italc bundles minilzo, which is affected by the CVE-2014-4607 issue from the LZO library. Patched packages uploaded for Mageia 3, Mageia 4, and Cauldron. Advisory: ======================== Updated italc packages fix security vulnerability: An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker (CVE-2014-4607). The italc package is built with a bundled copy of minilzo, which is a part of liblzo containing the vulnerable code. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4607 http://advisories.mageia.org/MGASA-2014-0290.html ======================== Updated packages in core/updates_testing: ======================== italc-2.0.0-2.1.mga3 italc-client-2.0.0-2.1.mga3 italc-master-2.0.0-2.1.mga3 italc-2.0.0-3.1.mga4 italc-client-2.0.0-3.1.mga4 italc-master-2.0.0-3.1.mga4 from SRPMS: italc-2.0.0-2.1.mga3.src.rpm italc-2.0.0-3.1.mga4.src.rpm Reproducible: Steps to Reproduce:
Blocks: (none) => 13943Whiteboard: (none) => MGA3TOO
How to set up italc does not seem that straight-forward, so I cc the maintainer. Could you give some testing instructions Damien?
CC: (none) => mageia
(In reply to Rémi Verschelde from comment #1) > How to set up italc does not seem that straight-forward, so I cc the > maintainer. Could you give some testing instructions Damien? During the QA meeting of 21 Aug David Walser indicated that these "4607" security updates can simply be tested by making sure that they install without errors.
CC: (none) => wilcal.int
It would be nice if the developer would create an easy to use /home/user/.italc/GlobalConfig.xml file and attach it to this Bug so that there is an easy works/don't work test can be executed on italc.
In VirtualBox, M3, KDE, 32-bit Package(s) under test: italc italc-client italc-master default install of italc italc-client italc-master [root@localhost wilcal]# urpmi italc Package italc-2.0.0-2.mga3.i586 is already installed [root@localhost wilcal]# urpmi italc-client Package italc-client-2.0.0-2.mga3.i586 is already installed [root@localhost wilcal]# urpmi italc-master Package italc-master-2.0.0-2.mga3.i586 is already installed All packages installed correctly and without error messages. iTALC desktop icon launches and asks for configuration file install package from updates_testing [root@localhost wilcal]# urpmi italc Package italc-2.0.0-2.1.mga3.i586 is already installed [root@localhost wilcal]# italc-client bash: italc-client: command not found [root@localhost wilcal]# urpmi italc-client Package italc-client-2.0.0-2.1.mga3.i586 is already installed [root@localhost wilcal]# urpmi italc-master Package italc-master-2.0.0-2.1.mga3.i586 is already installed All packages update correctly and without error messages. iTALC desktop icon launches and asks for configuration file Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver virtualbox-4.3.10-1.1.mga4.x86_64 virtualbox-guest-additions-4.3.10-1.1.mga4.x86_64
In VirtualBox, M3, KDE, 64-bit Package(s) under test: italc italc-client italc-master default install of italc italc-client italc-master [root@localhost wilcal]# urpmi italc Package italc-2.0.0-2.mga3.x86_64 is already installed [root@localhost wilcal]# urpmi italc-client Package italc-client-2.0.0-2.mga3.x86_64 is already installed [root@localhost wilcal]# urpmi italc-master Package italc-master-2.0.0-2.mga3.x86_64 is already installed All packages installed correctly and without error messages. iTALC desktop icon launches and asks for configuration file install package from updates_testing [root@localhost wilcal]# urpmi italc Package italc-2.0.0-2.1.mga3.x86_64 is already installed [root@localhost wilcal]# urpmi italc-client Package italc-client-2.0.0-2.1.mga3.x86_64 is already installed [root@localhost wilcal]# urpmi italc-client Package italc-client-2.0.0-2.1.mga3.x86_64 is already installed All packages update correctly and without error messages. iTALC desktop icon launches and asks for configuration file Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver virtualbox-4.3.10-1.1.mga4.x86_64 virtualbox-guest-additions-4.3.10-1.1.mga4.x86_64
In VirtualBox, M4, KDE, 32-bit Package(s) under test: italc italc-client italc-master default install of italc italc-client italc-master [root@localhost wilcal]# urpmi italc Package italc-2.0.0-3.mga4.i586 is already installed [root@localhost wilcal]# urpmi italc-client Package italc-client-2.0.0-3.mga4.i586 is already installed [root@localhost wilcal]# urpmi italc-master Package italc-master-2.0.0-3.mga4.i586 is already installed All packages installed correctly and without error messages. iTALC desktop icon launches and asks for configuration file install package from updates_testing [root@localhost wilcal]# urpmi italc Package italc-2.0.0-3.1.mga4.i586 is already installed [root@localhost wilcal]# urpmi italc-client Package italc-client-2.0.0-3.1.mga4.i586 is already installed [root@localhost wilcal]# urpmi italc-master Package italc-master-2.0.0-3.1.mga4.i586 is already installed All packages update correctly and without error messages. iTALC desktop icon launches and asks for configuration file Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver virtualbox-4.3.10-1.1.mga4.x86_64 virtualbox-guest-additions-4.3.10-1.1.mga4.x86_64
In VirtualBox, M4, KDE, 64-bit Package(s) under test: italc italc-client italc-master default install of italc italc-client italc-master [root@localhost wilcal]# urpmi italc Package italc-2.0.0-3.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi italc-client Package italc-client-2.0.0-3.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi italc-master Package italc-master-2.0.0-3.mga4.x86_64 is already installed All packages installed correctly and without error messages. iTALC desktop icon launches and asks for configuration file install package from updates_testing [root@localhost wilcal]# urpmi italc Package italc-2.0.0-3.1.mga4.i586 is already installed [root@localhost wilcal]# urpmi italc-client Package italc-client-2.0.0-3.1.mga4.i586 is already installed [root@localhost wilcal]# urpmi italc-master Package italc-master-2.0.0-3.1.mga4.i586 is already installed All packages update correctly and without error messages. iTALC desktop icon launches and asks for configuration file Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver virtualbox-4.3.10-1.1.mga4.x86_64 virtualbox-guest-additions-4.3.10-1.1.mga4.x86_64
For me these updates install just fine. Testing complete for mga3 32-bit & 64-bit Testing complete for mga4 32-bit & 64-bit Validating the update. Could someone from the sysadmin team push this to updates. Thanks
Keywords: (none) => validated_updateWhiteboard: MGA3TOO => MGA3TOO MGA3-32-OK MGA3-64-OK MGA4-32-OK MGA4-64-OKCC: (none) => sysadmin-bugs
Advisory 13958.adv added to svn
CC: (none) => davidwhodginsWhiteboard: MGA3TOO MGA3-32-OK MGA3-64-OK MGA4-32-OK MGA4-64-OK => MGA3TOO MGA3-32-OK MGA3-64-OK MGA4-32-OK MGA4-64-OK advisory
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2014-0359.html
Status: NEW => RESOLVEDResolution: (none) => FIXED