Ubuntu has issued an advisory on January 14: http://www.ubuntu.com/usn/usn-2473-1/ More details in this thread: http://openwall.com/lists/oss-security/2014/11/25/1 Patched package uploaded for Mageia 4. Advisory: ======================== Updated coreutils packages fix security vulnerability: Bertrand Jacquin and Fiedler Roman discovered date and touch incorrectly handled user-supplied input. An attacker could possibly use this to cause a denial of service or potentially execute code (CVE-2014-9471). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9471 http://www.ubuntu.com/usn/usn-2473-1/ ======================== Updated packages in core/updates_testing: ======================== coreutils-8.21-6.1.mga4 coreutils-doc-8.21-6.1.mga4 from coreutils-8.21-6.1.mga4.src.rpm Reproducible: Steps to Reproduce:
Testing complete Mageia 4 i586. Before the update: $ touch '--date=TZ="123"345" @1' Segmentation fault $ date '--date=TZ="123"345" @1' *** Error in `date': free(): invalid pointer: 0xbfc11414 *** ======= Backtrace: ========= /lib/i686/libc.so.6(+0x6bb13)[0xb7615b13] /lib/i686/libc.so.6(+0x73414)[0xb761d414] date[0x804e227] date[0x8049ba0] /lib/i686/libc.so.6(__libc_start_main+0xf3)[0xb75c3b33] date[0x8049bd0] ======= Memory map: ======== 08048000-08056000 r-xp 00000000 08:08 136391 /usr/bin/date 08057000-08058000 r--p 0000e000 08:08 136391 /usr/bin/date 08058000-08059000 rw-p 0000f000 08:08 136391 /usr/bin/date 0822e000-0824f000 rw-p 00000000 00:00 0 [heap] b7207000-b7222000 r-xp 00000000 08:08 137672 /usr/lib/libgcc_s-4.8.2.so.1 b7222000-b7223000 r--p 0001a000 08:08 137672 /usr/lib/libgcc_s-4.8.2.so.1 b7223000-b7224000 rw-p 0001b000 08:08 137672 /usr/lib/libgcc_s-4.8.2.so.1 b723a000-b73a9000 r--p 00497000 08:08 276082 /usr/share/locale/locale-archive b73a9000-b75a9000 r--p 00000000 08:08 276082 /usr/share/locale/locale-archive b75a9000-b75aa000 rw-p 00000000 00:00 0 b75aa000-b775c000 r-xp 00000000 08:08 133965 /usr/lib/i686/libc-2.18.so b775c000-b775e000 r--p 001b2000 08:08 133965 /usr/lib/i686/libc-2.18.so b775e000-b775f000 rw-p 001b4000 08:08 133965 /usr/lib/i686/libc-2.18.so b775f000-b7762000 rw-p 00000000 00:00 0 b7776000-b7777000 rw-p 00000000 00:00 0 b7777000-b7778000 r--p 00a4b000 08:08 276082 /usr/share/locale/locale-archive b7778000-b7779000 rw-p 00000000 00:00 0 b7779000-b777a000 r-xp 00000000 00:00 0 [vdso] b777a000-b7798000 r-xp 00000000 08:08 137241 /usr/lib/ld-2.18.so b7798000-b7799000 r--p 0001d000 08:08 137241 /usr/lib/ld-2.18.so b7799000-b779a000 rw-p 0001e000 08:08 137241 /usr/lib/ld-2.18.so bfbf1000-bfc13000 rw-p 00000000 00:00 0 [stack] Aborted After the update: $ touch '--date=TZ="123"345" @1' touch: invalid date format âTZ="123"345" @1â $ date '--date=TZ="123"345" @1' date: invalid date âTZ="123"345" @1â
Whiteboard: (none) => has_procedure MGA4-32-OK
Testing on Mageia 4x64 real hardware From current package : -------------------- coreutils-8.21-6.mga4 $ touch '--date=TZ="123"345" @1' *** Error in `touch': free(): invalid pointer: 0x00007fff3e2e4650 *** ======= Backtrace: ========= /lib64/libc.so.6(+0x72fff)[0x7f48603d8fff] (...) 7fff3e395000-7fff3e397000 r-xp 00000000 00:00 0 [vdso] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] Abandon $ date '--date=TZ="123"345" @1' gave same output To updated testing package : -------------------------- coreutils-8.21-6.1.mga4 $ touch '--date=TZ="123"345" @1' touch: format de date « TZ="123"345" @1 » incorrect $ date '--date=TZ="123"345" @1' date: date incorrecte « TZ="123"345" @1 » Used a dozen coreutils commands, found no regression.
CC: (none) => olchalWhiteboard: has_procedure MGA4-32-OK => has_procedure MGA4-32-OK MGA4-64-OK
Validating. Advisory uploaded. Please push to 4 updates Thanks
Keywords: (none) => validated_updateWhiteboard: has_procedure MGA4-32-OK MGA4-64-OK => has_procedure advisory MGA4-32-OK MGA4-64-OKCC: (none) => sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0029.html
Status: NEW => RESOLVEDResolution: (none) => FIXED