| Summary: | c-ares possible new security issues fixed upstream in 1.17.1 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, mhrambo3501, ouaurelien, sysadmin-bugs, tarazed25 |
| Version: | 7 | Keywords: | advisory, has_procedure, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA7-64-OK | ||
| Source RPM: | c-ares-1.15.0-1.mga7.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2020-11-23 20:08:44 CET
Hi, thanks for reporting this bug. Assigned to the package maintainer. (Please set the status to 'assigned' if you are working on it) Assignee:
bugsquad =>
shlomif
David Walser
2020-12-27 23:47:52 CET
Assignee:
shlomif =>
pkg-bugs Updated package uploaded for Mageia 7.
Advisory:
========================
Updated c-ares package fixes security vulnerabilities:
* Avoid read-heap-buffer-overflow in ares_parse_soa_reply found during fuzzing
* Avoid theoretical buffer overflow in RC4 loop comparison
* Empty hquery->name could lead to invalid memory access
* ares_parse_{a,aaaa}_reply() could return a larger *naddrttls than was passed in
References:
https://c-ares.haxx.se/changelog.html#1_17_1
========================
Updated packages in core/updates_testing:
========================
lib64cares2-1.17.1-1.mga7
lib64cares-devel-1.17.1-1.mga7
from c-ares-1.17.1-1.mga7.src.rpm
Test procedure:
https://bugs.mageia.org/show_bug.cgi?id=21115#c6
https://bugs.mageia.org/show_bug.cgi?id=21115#c7Assignee:
pkg-bugs =>
qa-bugs mga7, x64 Repeated the aria2c test from https://bugs.mageia.org/show_bug.cgi?id=21115#c7 to download mirror.readme. All in order. Updated the two packages. Repeated the download test under strace. $ strace -o cares.trace aria2c ftp://ftp.mirrorservice.org/pub/mageia/mirror.readme strace: decode_nlattr: [xlat 0x4e7e80, dflt "AF_???", decoders 0x7fff7ea75298] size is zero (going to pass nla_type as decoder argument), but opaque data (0x7fff7ea75330) is not - will be ignored strace: decode_nlattr: [xlat 0x4e7e80, dflt "AF_???", decoders 0x7fff7ea75298] size is zero (going to pass nla_type as decoder argument), but opaque data (0x7fff7ea75330) is not - will be ignored 01/04 11:53:27 [NOTICE] Downloading 1 item(s) 01/04 11:53:27 [NOTICE] Download complete: /home/lcl/mirror.readme Download Results: gid |stat|avg speed |path/URI ======+====+===========+======================================================= 1a632a|OK | 16KiB/s|/home/lcl/mirror.readme Status Legend: (OK):download completed. $ diff mirror.readme /tmp/mirror.readme $ grep cares cares.trace openat(AT_FDCWD, "/usr/lib64/libcares.so.2", O_RDONLY|O_CLOEXEC) = 3 $ sudo strace -o urpmi.trace urpmi --aria2 guava $MIRRORLIST: media/core/updates_testing/guava-25.0-2.1.mga7.noarch.rpm installing guava-25.0-2.1.mga7.noarch.rpm from /var/cache/urpmi/rpms Preparing... ############################################# 1/1: guava ############################################# $ sudo chown lcl:lcl urpmi.trace $ grep cares urpmi.trace stat("/usr/share/doc/lib64cares-devel/", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 That looks a bit odd but we shall let it pass. CC:
(none) =>
tarazed25 Validating. Advisory in Comment 2. Keywords:
(none) =>
validated_update Advisory pushed to SVN. CC:
(none) =>
ouaurelien An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0007.html Resolution:
(none) =>
FIXED |