| Summary: | valgrind new security issues CVE-2016-2226, CVE-2016-4487, CVE-2016-4488, CVE-2016-4489, CVE-2016-4490, CVE-2016-4491, CVE-2016-4492, CVE-2016-4493, CVE-2016-6131 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | herman.viaene, lewyssmith, mageia, marja11, sysadmin-bugs, thierry.vignaud |
| Version: | 5 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA5-32-OK MGA5-64-OK advisory | ||
| Source RPM: | valgrind-3.12.0-4.mga6.src.rpm | CVE: | |
| Status comment: | |||
| Attachments: | file to compile and run valgrind to the executable | ||
|
Description
David Walser
2017-06-22 00:17:49 CEST
David Walser
2017-06-22 00:17:56 CEST
Whiteboard:
(none) =>
MGA5TOO
Marja Van Waes
2017-06-23 22:05:58 CEST
CC:
(none) =>
marja11 Note that CVE-2016-2226 is already fixed in the version in Cauldron. The Ubuntu patch for 3.12.0 only references CVE-2016-4491, but apparently it fixes all of the remaining issues. I've checked it into SVN and requested a freeze push. valgrind-3.12.0-5.mga6 uploaded for Cauldron, presumably fixing this. Whiteboard:
MGA5TOO =>
(none) Patched package uploaded for Mageia 5. Advisory: ======================== Updated valgrind packages fix security vulnerabilities: It was discovered that Valgrind incorectly handled certain string operations. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could possibly execute arbitrary code (CVE-2016-2226). It was discovered that Valgrind incorrectly handled parsing certain binaries. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause Valgrind to crash, resulting in a denial of service (CVE-2016-4487, CVE-2016-4488, CVE-2016-4489, CVE-2016-4490, CVE-2016-4491, CVE-2016-4492, CVE-2016-4493, CVE-2016-6131). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2226 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4487 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4488 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4489 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4490 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4491 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4492 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4493 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6131 https://www.ubuntu.com/usn/usn-3337-1/ ======================== Updated packages in core/updates_testing: ======================== valgrind-3.10.1-2.1.mga5 valgrind-devel-3.10.1-2.1.mga5 valgrind-openmpi-3.10.1-2.1.mga5 from valgrind-3.10.1-2.1.mga5.src.rpm CC:
(none) =>
thierry.vignaud MGA5-32 on Asus A6000VM Xfce No installation issues Found test in http://valgrind.org/docs/manual/quick-start.html (test file will be uploaded), compiled and at CLI: $ valgrind --leak-check=yes /home/tester5/Documenten/valgrindtest ==7637== Memcheck, a memory error detector ==7637== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al. ==7637== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info ==7637== Command: /home/tester5/Documenten/valgrindtest ==7637== ==7637== Invalid write of size 4 ==7637== at 0x8048437: f (in /home/tester5/Documenten/valgrindtest) ==7637== by 0x8048454: main (in /home/tester5/Documenten/valgrindtest) ==7637== Address 0x4222050 is 0 bytes after a block of size 40 alloc'd ==7637== at 0x402951B: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==7637== by 0x804842A: f (in /home/tester5/Documenten/valgrindtest) ==7637== by 0x8048454: main (in /home/tester5/Documenten/valgrindtest) ==7637== ==7637== ==7637== HEAP SUMMARY: ==7637== in use at exit: 40 bytes in 1 blocks ==7637== total heap usage: 1 allocs, 0 frees, 40 bytes allocated ==7637== ==7637== 40 bytes in 1 blocks are definitely lost in loss record 1 of 1 ==7637== at 0x402951B: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==7637== by 0x804842A: f (in /home/tester5/Documenten/valgrindtest) ==7637== by 0x8048454: main (in /home/tester5/Documenten/valgrindtest) ==7637== ==7637== LEAK SUMMARY: ==7637== definitely lost: 40 bytes in 1 blocks ==7637== indirectly lost: 0 bytes in 0 blocks ==7637== possibly lost: 0 bytes in 0 blocks ==7637== still reachable: 0 bytes in 0 blocks ==7637== suppressed: 0 bytes in 0 blocks ==7637== ==7637== For counts of detected and suppressed errors, rerun with: -v ==7637== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 0 from 0) Whiteboard:
(none) =>
MGA5-32-OK Created attachment 9504 [details]
file to compile and run valgrind to the executable
Lewis Smith
2017-07-20 20:52:43 CEST
CC:
(none) =>
lewyssmith Installed and tested using test binary without issues. Tested with other binaries and IDEs, again without issue. System: x86_64, Plasma, nVidia (proprietary driver) $ uname -a Linux marte 4.4.78-desktop-1.mga5 #1 SMP Mon Jul 24 20:49:58 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux $ rpm -q valgrind valgrind-3.10.1-2.1.mga5 $ valgrind --leak-check=yes ./valgrindtest ==1582== Memcheck, a memory error detector ==1582== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al. ==1582== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info ==1582== Command: ./valgrindtest ==1582== ==1582== Invalid write of size 4 ==1582== at 0x400646: f (in /tmp/pedro/valgrindtest) ==1582== by 0x400656: main (in /tmp/pedro/valgrindtest) ==1582== Address 0x51e8068 is 0 bytes after a block of size 40 alloc'd ==1582== at 0x4C27F7F: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==1582== by 0x400639: f (in /tmp/pedro/valgrindtest) ==1582== by 0x400656: main (in /tmp/pedro/valgrindtest) ==1582== ==1582== ==1582== HEAP SUMMARY: ==1582== in use at exit: 40 bytes in 1 blocks ==1582== total heap usage: 1 allocs, 0 frees, 40 bytes allocated ==1582== ==1582== 40 bytes in 1 blocks are definitely lost in loss record 1 of 1 ==1582== at 0x4C27F7F: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==1582== by 0x400639: f (in /tmp/pedro/valgrindtest) ==1582== by 0x400656: main (in /tmp/pedro/valgrindtest) ==1582== ==1582== LEAK SUMMARY: ==1582== definitely lost: 40 bytes in 1 blocks ==1582== indirectly lost: 0 bytes in 0 blocks ==1582== possibly lost: 0 bytes in 0 blocks ==1582== still reachable: 0 bytes in 0 blocks ==1582== suppressed: 0 bytes in 0 blocks ==1582== ==1582== For counts of detected and suppressed errors, rerun with: -v ==1582== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 0 from 0) Whiteboard:
MGA5-32-OK advisory =>
MGA5-32-OK MGA5-64-OK advisory Thank you Herman & PC_LX for the tests. Validating, already advisoried. Keywords:
(none) =>
validated_update An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0222.html Resolution:
(none) =>
FIXED |