Bug 17328

Summary: quassel new security issue CVE-2015-8547
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: sysadmin-bugs
Version: 5Keywords: validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/668336/
Whiteboard: has_procedure mga5-32-ok advisory
Source RPM: quassel-0.10.1-5.mga5.src.rpm CVE:
Status comment:

Description David Walser 2015-12-13 13:31:01 CET 
A CVE was assigned for a denial of service issue fixed upstream:
http://openwall.com/lists/oss-security/2015/12/13/1

Patched packages uploaded for Mageia 5 and Cauldron.

Advisory:
========================

Updated quassel packages fix security vulnerability:

The Quassel core could be crashed by a client using the op command, causing a
denial of service (CVE-2015-8547).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8547
http://openwall.com/lists/oss-security/2015/12/13/1
========================

Updated packages in core/updates_testing:
========================
quassel-0.10.1-5.1.mga5
quassel-common-0.10.1-5.1.mga5
quassel-client-0.10.1-5.1.mga5
quassel-core-0.10.1-5.1.mga5

from quassel-0.10.1-5.1.mga5.src.rpm

Reproducible: 

Steps to Reproduce:
Comment 1 claire robinson 2015-12-14 18:40:37 CET 
Testing complete mga5 32

Confirmed the crash. Started quasselcore in one terminal and quasselclient in a 2nd. Completed the setup wizard.

Created a channel "/join #mrsbtest" and used "/op *" which crashed the core.

Confirmed OK after update.

Whiteboard: (none) => has_procedure mga5-32-ok

RĂ©mi Verschelde 2015-12-15 07:35:17 CET

Whiteboard: has_procedure mga5-32-ok => has_procedure mga5-32-ok advisory

Comment 2 claire robinson 2015-12-16 16:11:24 CET 
Validating.

Please push to 5 updates

Thanks

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 3 Mageia Robot 2015-12-16 22:01:59 CET 
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2015-0475.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

David Walser 2015-12-17 16:48:41 CET

URL: (none) => http://lwn.net/Vulnerabilities/668336/