CVEs have been requested and allocated for two security issues fixed in 0.9.32: http://openwall.com/lists/oss-security/2013/12/09/9 http://openwall.com/lists/oss-security/2013/12/09/11 We have 0.9.30 in Cauldron. Here's the release details for 0.9.31 and 0.9.32: http://freecode.com/projects/libmicrohttpd/releases/358638 http://freecode.com/projects/libmicrohttpd/releases/359716 Reproducible: Steps to Reproduce:
CC: (none) => fundawangWhiteboard: (none) => MGA3TOO
Blocks: (none) => 11726
Release details for 0.9.33, a bugfix release: http://freecode.com/projects/libmicrohttpd/releases/360107
libmicrohttpd-0.9.33-1.mga4 uploaded for Cauldron.
Version: Cauldron => 3Blocks: 11726 => (none)Whiteboard: MGA3TOO => (none)
Fedora has issued an advisory for this on January 16: https://lists.fedoraproject.org/pipermail/package-announce/2014-January/127159.html Updated package uploaded for Mageia 3. Advisory: ======================== Updated libmicrohttpd packages fix security vulnerabilities: The MHD_http_unescape function in libmicrohttpd before 0.9.32 might allow remote attackers to obtain sensitive information or cause a denial of service (crash) via unspecified vectors that trigger an out-of-bounds read (CVE-2013-7038). Stack-based buffer overflow in the MHD_digest_auth_check function in libmicrohttpd before 0.9.32, when MHD_OPTION_CONNECTION_MEMORY_LIMIT is set to a large value, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long URI in an authentication header (CVE-2013-7039). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7038 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7039 http://secunia.com/advisories/55903/ https://lists.fedoraproject.org/pipermail/package-announce/2014-January/127159.html ======================== Updated packages in core/updates_testing: ======================== libmicrohttpd10-0.9.33-1.mga3 libmicrospdy0-0.9.33-1.mga3 microspdy2http-0.9.33-1.mga3 libmicrohttpd-devel-0.9.33-1.mga3 from libmicrohttpd-0.9.33-1.mga3.src.rpm
Assignee: bugsquad => qa-bugsSeverity: normal => critical
URL: (none) => http://lwn.net/Vulnerabilities/582193/
Just testing that the server starts, using info from http://dev.online6.eu/spdytor/ microspdy2http -v -p 9980 -l 192.168.10.2 -rDt4 -T 120 1082 num curls 0 1089 SPDY timeout 0; 0 1099 curl timeout -1 <snip> Killed with ctrl+c. Note that 192.168.10.2 is the ip address of the machine I'm testing on.
CC: (none) => davidwhodginsWhiteboard: (none) => MGA3-64-OK has_procedure
Testing complete on Mageia 3 i586, and advisory uploaded to svn. Someone from the sysadmin team please pust 11936.adv to updates.
Keywords: (none) => validated_updateWhiteboard: MGA3-64-OK has_procedure => MGA3-64-OK has_procedure feedback MGA3-32-OK advisoryCC: (none) => sysadmin-bugs
Update pushed: http://advisories.mageia.org/MGASA-2014-0030.html
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED
LWN reference for CVE-2013-7038: http://lwn.net/Vulnerabilities/583670/