Fedora has issued an advisory on November 22: https://lists.fedoraproject.org/pipermail/package-announce/2014-November/144951.html Note that the CVE-2014-8768 issue doesn't affect the version in Mageia 4 because the geonet code is not present. Patched packages uploaded for Mageia 4 and Cauldron. Note to QA: there are PoC's on the RedHat bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1165160 https://bugzilla.redhat.com/show_bug.cgi?id=1165162 Advisory: ======================== Updated tcpdump packages fix security vulnerabilities: The Tcpdump program could crash when processing a malformed OLSR payload when the verbose output flag was set (CVE-2014-8767). The application decoder for the Ad hoc On-Demand Distance Vector (AODV) protocol in Tcpdump fails to perform input validation and performs unsafe out-of-bound accesses. The application will usually not crash, but perform out-of-bounds accesses and output/leak larger amounts of invalid data, which might lead to dropped packets. It is unknown if a payload exists that might trigger segfaults (CVE-2014-8769). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8767 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8769 https://lists.fedoraproject.org/pipermail/package-announce/2014-November/144951.html ======================== Updated packages in core/updates_testing: ======================== tcpdump-4.4.0-2.1.mga4 from tcpdump-4.4.0-2.1.mga4.src.rpm Reproducible: Steps to Reproduce:
URL: (none) => http://lwn.net/Vulnerabilities/623284/
Testing on Mageia4x32 real hardware With current package : -------------------- # rpm -q tcpdump tcpdump-4.4.0-2.mga4 Using PoC mentionned in Description, wrote 2 python tests : -tcpdump.py : OLSR payload -tcpdump2.py : AODV # tcpdump -i lo -s 0 -n -v # python tcpdump.py #OLSR test tcpdump crashes after writing pages in console. # dmesg (...) [ 2010.891499] tcpdump[7111]: segfault at b72cd000 ip 0804d565 sp bf9e90c0 error 4 in tcpdump[8048000+b1000 # python tcpdump2.py #AODV test tcpdump doesn't crash, in tcpdump console, writes pages filled with : {::}(0) which ends with [|rerr] dmsg didn't produce a segmentation fault. With updated testing packages : ----------------------------- # rpm -q tcpdump tcpdump-4.4.0-2.1.mga4 None of the tests produce any crash or segmentation fault. The AODV test doesn't produce lengthy pages. Testing package installs well and fixes security vulnerability.
CC: (none) => olchalWhiteboard: (none) => MGA4-32-OK
Testing on Mageia4-64 real hardware Same procedure From current package : -------------------- tcpdump-2:4.4.0-2.mga4.x86_64 which produced a segmentation fault with both PoC tcpdump tests To updated testing package : -------------------------- tcpdump-4.4.0-2.1.mga4.x86_64 which didn't crash or produce segmentation fault with same tests. OK
Whiteboard: MGA4-32-OK => MGA4-32-OK MGA4-64-OK
Validating, advisory uploaded.
Keywords: (none) => validated_updateWhiteboard: MGA4-32-OK MGA4-64-OK => MGA4-32-OK MGA4-64-OK advisoryCC: (none) => sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2014-0503.html
Status: NEW => RESOLVEDResolution: (none) => FIXED