Bug 16477

Summary: expat new security issue CVE-2015-1283
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: critical    
Priority: Normal CC: davidwhodgins, shlomif, sysadmin-bugs
Version: 5Keywords: validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/652361/
Whiteboard: MGA4TOO MGA4-32-OK advisory MGA5-64-OK
Source RPM: expat-2.1.0-9.mga5.src.rpm CVE:
Status comment:
Bug Depends on:    
Bug Blocks: 16444    

Description David Walser 2015-07-26 16:29:43 CEST 
Google has issued an advisory on July 21:
http://googlechromereleases.blogspot.cz/2015/07/stable-channel-update_21.html

The expat issue also affects the system version.

Patched packages uploaded for Mageia 4, Mageia 5, and Cauldron.

Advisory:
========================

Updated expat package fixes security vulnerabilities:

Multiple integer overflows in the XML_GetBuffer function in Expat through
2.1.0 allow remote attackers to cause a denial of service (heap-based buffer
overflow) or possibly have unspecified other impact via crafted XML data
(CVE-2015-1283).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1283
http://googlechromereleases.blogspot.cz/2015/07/stable-channel-update_21.html
========================

Updated packages in core/updates_testing:
========================
expat-2.1.0-7.1.mga4
libexpat1-2.1.0-7.1.mga4
libexpat-devel-2.1.0-7.1.mga4
expat-2.1.0-9.1.mga5
libexpat1-2.1.0-9.1.mga5
libexpat-devel-2.1.0-9.1.mga5

from SRPMS:
expat-2.1.0-7.1.mga4.src.rpm
expat-2.1.0-9.1.mga5.src.rpm

Reproducible: 

Steps to Reproduce:
David Walser 2015-07-26 16:30:30 CEST

Blocks: (none) => 16444

David Walser 2015-07-26 16:31:25 CEST

Whiteboard: (none) => MGA4TOO

Comment 1 Shlomi Fish 2015-07-26 17:33:19 CEST 
adding mga4-32-ok.

CC: (none) => shlomif
Whiteboard: MGA4TOO => MGA4TOO MGA4-32-OK

Comment 2 Samuel Verschelde 2015-07-27 10:56:56 CEST 
(In reply to Shlomi Fish from comment #1)
> adding mga4-32-ok.

Can you tell how you tested?
Comment 3 Samuel Verschelde 2015-07-27 10:58:01 CEST 
Embryo of procedure there: https://bugs.mageia.org/show_bug.cgi?id=5141#c7
Comment 4 Shlomi Fish 2015-07-27 11:40:22 CEST 
(In reply to Samuel VERSCHELDE from comment #2)
> (In reply to Shlomi Fish from comment #1)
> > adding mga4-32-ok.
> 
> Can you tell how you tested?

Yes, I tested the new chromium-browser with it and it seemed to work fine. That's what Luigi told me to mark it here.
Dave Hodgins 2015-07-27 15:55:30 CEST

CC: (none) => davidwhodgins
Whiteboard: MGA4TOO MGA4-32-OK => MGA4TOO MGA4-32-OK advisory

Comment 5 Dave Hodgins 2015-07-27 16:06:45 CEST 
Testing complete. Validating the update.

Keywords: (none) => validated_update
Whiteboard: MGA4TOO MGA4-32-OK advisory => MGA4TOO MGA4-32-OK advisory MGA5-64-OK
CC: (none) => sysadmin-bugs

Comment 6 Mageia Robot 2015-07-27 19:18:59 CEST 
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2015-0285.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED