Bug 15259 - Update request: glibc-2.18-9.9.mga4
Summary: Update request: glibc-2.18-9.9.mga4
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 4
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL: http://lwn.net/Vulnerabilities/633832/
Whiteboard: has_procedure advisory MGA4-32-OK mga...
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2015-02-10 21:23 CET by Thomas Backlund
Modified: 2015-02-18 23:08 CET (History)
2 users (show)

See Also:
Source RPM: glibc-2.18-9.9.mga4.src.rpm
CVE:
Status comment:


Attachments

Description Thomas Backlund 2015-02-10 21:23:59 CET
Advisory:

Under certain conditions wscanf can allocate too little memory for the
to-be-scanned arguments and overflow the allocated buffer (CVE-2015-1472).

The incorrect use of "__libc_use_alloca (newsize)" caused a different
(and weaker) policy to be enforced which could allow a denial of service
attack (CVE-2015-1473).

Reference:
http://www.openwall.com/lists/oss-security/2015/02/04/1

SRPM:
glibc-2.18-9.9.mga4.src.rpm

i586:
glibc-2.18-9.9.mga4.i586.rpm
glibc-devel-2.18-9.9.mga4.i586.rpm
glibc-doc-2.18-9.9.mga4.noarch.rpm
glibc-i18ndata-2.18-9.9.mga4.i586.rpm
glibc-profile-2.18-9.9.mga4.i586.rpm
glibc-static-devel-2.18-9.9.mga4.i586.rpm
glibc-utils-2.18-9.9.mga4.i586.rpm
nscd-2.18-9.9.mga4.i586.rpm


x86_64:
glibc-2.18-9.9.mga4.x86_64.rpm
glibc-devel-2.18-9.9.mga4.x86_64.rpm
glibc-doc-2.18-9.9.mga4.noarch.rpm
glibc-i18ndata-2.18-9.9.mga4.x86_64.rpm
glibc-profile-2.18-9.9.mga4.x86_64.rpm
glibc-static-devel-2.18-9.9.mga4.x86_64.rpm
glibc-utils-2.18-9.9.mga4.x86_64.rpm
nscd-2.18-9.9.mga4.x86_64.rpm


Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2015-02-10 21:54:57 CET
Had this running on my 6 machines that I tested the kernel on since the weekend or yesterday.  No general regressions.

PoC for the security issue here:
https://sourceware.org/bugzilla/show_bug.cgi?id=16618

Compile the program in the bug report there as follows:
gcc scan.c -std=c99

Then run the program:
./a.out

Before the glibc update it gives an error output due to the free() call.  After it gives no output.

Testing complete Mageia 4 i586.

Whiteboard: (none) => has_procedure MGA4-32-OK

Comment 2 claire robinson 2015-02-13 13:29:55 CET
Performed two installations one x86_64 and one i586 with kernel, 3 x nvidia, fglrx, broadcom-wl, vbox, xtables-addons and also glibc, dbus, x11 and cups at the same time. 

Also tested PoC 64bit.

All Ok.

Whiteboard: has_procedure MGA4-32-OK => has_procedure MGA4-32-OK mga4-64-ok

Comment 3 claire robinson 2015-02-13 19:09:46 CET
Advisory uploaded.

Whiteboard: has_procedure MGA4-32-OK mga4-64-ok => has_procedure advisory MGA4-32-OK mga4-64-ok

Comment 4 Thomas Backlund 2015-02-13 19:32:30 CET
Running fine on 3 live x86_64 systems here
Comment 5 olivier charles 2015-02-14 12:11:43 CET
Testing on Mageia4x32 real hardware (intel core i3, 8 Series/C220 Series Chipset, nvidia GTX750)

glibc-2.18-9.9.mga4

with latest kernel-desktop, dbus and x11-server

OK

CC: (none) => olchal

Comment 6 claire robinson 2015-02-17 18:10:11 CET
Validating.

Please push to 4 updates

Thanks

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 7 Mageia Robot 2015-02-17 19:39:00 CET
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2015-0072.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

David Walser 2015-02-18 23:08:43 CET

URL: (none) => http://lwn.net/Vulnerabilities/633832/


Note You need to log in before you can comment on or make changes to this bug.