Bug 15804 - libtasn1 new security issue fixed upstream in 4.5 (CVE-2015-3622)
Summary: libtasn1 new security issue fixed upstream in 4.5 (CVE-2015-3622)
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 4
Hardware: i586 Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL: http://lwn.net/Vulnerabilities/643577/
Whiteboard: has_procedure advisory MGA4-32-OK mga...
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2015-04-30 18:41 CEST by David Walser
Modified: 2015-05-07 16:36 CEST (History)
1 user (show)

See Also:
Source RPM: libtasn1-4.2-3.mga5.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2015-04-30 18:41:46 CEST
A CVE was requested (though it could have been more explicit) for a heap overflow issue fixed in libtasn1:
http://openwall.com/lists/oss-security/2015/04/30/3

Mageia 4 and Mageia 5 are affected.

Reproducible: 

Steps to Reproduce:
David Walser 2015-04-30 18:41:58 CEST

Whiteboard: (none) => MGA5TOO, MGA4TOO

Comment 1 David Walser 2015-04-30 20:13:35 CEST
CVE-2015-3622 has been assigned:
http://openwall.com/lists/oss-security/2015/04/30/6

Patches added in Mageia 4 and Cauldron SVN.  Freeze push requested.

Summary: libtasn1 new security issue fixed upstream in 4.5 => libtasn1 new security issue fixed upstream in 4.5 (CVE-2015-3622)

Comment 2 David Walser 2015-04-30 23:38:08 CEST
Patched packages uploaded for Mageia 4 and Cauldron.

Note that there's a PoC linked from the post linked in Comment 0.

General Testing procedure:
https://bugs.mageia.org/show_bug.cgi?id=5128#c10

Advisory:
========================

Updated libtasn1 packages fix security vulnerability:

A malformed certificate input could cause a heap overflow read in the DER
decoding functions of Libtasn1. The heap overflow happens in the function
_asn1_extract_der_octet() (CVE-2015-3622).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3622
https://blog.fuzzing-project.org/9-Heap-overflow-invalid-read-in-Libtasn1-TFPA-0052015.html
http://openwall.com/lists/oss-security/2015/04/30/6
========================

Updated packages in core/updates_testing:
========================
libtasn1_6-3.6-1.2.mga4
libtasn1-tools-3.6-1.2.mga4
libtasn1-devel-3.6-1.2.mga4

from libtasn1-3.6-1.2.mga4.src.rpm

Version: Cauldron => 4
Assignee: bugsquad => qa-bugs
Whiteboard: MGA5TOO, MGA4TOO => has_procedure

Comment 3 David Walser 2015-05-01 00:52:31 CEST
General testing procedure runs fine for me on Mageia 4 i586.  I didn't test the PoC (needs to be tested with Address Sanitizer or valgrind).
Comment 4 David Walser 2015-05-05 16:56:41 CEST
Marking as OK for me.  Someone else could try the PoC.

Whiteboard: has_procedure => has_procedure MGA4-32-OK

Comment 5 claire robinson 2015-05-06 19:03:31 CEST
Testing complete mga4 64

Whiteboard: has_procedure MGA4-32-OK => has_procedure MGA4-32-OK mga4-64-ok

Comment 6 claire robinson 2015-05-06 19:33:28 CEST
Validating. Advisory uploaded.

Please push to 4 updates

Thanks!

Keywords: (none) => validated_update
Whiteboard: has_procedure MGA4-32-OK mga4-64-ok => has_procedure advisory MGA4-32-OK mga4-64-ok
CC: (none) => sysadmin-bugs

Comment 7 Mageia Robot 2015-05-06 19:44:37 CEST
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2015-0200.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

David Walser 2015-05-07 16:36:10 CEST

URL: (none) => http://lwn.net/Vulnerabilities/643577/


Note You need to log in before you can comment on or make changes to this bug.