Fedora has issued an advisory on May 29: https://lists.fedoraproject.org/pipermail/package-announce/2014-June/134114.html Patched package uploaded for Cauldron. Patch checked into Mageia 3 and Mageia 4 SVN. I don't plan to push an update just for this, unless someone feels otherwise. It sounds like a low severity issue that's extremely unlikely to ever be triggered. Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA3TOO
Fedora has issued an advisory on June 19: https://lists.fedoraproject.org/pipermail/package-announce/2014-July/135686.html In addition to the minor security issue (insecure use of /tmp in a function that isn't called by anything but is linked in and should have only been available in debug mode), it fixes an issue with slowness when pasting text, for which there is a PoC here: https://bugzilla.redhat.com/show_bug.cgi?id=1109946 I've added the upstream patches for those, as well as one more for an infinite loop in vi editing mode. See the Bug Description here: ftp://ftp.gnu.org/gnu/readline/readline-6.2-patches/readline62-004 Patched packages uploaded for Mageia 3 and Mageia 4. Advisory: ======================== Updated readline packages fix security vulnerability: Steve Kemp discovered the _rl_tropen() function in readline insecurely handled a temporary file. This could allow a local attacker to perform symbolic link attacks (CVE-2014-2524). Also, upstream patches have been added to fix an infinite loop in vi input mode, and to fix an issue with slowness when pasting text. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2524 https://lists.fedoraproject.org/pipermail/package-announce/2014-July/135686.html ======================== Updated packages in core/updates_testing: ======================== libreadline6-6.2-7.1.mga3 readline-doc-6.2-7.1.mga3 libreadline-devel-6.2-7.1.mga3 libreadline6-6.2-9.1.mga4 readline-doc-6.2-9.1.mga4 libreadline-devel-6.2-9.1.mga4 from SRPMS: readline-6.2-7.1.mga3.src.rpm readline-6.2-9.1.mga4.src.rpm
Assignee: bugsquad => qa-bugs
Testing MGA4 64-bit real h/w. Already installed: lib64readline6-6.2-9.mga4 To compile one of the tests, needed to add: lib64readline-devel-6.2-9.mga4 There are 3 corrections in this update: 1. the _rl_tropen() function in readline insecurely handled a temporary file. 2. Attempting to redo (using `.') the vi editing mode `cc', `dd', or `yy' commands leads to an infinite loop. Ref:- ftp://ftp.gnu.org/gnu/readline/readline-6.2-patches/readline62-004 3. When a program uses rl_event_hook to install a callback called by readline, the processing is very slow. It is best viewed by pasting a text as an input. The characters appears one by one, very slowly. Ref:- https://bugzilla.redhat.com/show_bug.cgi?id=1109946 This last includes a test program with all its shell commands; it only needs copying/pasting command by command, very easy & quick. 1. Unable to test. 2. To get bash into vi mode, type: $ set -o vi This leaves you in vi *input* mode. ESC puts you into command mode until the next vi input command. This URL:- http://www.catonmat.net/blog/bash-vi-editing-mode-cheat-sheet/ provides a few simple exercises to get the idea. HOWEVER I could *not* get the loop described, finding no reference anywhere to '.' as re-do, nor getting it to do anything. Do not know how to drive this test. 3. The test described does indeed display the string visibly slowly. Updated to lib64readline6-6.2-9.1.mga4 & lib64readline-devel-6.2-9.1.mga4 Test 3 now does indeed output the string fast. Pity about test 2, but am OK-ing this anyway. Better if someone can crack how to drive test 2; it should be easy & definite.
CC: (none) => lewyssmithWhiteboard: MGA3TOO => MGA3TOO MGA4-64-OK
Lewis detailed a testing procedure in comment 2.
CC: (none) => remiWhiteboard: MGA3TOO MGA4-64-OK => MGA3TOO has_procedure MGA4-64-OK
Validating this. See the discussion in the QA meeting: http://meetbot.mageia.org/mageia-qa/2014/mageia-qa.2014-07-31-19.02.log.html#l-30 The advisory still needs to be uploaded. Please push this to core/updates for Mageia 3 and Mageia 4.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Advisory uploaded.
Whiteboard: MGA3TOO has_procedure MGA4-64-OK => MGA3TOO has_procedure MGA4-64-OK advisory
Testing complete on Mageia 4 i586, I could reproduce the bug described in comment 2 as (3.), and the update candidate fixes it. Normal usage of the terminal is functional.
Whiteboard: MGA3TOO has_procedure MGA4-64-OK advisory => MGA3TOO has_procedure MGA4-32-OK MGA4-64-OK advisory
Made sure it installs in Mageia 3 32bit.
Whiteboard: MGA3TOO has_procedure MGA4-32-OK MGA4-64-OK advisory => MGA3TOO has_procedure MGA3-32-OK MGA4-32-OK MGA4-64-OK advisory
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2014-0319.html
Status: NEW => RESOLVEDResolution: (none) => FIXED