| Summary: | gajim new security issue CVE-2012-5524 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | sysadmin-bugs, tmb |
| Version: | 2 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | i586 | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/545435/ | ||
| Whiteboard: | has_procedure mga2-32-ok mga2-64-OK | ||
| Source RPM: | gajim-0.15.1-2.mga3.src.rpm | CVE: | |
| Status comment: | |||
| Bug Depends on: | 2317 | ||
| Bug Blocks: | |||
|
Description
David Walser
2013-04-02 20:59:07 CEST
Freeze push requested for Cauldron. Patch added to Mageia 2 SVN and Mageia 1 SVN. Whiteboard:
(none) =>
MGA2TOO Updated package uploaded for Cauldron. Patched package uploaded for Mageia 2. Assigning to QA. Note to QA: Reproducer here: https://bugzilla.redhat.com/show_bug.cgi?id=875809 Advisory: ======================== Updated gajim package fixes security vulnerability: A security flaw was found in the way Gajim before 0.15.3 performed verification of invalid (broken / expired) x.509v3 SSL certificates (True as return value was returned always regardless if error during certificate validation occurred or not). A rogue XMPP server could use this flaw to conduct man-in-the-middle attack (MiTM) and trick Gajim client to accept the certificate even when it was invalid / should not be accepted (CVE-2012-5524). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5524 http://lists.fedoraproject.org/pipermail/package-announce/2013-March/101107.html ======================== Updated packages in core/updates_testing: ======================== gajim-0.15-1.2.mga2 from gajim-0.15-1.2.mga2.src.rpm Version:
Cauldron =>
2 Reproducer needs an XMPP server with expired certificate and alterations to the source so just checking for regressions. Testing complete mga2 32 Whiteboard:
(none) =>
mga2-32-ok Having problems x86_64
I've tried with 2 different jabber servers comm.unicate.me and jabber.org but unable to connect.
Glib errors followed by a traceback and then pages of the same glib error when the mouse is moved onto the gajim window. It's difficult to catch the traceback before it's scrolled away. The traceback seems to recur when the connection fails.
Reinstalling the previous version allows it to connect again so some problem with the update. I'll check i586 again to see if I can reproduce the error there too.
(gajim:25140): GLib-GObject-CRITICAL **: g_object_set_qdata: assertion `G_IS_OBJECT (object)' failed
Traceback (most recent call last):
File "/usr/share/gajim/src/common/xmpp/idlequeue.py", line 533, in _process_events
return IdleQueue._process_events(self, fd, flags)
File "/usr/share/gajim/src/common/xmpp/idlequeue.py", line 394, in _process_events
obj.pollin()
File "/usr/share/gajim/src/common/xmpp/transports_nb.py", line 414, in pollin
self._do_receive()
File "/usr/share/gajim/src/common/xmpp/transports_nb.py", line 600, in _do_receive
self._on_receive(received)
File "/usr/share/gajim/src/common/xmpp/transports_nb.py", line 614, in _on_receive
self.on_receive(data)
File "/usr/share/gajim/src/common/xmpp/client_nb.py", line 308, in <lambda>
self.onreceive(lambda _data:self._xmpp_connect_machine(mode, _data))
File "/usr/share/gajim/src/common/xmpp/client_nb.py", line 359, in _xmpp_connect_machine
self._xmpp_connect_machine(mode='STREAM_STARTED')
File "/usr/share/gajim/src/common/xmpp/client_nb.py", line 362, in _xmpp_connect_machine
self._on_stream_start()
File "/usr/share/gajim/src/common/xmpp/client_nb.py", line 398, in _on_stream_start
self._on_connect()
File "/usr/share/gajim/src/common/xmpp/client_nb.py", line 435, in _on_connect
self.on_connect(self, self.connected)
File "/usr/share/gajim/src/common/connection.py", line 1265, in _connect_success
return self.connection_accepted(con, con_type)
File "/usr/share/gajim/src/common/connection.py", line 1296, in connection_accepted
for er in errnum:
TypeError: 'int' object is not iterable
(gajim:25140): GLib-GObject-CRITICAL **: g_object_set_qdata: assertion `G_IS_OBJECT (object)' failedWhiteboard:
mga2-32-ok =>
mga2-32-ok feedback Reproduced i586 so I must have made a mistake previously
Traceback (most recent call last):
File "/usr/share/gajim/src/common/xmpp/idlequeue.py", line 533, in _process_events
return IdleQueue._process_events(self, fd, flags)
File "/usr/share/gajim/src/common/xmpp/idlequeue.py", line 394, in _process_events
obj.pollin()
File "/usr/share/gajim/src/common/xmpp/transports_nb.py", line 414, in pollin
self._do_receive()
File "/usr/share/gajim/src/common/xmpp/transports_nb.py", line 600, in _do_receive
self._on_receive(received)
File "/usr/share/gajim/src/common/xmpp/transports_nb.py", line 614, in _on_receive
self.on_receive(data)
File "/usr/share/gajim/src/common/xmpp/client_nb.py", line 308, in <lambda>
self.onreceive(lambda _data:self._xmpp_connect_machine(mode, _data))
File "/usr/share/gajim/src/common/xmpp/client_nb.py", line 343, in _xmpp_connect_machine
self._xmpp_connect_machine(mode='STREAM_STARTED')
File "/usr/share/gajim/src/common/xmpp/client_nb.py", line 362, in _xmpp_connect_machine
self._on_stream_start()
File "/usr/share/gajim/src/common/xmpp/client_nb.py", line 398, in _on_stream_start
self._on_connect()
File "/usr/share/gajim/src/common/xmpp/client_nb.py", line 435, in _on_connect
self.on_connect(self, self.connected)
File "/usr/share/gajim/src/common/connection.py", line 1265, in _connect_success
return self.connection_accepted(con, con_type)
File "/usr/share/gajim/src/common/connection.py", line 1296, in connection_accepted
for er in errnum:
TypeError: 'int' object is not iterableWhiteboard:
mga2-32-ok feedback =>
feedback Thanks Claire. IIRC, the same thing happened the first time we tried to patch this for a Mageia 1 update, and we just had to update it to a newer version. I've updated it to 0.15.3. Advisory: ======================== Updated gajim package fixes security vulnerability: A security flaw was found in the way Gajim before 0.15.3 performed verification of invalid (broken / expired) x.509v3 SSL certificates (True as return value was returned always regardless if error during certificate validation occurred or not). A rogue XMPP server could use this flaw to conduct man-in-the-middle attack (MiTM) and trick Gajim client to accept the certificate even when it was invalid / should not be accepted (CVE-2012-5524). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5524 http://lists.fedoraproject.org/pipermail/package-announce/2013-March/101107.html ======================== Updated packages in core/updates_testing: ======================== gajim-0.15.3-1.mga2 from gajim-0.15.3-1.mga2.src.rpm Whiteboard:
feedback =>
(none) Testing complete mga2 32 I noticed a warning in coloured text fly past though as it started up and connected. (W) gajim.c.check_X509 Import of PyOpenSSL or pyasn1 failed. Cannot correctly check SSL certificate It seems to need pyasn1 (https://bugzilla.redhat.com/show_bug.cgi?id=826737) In Help => Features it shows being not able to validate ssl certificates. Installing pyasn1 and restarting gajim cleared the warning and shows validating certificates is now possible. It connects and works fine, no regressions noticed. Whiteboard:
(none) =>
has_procedure mga2-32-ok OK, that Requires should really be added, so I added it. Thanks again Claire. pyasn1 will probably need linked because of the added requires. Advisory: ======================== Updated gajim package fixes security vulnerability: A security flaw was found in the way Gajim before 0.15.3 performed verification of invalid (broken / expired) x.509v3 SSL certificates (True as return value was returned always regardless if error during certificate validation occurred or not). A rogue XMPP server could use this flaw to conduct man-in-the-middle attack (MiTM) and trick Gajim client to accept the certificate even when it was invalid / should not be accepted (CVE-2012-5524). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5524 http://lists.fedoraproject.org/pipermail/package-announce/2013-March/101107.html ======================== Updated packages in core/updates_testing: ======================== gajim-0.15.3-1.1.mga2 from gajim-0.15.3-1.1.mga2.src.rpm Retested OK, confirmed the added require. Adding bug 2317, links required: Mageia release 2 (Official) for i586 Latest version found in "Core Release" is gajim-0.14.4-2.mga2 Latest version found in "Core Updates Testing" is gajim-0.15.3-1.1.mga2 ---------------------------------------- The following packages will require linking: pyasn1-0.0.13-1.mga2 (Core Release) ---------------------------------------- Depends on:
(none) =>
2317 Testing complete mga2 64 Validating Could sysadmin please push from core/updates_testing to core/updates and link pyasn1 from Core release to updates for bug 2317. Advisory & srpm in comment 8 Thanks! Keywords:
(none) =>
validated_update Packages linked and update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0111 Status:
NEW =>
RESOLVED |