| Summary: | [TRACKER] rollup bug for security related issues blocking release of Mageia 1 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Stew Benedict <stewbintn> |
| Component: | Security | Assignee: | Stew Benedict <stewbintn> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | critical | ||
| Priority: | release_blocker | CC: | balcaen.john, ennael1, misc, saispo |
| Version: | Cauldron | ||
| Target Milestone: | Mageia 1 | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Source RPM: | CVE: | ||
| Status comment: | |||
| Bug Depends on: | 895, 989, 1115, 1116, 1117, 1121, 1142, 1149, 1150, 1165, 1232, 1280, 1281, 1298, 1299, 1300 | ||
| Bug Blocks: | |||
|
Description
Stew Benedict
2011-04-20 21:24:56 CEST
Stew Benedict
2011-04-20 21:25:48 CEST
Priority:
Normal =>
release_blocker
Stew Benedict
2011-04-20 21:26:35 CEST
Severity:
normal =>
critical
John Balcaen
2011-04-20 21:34:55 CEST
CC:
(none) =>
balcaen.john
Stew Benedict
2011-04-20 23:33:37 CEST
Priority:
release_blocker =>
High
Stew Benedict
2011-04-25 17:35:03 CEST
Depends on:
(none) =>
989 updating as blocker, we will close it before final release Priority:
High =>
release_blocker
Nicolas Vigier
2011-04-26 20:09:17 CEST
Depends on:
(none) =>
895 Sigh, I don't seem to even have time this week to open bug reports, but I've seen other vendor's reports go by on rsync, kerberos, php, fail2ban, mount, qemu-kvm, and the kernel. (osvdb mailer or oss-security list). Status:
NEW =>
ASSIGNED Rsync is ok ( CVE-2011-1097 ), we have rsync 3.0.8. Kerberos is CVE-2011-0285, not patched. Qemu-kvm is CVE-2011-0011 CVE-2011-1750 , not patched. For the vnc issue ( CVE-2011-0011 ), the code changed in qemu 0.14 so I think we are covered ( http://git.kernel.org/?p=virt/kvm/qemu-kvm.git;a=commitdiff;h=1cd20f8bf0ecb9d1d1bd5e2ffab3b88835380c9b ), for the other one, I patched the code and submitted. I didn't found fail2ban problem ( I didn't searched much besides mdv and debian advisory ) For php, well, I would not even start to look at it. For mount, I didn't found much ( again, didn't look in detail ). CC:
(none) =>
misc Here's some more info on fail2ban: References: > [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=544232 > [2] https://bugzilla.redhat.com/show_bug.cgi?id=700763 > > Patch applied by Debian distribution: > [3] http://git.onerussian.com/?p=deb/fail2ban.git;a=commitdiff;h=ea7d352616b1e2232fcaa99b11807a86ce29ed8b CVE-2009-5023 Mount is issues with suid helpers (extract from oss-security): CVE-2011-1675 - CVE-2011-1681 based on your list here: http://thread.gmane.org/gmane.comp.security.oss.general/4374/focus=4516 CVE-2011-1089 for similar nfs-utils: http://thread.gmane.org/gmane.comp.security.oss.general/4954 php is the usual fun, Ubuntu has issued an update for several CVE's: http://www.ubuntu.com/usn/usn-1126-1/ May also be a gstreamer issue (from RH advisory): An integer overflow flaw, leading to a heap-based buffer overflow, and a stack-based buffer overflow flaw were found in various ModPlug music file format library (libmodplug) modules, embedded in GStreamer. An attacker could create specially-crafted music files that, when played by a victim, would cause applications using GStreamer to crash or, potentially, execute arbitrary code. (CVE-2006-4192, CVE-2011-1574) All users of gstreamer-plugins are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, all applications using GStreamer (such as Rhythmbox) must be restarted for the changes to take effect. Vino package have two CVE (CVE-2011-0904, CVE-2011-0905) which is not included, see USN-1128-1 for more information. I will patch vino and push it. CC:
(none) =>
saispo
Michael Scherer
2011-05-03 14:16:52 CEST
Depends on:
(none) =>
1115
Michael Scherer
2011-05-03 14:19:00 CEST
Depends on:
(none) =>
1116
Michael Scherer
2011-05-03 14:22:02 CEST
Depends on:
(none) =>
1117
John Balcaen
2011-05-03 18:42:43 CEST
Depends on:
(none) =>
1121 I fixed fail2ban too, but same as Michael said i didn't found some patch or more information about mount and nfs-utils.
Ahmad Samir
2011-05-05 01:02:44 CEST
Blocks:
(none) =>
1142
Jérôme Soyer
2011-05-05 10:05:40 CEST
Blocks:
(none) =>
1150
Jérôme Soyer
2011-05-05 10:38:43 CEST
Blocks:
(none) =>
1149
Michael Scherer
2011-05-05 15:40:38 CEST
Blocks:
1142 =>
(none)
Michael Scherer
2011-05-05 15:40:49 CEST
Blocks:
1149 =>
(none)
Michael Scherer
2011-05-05 15:40:57 CEST
Blocks:
1150 =>
(none)
Michael Scherer
2011-05-05 15:45:35 CEST
Depends on:
(none) =>
1157
Stew Benedict
2011-05-05 21:57:17 CEST
Depends on:
(none) =>
1165
Jérôme Soyer
2011-05-10 20:13:54 CEST
Blocks:
(none) =>
1232
Michael Scherer
2011-05-15 02:15:03 CEST
Depends on:
(none) =>
1280
Michael Scherer
2011-05-15 02:19:54 CEST
Depends on:
(none) =>
1281
Michael Scherer
2011-05-15 02:22:11 CEST
Blocks:
1232 =>
(none)
Michael Scherer
2011-05-16 09:38:45 CEST
Depends on:
(none) =>
1298
Michael Scherer
2011-05-16 09:46:33 CEST
Depends on:
(none) =>
1299
Michael Scherer
2011-05-16 09:50:45 CEST
Depends on:
(none) =>
1300 Please do not add new bugs there as we are now working on releasing final release
Anne Nicolas
2011-05-23 18:52:17 CEST
Depends on:
1157 =>
(none) Closing now as we won't add any new security updates before stable release Status:
ASSIGNED =>
RESOLVED |