Upstream has announced version 2.0.0-b7, fixing a security issue: http://openwall.com/lists/oss-security/2014/01/28/7 Mageia 3 and Mageia 4 will both need to be updated. The URL above gives details on how to reproduce the issue, but notes that it cannot always be reliably reproduced. The default compiler flags used in Mageia may reduce the impact of this flaw. I've updated it in Cauldron and Mageia 3 SVN, and will update it in Mageia 4 SVN and build the updates after Mageia 4 is released. Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA4TOO, MGA3TOO
Updated packages uploaded for Mageia 3, Mageia 4, and Cauldron. Advisory: ======================== Updated socat package fixes security vulnerability: Due to a missing check in socat before 2.0.0-b7 during assembly of the HTTP request line, a long target server name (<hostname> in the documentation) in the PROXY-CONNECT address can cause a stack buffer overrun. Exploitation requires that the attacker is able to provide the target server name to the PROXY-CONNECT address in the command line. This can happen, for example, in scripts that receive data from untrusted sources (CVE-2014-0019). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0019 http://openwall.com/lists/oss-security/2014/01/28/7 ======================== Updated packages in core/updates_testing: ======================== socat-2.0.0-0.b7.1.mga3 socat-2.0.0-0.b7.1.mga4 from SRPMS: socat-2.0.0-0.b7.1.mga3.src.rpm socat-2.0.0-0.b7.1.mga4.src.rpm
Version: Cauldron => 4Assignee: bugsquad => qa-bugsWhiteboard: MGA4TOO, MGA3TOO => MGA3TOO
Testing procedure in https://bugs.mageia.org/show_bug.cgi?id=5986#c4 and next comments.
CC: (none) => stormiWhiteboard: MGA3TOO => MGA3TOO has_procedure
Testing complete mga3 64 with the procedure here https://bugs.mageia.org/show_bug.cgi?id=5986#c6
Whiteboard: MGA3TOO has_procedure => MGA3TOO has_procedure mga3-64-ok
Testing complete mga3 32
Whiteboard: MGA3TOO has_procedure mga3-64-ok => MGA3TOO has_procedure mga3-32-ok mga3-64-ok
Fedora has issued an advisory for this on January 30: https://lists.fedoraproject.org/pipermail/package-announce/2014-February/128190.html
URL: (none) => http://lwn.net/Vulnerabilities/585745/
Testing complete Mageia 4 i586. I reproduce the security issue using the procedure linked in comment 0, thus I can confirm Mageia 4's package is vulnerable. The second command leads to a buffer overflow error. After applying the update, the result is: [akien@localhost ~]$ socat - PROXY-CONNECT:localhost:$(perl -e "print 'A' x 384"):1,proxyport=8080 2014/02/14 22:24:03 socat[6310.3073042176] E _xioopen_proxy_connect(): PROXY CONNECT buffer too small I suppose this means the update correctly fixes the issue, since the new error is not a buffer overflow. Tested for regression using the procedure linked in comment 2.
CC: (none) => remiWhiteboard: MGA3TOO has_procedure mga3-32-ok mga3-64-ok => MGA3TOO has_procedure mga3-32-ok mga3-64-ok mga4-32-ok
Testing complete Mageia 4 x86_64. -- Validating update, advisory uploaded. Please push to 3 & 4 core/updates.
Keywords: (none) => validated_updateWhiteboard: MGA3TOO has_procedure mga3-32-ok mga3-64-ok mga4-32-ok => MGA3TOO has_procedure mga3-32-ok mga3-64-ok mga4-32-ok mga4-64-ok advisoryCC: (none) => sysadmin-bugs
Update pushed: http://advisories.mageia.org/MGASA-2014-0070.html
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED