| Summary: | cpio new out-of-bounds-write security issue (CVE-2016-2037) | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | lewyssmith, sysadmin-bugs |
| Version: | 5 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | i586 | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/675700/ | ||
| Whiteboard: | has_procedure advisory MGA5-64-OK | ||
| Source RPM: | cpio-2.11-11.mga5.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2016-01-19 19:00:00 CET
I'm not aware of an existing fix at this time. Whiteboard:
(none) =>
MGA5TOO CVE-2016-2037 has been assigned: http://openwall.com/lists/oss-security/2016/01/22/4 Summary:
cpio new out-of-bounds-write security issue =>
cpio new out-of-bounds-write security issue (CVE-2016-2037) Patched packages uploaded for Mageia 5 and Cauldron. Note the PoC information in the oss-security thread. Advisory: ======================== Updated cpio package fixes security vulnerability: An out-of-bounds write in cpio was found in the parsing of cpio files, in the process_copy_in() function in src/copyin.c (CVE-2016-2037). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2037 http://openwall.com/lists/oss-security/2016/01/22/4 ======================== Updated packages in core/updates_testing: ======================== cpio-2.11-11.1.mga5 from cpio-2.11-ll.1.mga5.src.rpm Version:
Cauldron =>
5 Testing M5 x64 Using the given test file: http://seclists.org/oss-sec/2016/q1/att-136/overflow_cpio.bin [renamed to overflow.cpio as per the link to it from http://seclists.org/oss-sec/2016/q1/136] BEFORE this update (cpio-2.11-11.mga5): $ cpio -it < tmp/overflow.cpio cpio: Malformed number0000000 cpio: warning: skipped 8 bytes of junk cpio: Substituting `.' for empty member name . cpio: premature end of file which is not (as we find often) the result hoped for - a crash. AFTER the update to cpio-2.11-11.1.mga5: the result was identical. So no reversion = OK. CC:
(none) =>
lewyssmith The output on the link looks like valgrind, the memory debugging tool. It's a bit of a subject on it's own but you can sometimes use it, basically, to see relevant info. (eg. valgrind cpio -it < /tmp/overflow.cpio) In this case we can see the patch has been applied with a diff of the srpm http://madb.mageia.org/rpm/diff/application/0/name/cpio-2.11-11.1.mga5.src.rpm/source/1/release/5/arch/i586/t_media/5 At the top is the patch file being added. Further down in the spec it shows it has been listed and applied.. @@ -13,6 +14,7 @@ Patch14: cpio-2.11-null-deref.patch Patch15: cpio-2.11-testsuite-null-deref.patch Patch16: cpio-2.11-no-overwrite-symlinks.patch +Patch17: cpio-2.12-CVE-2016-2037.patch BuildRequires: bison Requires(post): info-install Requires(preun): info-install @@ -42,6 +44,7 @@ %patch14 -p1 -b .null-deref %patch15 -p1 -b .testsuite-null-deref %patch16 -p1 -b .no-overwrite-symlink +%patch17 -p1 -b .CVE-2016-2037 No regressions on top of this is quite sufficient, well done. Validating. Advisory uploaded. (Changed typewriter 1's to real 1's in srpm) Please push to 5 updates, thanks. Keywords:
(none) =>
validated_update
David Walser
2016-02-15 19:11:51 CET
URL:
(none) =>
http://lwn.net/Vulnerabilities/675700/ An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0063.html Status:
NEW =>
RESOLVED |