| Summary: | 389-ds-base new security issue CVE-2017-2591 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | herman.viaene, lewyssmith, mhrambo3501, rverschelde, sysadmin-bugs |
| Version: | 5 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://lwn.net/Vulnerabilities/713059/ | ||
| Whiteboard: | has_procedure MGA5-32-OK advisory MGA5-64-OK | ||
| Source RPM: | 389-ds-base-1.3.4.14-1.mga5.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2017-01-18 22:33:11 CET
Patched package uploaded for Mageia 5. Testing procedures: https://bugs.mageia.org/show_bug.cgi?id=11720#c7 https://bugs.mageia.org/show_bug.cgi?id=16928#c7 Advisory: ======================== Updated 389-ds-base package fixes security vulnerability: The "attribute uniqueness" plugin did not properly NULL-terminate an array when building up its configuration if a so called 'old-style' configuration was being used. An attacker, authenticated, but possibly also unauthenticated, could possibly force the plugin to read beyond allocated memory and trigger a segfault. The crash could also possibly be triggered accidentally (CVE-2017-2591). References: http://www.openwall.com/lists/oss-security/2017/01/18/5 https://fedorahosted.org/389/ticket/48986 ======================== Updated packages in core/updates_testing: ======================== 389-ds-base-1.3.4.14-1.1.mga5 389-ds-base-debuginfo-1.3.4.14-1.1.mga5 lib64389-ds-base0-1.3.4.14-1.1.mga5 lib64389-ds-base-devel-1.3.4.14-1.1.mga5 from 389-ds-base-1.3.4.14-1.1.mga5.src.rpm CC:
(none) =>
mrambo MGA5-32 on AsusA6000VM Xfce No installation issues,except that debuginfo package is not present in Update testing , I suppose this is not really needed Completed test as per bug 11720 Comment 7 (tx Claire), all OK. Whiteboard:
has_procedure =>
has_procedure MGA5-32-OK
Lewis Smith
2017-01-27 11:42:21 CET
CC:
(none) =>
lewyssmith Testing M5_64 following https://bugs.mageia.org/show_bug.cgi?id=16928#c7 except that I already had this thing installed and configured [typical]. Used the following command sequnce ex Claire's original procedure: BEFORE (389-ds-base-1.3.4.14-1 &lib64389-ds-base0-1.3.4.14-1) and AFTER (389-ds-base-1.3.4.14-1.1 & lib64389-ds-base0-1.3.4.14-1.1) the update. # systemctl [re]start dirsrv@localhost # systemctl status dirsrv@localhostâ dirsrv@localhost.service - 389 Directory Server localhost. Loaded: loaded (/usr/lib/systemd/system/dirsrv@.service; enabled) Active: active (running) since Gwe 2017-01-27 15:16:19 CET; 12s ago ... [After restart only: Process: 3295 ExecStopPost=/bin/rm -f /var/run/dirsrv/slapd-%i.pid (code=exited, status=0/SUCCESS) ] ... # netstat -pant | grep 389 tcp6 0 0 :::389 :::* LISTEN 4653/ns-slapd # ldapsearch -x -h localhost -s base -b "" "objectclass=*" # extended LDIF # # LDAPv3 # base <> with scope baseObject # filter: objectclass=* # requesting: ALL # # dn: objectClass: top defaultnamingcontext: dc=localdomain dataversion: 020170127140842 netscapemdsuffix: cn=ldap://dc=localhost,dc=localdomain:389 # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 Service restart exception as noted, results were essentially identical. Update OK. Validating. Whiteboard:
has_procedure MGA5-32-OK advisory =>
has_procedure MGA5-32-OK advisory MGA5-64-OK An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0028.html Status:
NEW =>
RESOLVED Re-opening because this package was re-introduced into Cauldron for some reason, without the security fix. The package no longer has a maintainer, so it should probably have stayed gone. Version:
5 =>
Cauldron Please drop packages from SVN when you get them removed from repos... I reintroduced those ones because I thought they had been mistakenly wiped from the repos like other packages starting with a number: https://ml.mageia.org/l/arc/dev/2017-01/msg00713.html Any package that is left rotting in SVN is bought to be resubmit at some time. So when dropping a package, please obsolete it too in SVN (it's just one command, `mgarepo obsolete 389-ds-base`). Status:
RESOLVED =>
REOPENED s/bought/bound/ :) OK. I assumed the 389 stuff had been dropped for that reason but I don't know who dropped them. Assigning the dead bug back to QA. CC:
qa-bugs =>
rverschelde They haven't been re-dropped yet, so assigning back to Mike for now (we can add the security patch). Hopefully they can be dropped though, because they're totally unmaintained. CC:
(none) =>
qa-bugs Cauldron package patched for CVE-2017-2591 has been uploaded. Status:
REOPENED =>
RESOLVED Thanks Mike. CC:
qa-bugs =>
(none)
David Walser
2017-01-31 04:51:50 CET
URL:
(none) =>
https://lwn.net/Vulnerabilities/713059/ |