Bug 15137 - polarssl new security issue CVE-2015-1182
Summary: polarssl new security issue CVE-2015-1182
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 4
Hardware: i586 Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL: http://lwn.net/Vulnerabilities/630698/
Whiteboard: has_procedure advisory mga4-32-ok MGA...
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2015-01-26 20:25 CET by David Walser
Modified: 2015-02-09 22:44 CET (History)
3 users (show)

See Also:
Source RPM: polarssl-1.3.9-1.mga5.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2015-01-26 20:25:11 CET
Upstream has issued an advisory on January 19:
https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-04

Debian has issued an advisory for this on January 24:
https://www.debian.org/security/2015/dsa-3136

The upstream advisory contains a patch for the issue.  There is no new upstream release with the fix yet.

Mageia 4 is also affected.

Reproducible: 

Steps to Reproduce:
David Walser 2015-01-26 20:25:26 CET

Whiteboard: (none) => MGA4TOO

Comment 1 David Walser 2015-02-04 16:03:50 CET
Patched packages uploaded for Mageia 4 and Cauldron.

Testing procedure:
https://bugs.mageia.org/show_bug.cgi?id=11459#c7

Advisory:
========================

Updated polarssl packages fix security vulnerability:

A vulnerability was discovered in PolarSSL in its certificate parser. A remote
attacker could exploit this flaw using specially crafted certificates to mount
a denial of service against an application linked against the library
(application crash), or potentially, to execute arbitrary code
(CVE-2015-1182).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1182
https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-04
https://www.debian.org/security/2015/dsa-3136
========================

Updated packages in core/updates_testing:
========================
polarssl-1.3.9-1.1.mga4
libpolarssl7-1.3.9-1.1.mga4
libpolarssl-devel-1.3.9-1.1.mga4

from polarssl-1.3.9-1.1.mga4.src.rpm

Version: Cauldron => 4
CC: (none) => oe
Assignee: oe => qa-bugs
Whiteboard: MGA4TOO => has_procedure

Comment 2 olivier charles 2015-02-04 21:09:38 CET
Testing on Mageia4x64 real hardware following procedure mentioned in comment 1
and pdns configuration found here : https://bugs.mageia.org/show_bug.cgi?id=13764#c9
Could not find any PoC

From current packages :
---------------------
- lib64polarssl7-1.3.9-1.mga4.x86_64
- polarssl-1.3.9-1.mga4.x86_64

$ polarssl-selftest
(...)
[ All tests passed ]

# nano /etc/powerdns/pdns.conf

allow-recursion=127.0.0.1
local-address=0.0.0.0
local-port=2000
recursor=8.8.8.8

# service pdns start

# dig www.example.com A @127.0.0.1 -p 2000

; <<>> DiG 9.9.6-P1 <<>> www.example.com A @127.0.0.1 -p 2000
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1145
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.example.com.		IN	A

;; ANSWER SECTION:
www.example.com.	4143	IN	A	93.184.216.34

;; Query time: 42 msec
;; SERVER: 127.0.0.1#2000(127.0.0.1)
;; WHEN: mer. févr. 04 20:56:53 CET 2015
;; MSG SIZE  rcvd: 60

# service pdns stop

To updated testing packages :
---------------------------

- lib64polarssl7-1.3.9-1.1.mga4.x86_64
- polarssl-1.3.9-1.1.mga4.x86_64

$ polarssl-selftest
(...)
[ All tests passed ]

# service pdns start

# dig www.example.com A @127.0.0.1 -p 2000

; <<>> DiG 9.9.6-P1 <<>> www.example.com A @127.0.0.1 -p 2000
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41265
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.example.com.		IN	A

;; ANSWER SECTION:
www.example.com.	6083	IN	A	93.184.216.34

;; Query time: 43 msec
;; SERVER: 127.0.0.1#2000(127.0.0.1)
;; WHEN: mer. févr. 04 21:01:36 CET 2015
;; MSG SIZE  rcvd: 60

All OK

Whiteboard: has_procedure => has_procedure MGA4-64-OK
CC: (none) => olchal

Comment 3 claire robinson 2015-02-09 17:06:20 CET
Testing complete mga4 32

Whiteboard: has_procedure MGA4-64-OK => has_procedure mga4-32-ok MGA4-64-OK

Comment 4 claire robinson 2015-02-09 18:40:01 CET
Validating. Advisory uploaded.

Please push to 4 updates

Thanks

Keywords: (none) => validated_update
Whiteboard: has_procedure mga4-32-ok MGA4-64-OK => has_procedure advisory mga4-32-ok MGA4-64-OK
CC: (none) => sysadmin-bugs

Comment 5 Mageia Robot 2015-02-09 22:44:48 CET
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2015-0055.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.