A CVE has been requested for a security issue fixed in DBD::Firebird 1.19: http://openwall.com/lists/oss-security/2015/03/30/4 The security issue was buffer overflows from the use of sprintf. Debian has patches to fix the issues found, as well as to convert sprintf usages to safer snprintf, which were accepted upstream. Mageia 4 and Mageia 5 are affected. Reproducible: Steps to Reproduce:
CC: (none) => mageiaWhiteboard: (none) => MGA5TOO, MGA4TOO
CVE-2015-2788 has been assigned: http://openwall.com/lists/oss-security/2015/03/30/10
Summary: perl-DBD-Firebird new security issue fixed upstream in 1.19 => perl-DBD-Firebird new security issue fixed upstream in 1.19 (CVE-2015-2788)
1.19 is waiting to be submitted into cauldron. I'm not sure how to test this update. I checked that the patch was applied and the tests passed. Updated packages in core/updates_testing: ======================== perl-DBD-Firebird-1.150.0-2.1.mga4 Source RPM: perl-DBD-Firebird-1.150.0-2.1.mga4.src.rpm
1.19 submitted successfully. It would be nice if someone could help with the advisory.
Hardware: i586 => AllVersion: Cauldron => 4Assignee: jquelin => qa-bugsWhiteboard: MGA5TOO, MGA4TOO => (none)
Thanks Sander! Advisory: ======================== Updated perl-DBD-Firebird packages fix security vulnerability: The DBD::Firebird perl module before 1.19 is vulnerable to buffer overflows in dbdimp.c (CVE-2015-2788). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2788 http://openwall.com/lists/oss-security/2015/03/30/10
Debian has issued an advisory for this on April 11: https://www.debian.org/security/2015/dsa-3219 Advisory: ======================== Updated perl-DBD-Firebird packages fix security vulnerability: Stefan Roas discovered a way to cause a buffer overflow in DBD::FireBird in certain error conditions, due to the use of the sprintf() function to write to a fixed-size memory buffer (CVE-2015-2788). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2788 https://www.debian.org/security/2015/dsa-3219
URL: (none) => http://lwn.net/Vulnerabilities/640168/
I tested this update using the procedure at https://bugs.mageia.org/show_bug.cgi?id=14726#c6 followed by running this Perl script before and after the upgrade to the package from core/updates_testing: <<<< use strict; use warnings; use DBI; my $dbh = DBI->connect('dbi:Firebird:db=employee' , 'SYSDBA' ,'masterkey'); my $sth = $dbh->prepare('SELECT * FROM t'); $sth->execute(); while (my $aref = $sth->fetchrow_arrayref) { print "Got: @$aref\n"; } >>>> Everything was working fine. Tested on i586 and x86-64 VBox VMs.
CC: (none) => shlomifWhiteboard: (none) => MGA4-64-OK has_procedure MGA4-32-OK
Nice job Shlomi
Validating. Advisory uploaded. Please push to 4 updates Thanks
Keywords: (none) => validated_updateWhiteboard: MGA4-64-OK has_procedure MGA4-32-OK => MGA4-64-OK has_procedure MGA4-32-OK advisoryCC: (none) => sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0159.html
Status: NEW => RESOLVEDResolution: (none) => FIXED