Advisory: Updated glibc packages fixes security issues: Stephane Chazelas discovered that directory traversal issue in locale handling in glibc. glibc accepts relative paths with ".." components in the LC_* and LANG variables. Together with typical OpenSSH configurations (with suitable AcceptEnv settings in sshd_config), this could conceivably be used to bypass ForceCommand restrictions (or restricted shells), assuming the attacker has sufficient level of access to a file system location on the host to create crafted locale definitions there. (CVE-2014-0475) David Reid, Glyph Lefkowitz, and Alex Gaynor discovered a bug where posix_spawn_file_actions_addopen fails to copy the path argument ( https://sourceware.org/bugzilla/show_bug.cgi?id=17048) which can, in conjunction with many common memory management techniques from an application, lead to a use after free, or other vulnerabilities. (CVE-2014-4043) This update also fixes the following issues: x86: Disable x87 inline functions for SSE2 math (glibc bz #16510) malloc: Fix race in free() of fastbin chunk (glibc bz #15073) Mga3: SRPMS: glibc-2.17-7.3.mga3.src.rpm i586: glibc-2.17-7.3.mga3.i586.rpm glibc-devel-2.17-7.3.mga3.i586.rpm glibc-doc-2.17-7.3.mga3.noarch.rpm glibc-i18ndata-2.17-7.3.mga3.i586.rpm glibc-profile-2.17-7.3.mga3.i586.rpm glibc-static-devel-2.17-7.3.mga3.i586.rpm glibc-utils-2.17-7.3.mga3.i586.rpm nscd-2.17-7.3.mga3.i586.rpm x86_64: glibc-2.17-7.3.mga3.x86_64.rpm glibc-devel-2.17-7.3.mga3.x86_64.rpm glibc-doc-2.17-7.3.mga3.noarch.rpm glibc-i18ndata-2.17-7.3.mga3.x86_64.rpm glibc-profile-2.17-7.3.mga3.x86_64.rpm glibc-static-devel-2.17-7.3.mga3.x86_64.rpm glibc-utils-2.17-7.3.mga3.x86_64.rpm nscd-2.17-7.3.mga3.x86_64.rpm Mga4: SRPMS: glibc-2.18-9.1.mga4.src.rpm i586: glibc-2.18-9.1.mga4.i586.rpm glibc-devel-2.18-9.1.mga4.i586.rpm glibc-doc-2.18-9.1.mga4.noarch.rpm glibc-i18ndata-2.18-9.1.mga4.i586.rpm glibc-profile-2.18-9.1.mga4.i586.rpm glibc-static-devel-2.18-9.1.mga4.i586.rpm glibc-utils-2.18-9.1.mga4.i586.rpm nscd-2.18-9.1.mga4.i586.rpm x86_64: glibc-2.18-9.1.mga4.x86_64.rpm glibc-devel-2.18-9.1.mga4.x86_64.rpm glibc-doc-2.18-9.1.mga4.noarch.rpm glibc-i18ndata-2.18-9.1.mga4.x86_64.rpm glibc-profile-2.18-9.1.mga4.x86_64.rpm glibc-static-devel-2.18-9.1.mga4.x86_64.rpm glibc-utils-2.18-9.1.mga4.x86_64.rpm nscd-2.18-9.1.mga4.x86_64.rpm Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA3TOO
I did *not* try the PoC from https://sourceware.org/bugzilla/show_bug.cgi?id=17048#c0 because I don't even understand which language that program is written in, so I don't have a clue how to run it, either. Anyway, both my old 64bits and my 32bits ThinkPad laptops run fine after updating to for 64bits: glibc-2.18-9.1.mga4 glibc-devel-2.18-9.1.mga4 nscd-2.18-9.1.mga4 for 32bits: glibc-2.18-9.1.mga4
CC: (none) => marja11
64 bits desktop with KDE (the above mentioned laptops were also with KDE) after updating to glibc-2.18-9.1.mga4 glibc-devel-2.18-9.1.mga4 everything works fine (but I'm aware I didn't by far test all applications that require glibc... there is no end to them)
same 64bits desktop, Mga 3 partition with KDE: glibc-devel-2.17-7.3.mga3 glibc-2.17-7.3.mga3 I don't see anything odd
the glibc package for mga4 will be rebuilt with a fixed gcc (there is a gcc bug just found and fixed where sched2 miscompiles syscall sequence so it can cause crashes)
mga4 glibc packages rebuilt with new gcc: SRPM: glibc-2.18-9.2.mga4.src.rpm i586: glibc-2.18-9.2.mga4.i586.rpm glibc-devel-2.18-9.2.mga4.i586.rpm glibc-doc-2.18-9.2.mga4.noarch.rpm glibc-i18ndata-2.18-9.2.mga4.i586.rpm glibc-profile-2.18-9.2.mga4.i586.rpm glibc-static-devel-2.18-9.2.mga4.i586.rpm glibc-utils-2.18-9.2.mga4.i586.rpm nscd-2.18-9.2.mga4.i586.rpm x86_64: glibc-2.18-9.2.mga4.x86_64.rpm glibc-devel-2.18-9.2.mga4.x86_64.rpm glibc-doc-2.18-9.2.mga4.noarch.rpm glibc-i18ndata-2.18-9.2.mga4.x86_64.rpm glibc-profile-2.18-9.2.mga4.x86_64.rpm glibc-static-devel-2.18-9.2.mga4.x86_64.rpm glibc-utils-2.18-9.2.mga4.x86_64.rpm nscd-2.18-9.2.mga4.x86_64.rpm
Mga 64bits KDE on this system https://wiki.mageia.org/en/User:Marja/QA/Hardware#NVidia_system_from_Alternate after updating to glibc-2.18-9.2.mga4 glibc-devel-2.18-9.2.mga4 used the system for a while, with several applications and everything works fine
Summary: Update request: glibc-2.18-9.1.mga4 and glibc-2.17-7.3.mga3 => Update request: glibc-2.18-9.2.mga4 and glibc-2.17-7.3.mga3
Mga 32bits KDE on this system https://wiki.mageia.org/en/User:Marja/QA/Hardware#IBM_ThinkPad_R50e after updating to glibc-devel-2.18-9.2.mga4 glibc-2.18-9.2.mga4 used the system for a while, with several applications and everything works fine
Mga 64bits KDE on this system: https://wiki.mageia.org/en/User:Marja/QA/Hardware#Lenovo_ThinkPad_SL510 after updating to: glibc-2.18-9.2.mga4 glibc-devel-2.18-9.2.mga4 nscd-2.18-9.2.mga4 used the system for a while, with several applications, and everything tested works fine.
Tested mga4_64, Testing complete for the new glibc-2.18-9.2.mga4, Ok for me and seems to work properly. - glibc-devel-2.18-9.2.mga4.x86_64.rpm - glibc-2.18-9.2.mga4.x86_64.rpm - nscd-2.18-9.2.mga4.x86_64.rpm No regression found !!
CC: (none) => geiger.david68210Whiteboard: MGA3TOO => MGA3TOO MGA4-64-OK
Whiteboard: MGA3TOO MGA4-64-OK => MGA3TOO MGA4-64-OK MGA4-32-OK MGA3-64-OK
No regressions found on Mageia 3 i586 on my Dell Optiplex 990 at work. This can be pushed once the advisory is uploaded (and ideally at the same time as the kernel updates).
Keywords: (none) => validated_updateWhiteboard: MGA3TOO MGA4-64-OK MGA4-32-OK MGA3-64-OK => MGA3TOO MGA4-64-OK MGA4-32-OK MGA3-64-OK MGA3-32-OKCC: (none) => sysadmin-bugs
Advisory uploaded.
CC: (none) => remiWhiteboard: MGA3TOO MGA4-64-OK MGA4-32-OK MGA3-64-OK MGA3-32-OK => MGA3TOO MGA4-64-OK MGA4-32-OK MGA3-64-OK MGA3-32-OK advisory
LWN reference for CVE-2014-0475: http://lwn.net/Vulnerabilities/605175/ LWN reference for CVE-2014-4043: http://lwn.net/Vulnerabilities/607644/
Update pushed. http://advisories.mageia.org/MGASA-2014-0314.html
Status: NEW => RESOLVEDCC: (none) => mageiaResolution: (none) => FIXED