Bug 9952

Summary:	Update request: glibc-2.14.1-10.mga2
Product:	Mageia	Reporter:	Thomas Backlund <tmb>
Component:	Security	Assignee:	QA Team <qa-bugs>
Status:	RESOLVED FIXED	QA Contact:	Sec team <security>
Severity:	normal
Priority:	Normal	CC:	luigiwalser, sysadmin-bugs
Version:	2	Keywords:	validated_update
Target Milestone:	---
Hardware:	All
OS:	Linux
Whiteboard:	has_procedure mga2-32-ok mga2-64-ok
Source RPM:	glibc-2.14.1-10.mga2.src.rpm	CVE:
Status comment:

Description Thomas Backlund 2013-05-02 22:59:14 CEST

Fixes:
- fix stack (frame) overflow in getaddrinfo() when processing entry mapping
  to long list of address structures (CVE-2013-1914)
- fix buffer overrun (DoS) in regexp matcher by processing multibyte
  characters (CVE-2013-0242)
- fix and re-enable P43: sha256-crypt and sha512-crypt support (#7793)


SRPMS:
glibc-2.14.1-10.mga2.src.rpm

i586:
glibc-2.14.1-10.mga2.i586.rpm
glibc-devel-2.14.1-10.mga2.i586.rpm
glibc-doc-2.14.1-10.mga2.noarch.rpm
glibc-doc-pdf-2.14.1-10.mga2.noarch.rpm
glibc-i18ndata-2.14.1-10.mga2.i586.rpm
glibc-profile-2.14.1-10.mga2.i586.rpm
glibc-static-devel-2.14.1-10.mga2.i586.rpm
glibc-utils-2.14.1-10.mga2.i586.rpm
nscd-2.14.1-10.mga2.i586.rpm

x86_64:
glibc-2.14.1-10.mga2.x86_64.rpm
glibc-devel-2.14.1-10.mga2.x86_64.rpm
glibc-doc-2.14.1-10.mga2.noarch.rpm
glibc-doc-pdf-2.14.1-10.mga2.noarch.rpm
glibc-i18ndata-2.14.1-10.mga2.x86_64.rpm
glibc-profile-2.14.1-10.mga2.x86_64.rpm
glibc-static-devel-2.14.1-10.mga2.x86_64.rpm
glibc-utils-2.14.1-10.mga2.x86_64.rpm
nscd-2.14.1-10.mga2.x86_64.rpm


Reproducible: 

Steps to Reproduce:

Comment 1 claire robinson 2013-05-03 16:17:16 CEST

Testing i586

Before
------
CVE-2013-1914
The PoC is IPv6 http://www.openwall.com/lists/oss-security/2013/04/03/2

This works IPv4:
# cp /etc/hosts /etc/hosts.bak
# for i in `seq 1 254`; do for n in `seq 1 254`; do echo "192.168.$i.$n a1" >>/etc/hosts; done; done
# ulimit -s 1024
# telnet a1
Segmentation fault
# cp /etc/hosts.bak /etc/hosts

CVE-2013-0242
PoC: http://sourceware.org/bugzilla/show_bug.cgi?id=15078#c0

$ echo áá»á½ááºá¯ááºx | grep '[^x]x'
*** glibc detected *** grep: malloc(): memory corruption: 0x09aa27b8 ***
^C
$ echo áá»á½ááºá¯ááº | sed 's/[^x]x//'
*** glibc detected *** sed: malloc(): memory corruption: 0x087d2388 ***
^C

Bug 7793 to add sha-256/512 support again
$ ruby -e 'puts "my-secret".crypt("$5$rounds=10000$sHpTPaXHPpFF8agG")'
*0
$ python -c 'from crypt import crypt; print(crypt("my-secret", "$5$rounds=10000$sHpTPaXHPpFF8agG"))'
*0
$ ruby -e 'puts "my-secret".crypt("$6$rounds=10000$sHpTPaXHPpFF8agG")'
*0
$ python -c 'from crypt import crypt; print(crypt("my-secret", "$6$rounds=10000$sHpTPaXHPpFF8agG"))'
*0

I'll test again after the reboot.

Comment 2 claire robinson 2013-05-03 17:03:20 CEST

Testing complete i586

After
-----
CVE-2013-1914
lots of 'No route to host' and segfault cured.

CVE-2013-0242
$ echo áá»á½ááºá¯ááºx | grep '[^x]x'
áá»á½ááºá¯ááºx
$ echo áá»á½ááºá¯ááº | sed 's/[^x]x//'
áá»á½ááºá¯ááº

Bug 7793
$ ruby -e 'puts "my-secret".crypt("$5$rounds=10000$sHpTPaXHPpFF8agG")'
$5$rounds=10000$sHpTPaXHPpFF8agG$IrVp.2mghjnCxFjXofJOCHDjzVywrvp8VXC.41wngvD

$ python -c 'from crypt import crypt; print(crypt("my-secret", "$5$rounds=10000$sHpTPaXHPpFF8agG"))'
$5$rounds=10000$sHpTPaXHPpFF8agG$IrVp.2mghjnCxFjXofJOCHDjzVywrvp8VXC.41wngvD

$ ruby -e 'puts "my-secret".crypt("$6$rounds=10000$sHpTPaXHPpFF8agG")'
$6$rounds=10000$sHpTPaXHPpFF8agG$7LCyF.mfj96JeySXYze1Ut8z.TZYOzg5HrCzJC7jYe69L.nM89eg2bp.WYkW8aed2xwuL/zeaOhqev2MA1GhI0

$ python -c 'from crypt import crypt; print(crypt("my-secret", "$6$rounds=10000$sHpTPaXHPpFF8agG"))'
$6$rounds=10000$sHpTPaXHPpFF8agG$7LCyF.mfj96JeySXYze1Ut8z.TZYOzg5HrCzJC7jYe69L.nM89eg2bp.WYkW8aed2xwuL/zeaOhqev2MA1GhI0

Whiteboard: (none) => has_procedure mga2-32-ok

Comment 3 claire robinson 2013-05-07 15:02:14 CEST

Testing complete mga2 64

Validating

Could sysadmin please push from core/updates_testing to core/updates

Thanks!

Keywords: (none) => validated_update
Whiteboard: has_procedure mga2-32-ok => has_procedure mga2-32-ok mga2-64-ok
CC: (none) => sysadmin-bugs

Comment 4 David Walser 2013-05-07 19:28:57 CEST

Mandriva has issued an advisory for this today (May 7):
http://www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2013:163/

CC: (none) => luigiwalser

Comment 5 Thomas Backlund 2013-05-09 12:39:40 CEST

Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0141

Status: NEW => RESOLVED
Resolution: (none) => FIXED