| Summary: | bash new security issue CVE-2016-9401 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | lewyssmith, mageia, marja11, sysadmin-bugs, tarazed25 |
| Version: | 5 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://lwn.net/Vulnerabilities/710484/ | ||
| Whiteboard: | MGA5-64-OK MGA5-32-OK has_procedure advisory | ||
| Source RPM: | bash-4.3-33.1.mga5.src.rpm | CVE: | |
| Status comment: | |||
| Bug Depends on: | 19462 | ||
| Bug Blocks: | |||
|
Description
David Walser
2016-11-18 00:32:19 CET
David Walser
2016-11-18 00:32:30 CET
Depends on:
(none) =>
19462 (In reply to Nicolas Lécureuil from comment #1) > no fix is available yet. Already assigning to the maintainer, though CC:
(none) =>
marja11
Shlomi Fish
2016-12-24 21:07:04 CET
Status:
NEW =>
ASSIGNED Gentoo has issued an advisory for this on January 1: https://security.gentoo.org/glsa/201701-02 They added this patch: https://gitweb.gentoo.org/repo/gentoo.git/plain/app-shells/bash/files/bash-4.4-popd-offset-overflow.patch?id=1bf1ceeb04a2f57e1e5e1636a8c288c4d0db6682 URL:
(none) =>
https://lwn.net/Vulnerabilities/710484/ (In reply to David Walser from comment #3) > Gentoo has issued an advisory for this on January 1: > https://security.gentoo.org/glsa/201701-02 > > They added this patch: > https://gitweb.gentoo.org/repo/gentoo.git/plain/app-shells/bash/files/bash-4. > 4-popd-offset-overflow.patch?id=1bf1ceeb04a2f57e1e5e1636a8c288c4d0db6682 Thanks, David! I updated it in Cauldron in bash-4.3-48.3 which is currently scheduled for building at http://pkgsubmit.mageia.org/ and I'm going to tackle mga v5 next. (In reply to Shlomi Fish from comment #4) > (In reply to David Walser from comment #3) > > Gentoo has issued an advisory for this on January 1: > > https://security.gentoo.org/glsa/201701-02 > > > > They added this patch: > > https://gitweb.gentoo.org/repo/gentoo.git/plain/app-shells/bash/files/bash-4. > > 4-popd-offset-overflow.patch?id=1bf1ceeb04a2f57e1e5e1636a8c288c4d0db6682 > > Thanks, David! > > I updated it in Cauldron in bash-4.3-48.3 which is currently scheduled for > building at http://pkgsubmit.mageia.org/ and I'm going to tackle mga v5 next. bash update 4.3-48.2.1 was pushed to mgav5 core/updates_testing. Someone needs to prepare an advisory. Version:
Cauldron =>
5 Advisory: ======================== Updated bash packages fix security vulnerability: In Bash, the popd command can be tricked to free a user supplied address, which could be used to bypass restricted shells (rsh) on some environments to cause use-after-free (CVE-2016-9401). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9401 http://openwall.com/lists/oss-security/2016/11/17/9 https://security.gentoo.org/glsa/201701-02 Tested on x86_64. Tried the command posted at http://openwall.com/lists/oss-security/2016/11/17/9 $ popd +-111111 Segmentation fault Updated bash from core updates testing and tried again: $ popd +-111111 bash: popd: directory stack empty Probably safe to assume that this means that the patch is successful. CC:
(none) =>
tarazed25
Len Lawrence
2017-01-04 19:17:00 CET
Whiteboard:
(none) =>
MGA5-64-OK Ran the popd test on i586 virtualbox before and after the bash update and found the same results as for 64-bits. This can be validated.
Len Lawrence
2017-01-04 19:19:37 CET
Keywords:
(none) =>
validated_update
Len Lawrence
2017-01-04 19:21:57 CET
Whiteboard:
MGA5-64-OK MGA5-32-OK =>
MGA5-64-OK MGA5-32-OK has_procedure Advisoried from comments 5 & 6. CC:
(none) =>
lewyssmith An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0005.html Status:
ASSIGNED =>
RESOLVED |