Bug 15544 - quassel new DoS security issue (CVE-2015-277[89])
Summary: quassel new DoS security issue (CVE-2015-277[89])
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 4
Hardware: i586 Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL: http://lwn.net/Vulnerabilities/639579/
Whiteboard: advisory MGA4-32-OK MGA4-64-OK
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2015-03-20 19:09 CET by David Walser
Modified: 2015-04-15 11:02 CEST (History)
2 users (show)

See Also:
Source RPM: quassel-0.10.1-3.mga5.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2015-03-20 19:09:11 CET
A CVE has been requested for a security issue fixed upstream in quassel:
http://openwall.com/lists/oss-security/2015/03/20/12

The commit linked in the message above applies cleanly to 0.10.1 in Cauldron, but doesn't quite in 0.9.2 in Mageia 4.  I'll probably update Mageia 4 to 0.10.1.

Waiting for the CVE before I commit fixes.

Reproducible: 

Steps to Reproduce:
David Walser 2015-03-20 19:09:18 CET

Whiteboard: (none) => MGA5TOO, MGA4TOO

Comment 1 David Walser 2015-03-26 19:50:53 CET
While the patch applies to 0.10.1, it doesn't build with it.  To fix this, we'll need to update to 0.11.0 and patch it, or update to the upcoming 0.12.0 release once it becomes available.
Comment 2 David Walser 2015-03-30 12:34:26 CEST
CVE-2015-2778 and CVE-2015-2779 have been assigned:
http://www.openwall.com/lists/oss-security/2015/03/28/3

Summary: quassel new DoS security issue => quassel new DoS security issue (CVE-2015-277[89])

Comment 3 David Walser 2015-04-08 21:02:00 CEST
OpenSuSE has issued an advisory for this today (April 8):
http://lists.opensuse.org/opensuse-updates/2015-04/msg00018.html

I rediffed their patch for OpenSuSE 13.2 (quassel 0.10.0) for our quassel 0.10.1 in Cauldron and got it to build locally.  Their patch for OpenSuSE 13.1 (quassel 0.9.2) applies fine in Mageia 4 (also quassel 0.9.2).

Patches checked into Mageia 4 and Cauldron SVN.  Freeze push requested for Cauldron.

URL: (none) => http://lwn.net/Vulnerabilities/639579/

Comment 4 David Walser 2015-04-08 21:15:58 CEST
Patched packages uploaded for Mageia 4 and Cauldron.

Advisory:
========================

Updated quassel packages fix security vulnerabilities:

Quassel could crash when receiving an overlength CTCP query containing only
multibyte characters (CVE-2015-2778).

Quassel could incorrectly split a message in the middle of a multibyte
character, leading to a denial of service (CVE-2015-2779).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2778
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2779
http://lists.opensuse.org/opensuse-updates/2015-04/msg00018.html
========================

Updated packages in core/updates_testing:
========================
quassel-0.9.2-1.2.mga4
quassel-common-0.9.2-1.2.mga4
quassel-client-0.9.2-1.2.mga4
quassel-core-0.9.2-1.2.mga4

from quassel-0.9.2-1.2.mga4.src.rpm

Version: Cauldron => 4
Assignee: bugsquad => qa-bugs
Whiteboard: MGA5TOO, MGA4TOO => (none)

Comment 5 olivier charles 2015-04-11 02:47:20 CEST
Testing on Mageia4x64 real hardware

From current packages :
---------------------
quassel-0.9.2-1.1.mga4


To updated testing packages :
---------------------------
quassel-0.9.2-1.2.mga4
quassel-core-0.9.2-1.2.mga4
quassel-client-0.9.2-1.2.mga4
quassel-common-0.9.2-1.2.mga4

OK, no problems found

CC: (none) => olchal
Whiteboard: (none) => MGA4-64-OK

Comment 6 David Walser 2015-04-11 03:43:18 CEST
Working fine here too, Mageia 4 i586.

Whiteboard: MGA4-64-OK => MGA4-32-OK MGA4-64-OK

Comment 7 claire robinson 2015-04-11 15:07:50 CEST
Validating. Advisory uploaded.

Please push to 4 updates

Thanks

Keywords: (none) => validated_update
Whiteboard: MGA4-32-OK MGA4-64-OK => advisory MGA4-32-OK MGA4-64-OK
CC: (none) => sysadmin-bugs

Comment 8 Mageia Robot 2015-04-15 11:02:20 CEST
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2015-0147.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.