TOO => has_procedure

Comment 3 David Walser 2015-05-01 00:52:31 CEST 
General testing procedure runs fine for me on Mageia 4 i586.  I didn't test the PoC (needs to be tested with Address Sanitizer or valgrind).
Comment 4 David Walser 2015-05-05 16:56:41 CEST 
Marking as OK for me.  Someone else could try the PoC.

Whiteboard: has_procedure => has_procedure MGA4-32-OK

Comment 5 claire robinson 2015-05-06 19:03:31 CEST 
Testing complete mga4 64

Whiteboard: has_procedure MGA4-32-OK => has_procedure MGA4-32-OK mga4-64-ok

Comment 6 claire robinson 2015-05-06 19:33:28 CEST 
Validating. Advisory uploaded.

Please push to 4 updates

Thanks!

Keywords: (none) => validated_update
Whiteboard: has_procedure MGA4-32-OK mga4-64-ok => has_procedure advisory MGA4-32-OK mga4-64-ok
CC: (none) => sysadmin-bugs

Comment 7 Mageia Robot 2015-05-06 19:44:37 CEST 
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2015-0200.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

David Walser 2015-05-07 16:36:10 CEST

URL: (none) => http://lwn.net/Vulnerabilities/643577/