A CVE has been assigned for a security issue fixed upstream in libmms: http://openwall.com/lists/oss-security/2014/04/18/14 The issue was fixed in 0.6.4, and the commit to fix it is linked in the message above. Mageia 3 and Mageia 4 are also affected. Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA4TOO, MGA3TOO
Updated package uploaded for Cauldron. Patched packages uploaded for Mageia 3 and Mageia 4. Advisory: ======================== Updated libmms packages fix security vulnerability: The libmms library before 0.6.4 is vulnerable to a buffer overflow in get_answer() in src/mmsh.c. It may be triggered via an overly long line of a MMSH (MMS over HTTP) server response, effectively overflowing the buffer which has a static size (CVE-2014-2892). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2892 http://openwall.com/lists/oss-security/2014/04/18/14 ======================== Updated packages in core/updates_testing: ======================== libmms0-0.6.2-3.1.mga3 libmms-devel-0.6.2-3.1.mga3 libmms0-0.6.2-4.1.mga4 libmms-devel-0.6.2-4.1.mga4 from SRPMS: libmms-0.6.2-3.1.mga3.src.rpm libmms-0.6.2-4.1.mga4.src.rpm
Version: Cauldron => 4Assignee: bugsquad => qa-bugsWhiteboard: MGA4TOO, MGA3TOO => MGA3TOO
Here is the procedure / has_procedure I used (tested OK on mga4-64-OK ): 1. Install lib64mms0 from the updates. 2. Install gst123 , gstreamer1.0-mms , and gstreamer1.0-plugins-ugly. 3. From the command line run: gst123 'mms://media.internet.fo/uf16' 4. Make sure it plays fine. 5. I checked that libmms is used by it using «cat /proc/`pgrep gst123/maps» . Best regards, -- Shlomi Fish
CC: (none) => shlomifWhiteboard: MGA3TOO => MGA3TOO MGA4-64-OK has_procedure
Tested fine on MGA4-32-OK .
Whiteboard: MGA3TOO MGA4-64-OK has_procedure => MGA3TOO MGA4-64-OK MGA4-32-OK has_procedure
Tested fine on MGA3-64-OK . I should note that on MGA3 gst123 uses gstreamer0.10 so the command should be : urpmi gst123 gstreamer0.10-mms gstreamer0.10-plugins-ugly
Whiteboard: MGA3TOO MGA4-64-OK MGA4-32-OK has_procedure => MGA3TOO MGA4-64-OK MGA4-32-OK MGA3-64-OK has_procedure
Tested fine on MGA3-32-OK .
Whiteboard: MGA3TOO MGA4-64-OK MGA4-32-OK MGA3-64-OK has_procedure => MGA3TOO MGA4-64-OK MGA4-32-OK MGA3-64-OK MGA3-32-OK has_procedure
Nice procedure Shlomi, thanks, the cat command is missing a ` though, checked with this.. # cat /proc/`pgrep gst123`/maps or # cat /proc/$(pgrep gst123)/maps | grep mms
Whiteboard: MGA3TOO MGA4-64-OK MGA4-32-OK MGA3-64-OK MGA3-32-OK has_procedure => MGA3TOO has_procedure MGA4-64-OK MGA4-32-OK MGA3-64-OK MGA3-32-OK has_procedure
Validating. Advisory uploaded. Could sysadmin please push to 3 & 4 updates Thanks
Keywords: (none) => validated_updateWhiteboard: MGA3TOO has_procedure MGA4-64-OK MGA4-32-OK MGA3-64-OK MGA3-32-OK has_procedure => MGA3TOO has_procedure advisory MGA4-64-OK MGA4-32-OK MGA3-64-OK MGA3-32-OK has_procedureCC: (none) => sysadmin-bugs
CC: (none) => remiWhiteboard: MGA3TOO has_procedure advisory MGA4-64-OK MGA4-32-OK MGA3-64-OK MGA3-32-OK has_procedure => MGA3TOO has_procedure advisory MGA4-64-OK MGA4-32-OK MGA3-64-OK MGA3-32-OK
Update pushed: http://advisories.mageia.org/MGASA-2014-0190.html
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED
URL: (none) => http://lwn.net/Vulnerabilities/595998/