OpenSuSE has issued an advisory on February 2: http://lists.opensuse.org/opensuse-updates/2015-02/msg00005.html Patched packages uploaded for Mageia 4 and Cauldron. Advisory: ======================== Updated hivex packages fix security vulnerability: lib/handle.c in Hivex before 1.3.11 allows local users to execute arbitrary code and gain privileges via a small hive files, which triggers an out-of-bounds read or write (CVE-2014-9273). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9273 http://lists.opensuse.org/opensuse-updates/2015-02/msg00005.html ======================== Updated packages in core/updates_testing: ======================== hivex-1.3.8-2.1.mga4 hivex-devel-1.3.8-2.1.mga4 ocaml-hivex-1.3.8-2.1.mga4 ocaml-hivex-devel-1.3.8-2.1.mga4 perl-hivex-1.3.8-2.1.mga4 ruby-hivex-1.3.8-2.1.mga4 from hivex-1.3.8-2.1.mga4.src.rpm Reproducible: Steps to Reproduce:
Testing complete mga4 64 Found a PoC here: https://bugzilla.redhat.com/show_bug.cgi?id=1158992#c0 $ echo -n 'reg' > small $ valgrind hivexsh -w small ==24244== Memcheck, a memory error detector ==24244== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al. ==24244== Using Valgrind-3.9.0 and LibVEX; rerun with -h for copyright info ==24244== Command: hivexsh -w small ==24244== ==24244== Invalid read of size 1 ==24244== at 0x4E31EF9: hivex_open (in /usr/lib64/libhivex.so.0.0.0) ==24244== by 0x4034C8: ??? (in /usr/bin/hivexsh) ==24244== by 0x401B27: ??? (in /usr/bin/hivexsh) ==24244== by 0x52AAC84: (below main) (in /usr/lib64/libc-2.18.so) ==24244== Address 0x5ca8ac3 is 0 bytes after a block of size 3 alloc'd ==24244== at 0x4C266ED: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==24244== by 0x4E31E94: hivex_open (in /usr/lib64/libhivex.so.0.0.0) ==24244== by 0x4034C8: ??? (in /usr/bin/hivexsh) ==24244== by 0x401B27: ??? (in /usr/bin/hivexsh) ==24244== by 0x52AAC84: (below main) (in /usr/lib64/libc-2.18.so) ==24244== hivexsh: failed to open hive file: small: Invalid argument ...etc After ----- $ valgrind hivexsh -w small ==25627== Memcheck, a memory error detector ==25627== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al. ==25627== Using Valgrind-3.9.0 and LibVEX; rerun with -h for copyright info ==25627== Command: hivexsh -w small ==25627== hivexsh: failed to open hive file: small: Invalid argument ...etc
Whiteboard: (none) => has_procedure mga4-64-ok
Mis-copy/paste. First one actually finishes with.. hivexsh: failed to open hive file: small: Operation not supported
Advisory uploaded.
Whiteboard: has_procedure mga4-64-ok => has_procedure advisory mga4-64-ok
Same results as Claire got in Comment 1 on Mageia 4 i586. Validating now. Please push to core/updates. Thanks.
Keywords: (none) => validated_updateWhiteboard: has_procedure advisory mga4-64-ok => has_procedure advisory mga4-64-ok mga4-32-okCC: (none) => sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0060.html
Status: NEW => RESOLVEDResolution: (none) => FIXED