(In reply to David Walser from comment #0)
> A minor security issue in the audit package has been fixed and assigned a
> CVE:
> http://openwall.com/lists/oss-security/2015/08/13/9
> 
> It will be fixed in the next version (2.4.4) and the upstream commit that
> fixes it is linked in the message above.
> 
> Reproducible: 
> 
> Steps to Reproduce:

Hi,

can I just provide an upgraded package for the stable distros (to 2.4.4 which has already been released? This will ease maintenance into the future.

Regards,

-- Shlomi Fish

(In reply to Shlomi Fish from comment #1)
> can I just provide an upgraded package for the stable distros (to 2.4.4
> which has already been released? This will ease maintenance into the future.

For Mageia 5, you certainly can, as it's just a bugfix release over what we already have there, plus we need to update it for Mageia 5 anyway since tmb is getting ready to update the kernel.

For Mageia 4, it'd be preferable to patch if it's not to difficult to backport.

(In reply to David Walser from comment #2)
> (In reply to Shlomi Fish from comment #1)
> > can I just provide an upgraded package for the stable distros (to 2.4.4
> > which has already been released? This will ease maintenance into the future.
> 
> For Mageia 5, you certainly can, as it's just a bugfix release over what we
> already have there, plus we need to update it for Mageia 5 anyway since tmb
> is getting ready to update the kernel.
> 
> For Mageia 4, it'd be preferable to patch if it's not to difficult to
> backport.

I see - I will try doing that.

Thanks Shlomi!  I guess this is ready for QA.

Advisory:
========================

Updated audit packages fix security vulnerability:

When auditing the filesystem the names of files are logged. These filenames
can contain escape sequences, when viewed using the ausearch programs "-i"
option for example this can result in the escape sequences being processed
unsafely by the terminal program being used to view the data (CVE-2015-5186).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5186
http://openwall.com/lists/oss-security/2015/08/13/9
========================

Updated packages in core/updates_testing:
========================
audit-2.3.2-2.5.mga4
libaudit1-2.3.2-2.5.mga4
libaudit-devel-2.3.2-2.5.mga4
libauparse0-2.3.2-2.5.mga4
libauparse-devel-2.3.2-2.5.mga4
python-audit-2.3.2-2.5.mga4
audispd-plugins-2.3.2-2.5.mga4
audit-2.4.4-1.mga5
libaudit1-2.4.4-1.mga5
libaudit-devel-2.4.4-1.mga5
libauparse0-2.4.4-1.mga5
libauparse-devel-2.4.4-1.mga5
python-audit-2.4.4-1.mga5
audispd-plugins-2.4.4-1.mga5

from SRPMS:
audit-2.3.2-2.5.mga4.src.rpm
audit-2.4.4-1.mga5.src.rpm

CC: (none) => shlomif
Assignee: shlomif => qa-bugs

Fedora has issued an advisory for this on August 14:
https://lists.fedoraproject.org/pipermail/package-announce/2015-August/164243.html

URL: (none) => http://lwn.net/Vulnerabilities/655000/

MGA5-64 on HP Probook 6555b KDE.
No installation issues.
auditd service is running.
I tried to test it by adding the line:
-w /home/tester5/test -k TEST
to both audit.rules files (in /etc/audit and /etc/audit/rules.d, not knowing which of the  two applies), but I get no logging when creating/editing a file in the target map.

CC: (none) => herman.viaene

In VirtualBox, M4, KDE, 32-bit

Package(s) under test:
audit libaudit1

default install of audit & libaudit1

[root@localhost wilcal]# urpmi audit
Package audit-2.3.2-2.4.mga4.i586 is already installed
[root@localhost wilcal]# urpmi libaudit1
Package libaudit1-2.3.2-2.4.mga4.i586 is already installed

auditd is running in MCC -> Systems -> Manage systems services

Packages installed cleanly.

(In reply to Herman Viaene from comment #6)
> I tried to test it by adding the line:
> -w /home/tester5/test -k TEST
> to both audit.rules files (in /etc/audit and /etc/audit/rules.d, not knowing
> which of the  two applies), but I get no logging when creating/editing a
> file in the target map.

Share more info here. Do I have to create something here:
-w /home/tester5/test -k TEST

> to both audit.rules files (in /etc/audit and /etc/audit/rules.d
I could not fine either of these files in the test system

> which of the two applies), but I get no logging when creating/editing a
> file in the target map.

How do you demonstrate that it is logging and what is a "target map".

CC: (none) => wilcal.int

(In reply to Herman Viaene from comment #6)
> MGA5-64 on HP Probook 6555b KDE.
> No installation issues.
> auditd service is running.
> I tried to test it by adding the line:
> -w /home/tester5/test -k TEST
> to both audit.rules files (in /etc/audit and /etc/audit/rules.d, not knowing
> which of the  two applies), but I get no logging when creating/editing a
> file in the target map.

Did you try either running "auditctl -R /etc/audit/audit.rules" or "systemctl restart auditd.service" after adding that line?

(In reply to David Walser from comment #8)

> Did you try either running "auditctl -R /etc/audit/audit.rules" or
> "systemctl restart auditd.service" after adding that line?

Did the restart in MMC. Will fire up the test computer again later today.
Just trying to find something simple to prove this is installed and working.
Thanks David.

To answer all questions above:
No, I did not run "systemctl restart auditd.service", well I tried it but this does not work. Instead I rebooted the PC completely.
I found info to test on http://www.golinuxhub.com/2013/05/using-audit-in-linux-to-track-system.html
Running "auditctl -R /etc/audit/audit.rules" now gives at the end:
Error sending add rule data request (Invalid argument)
There was an error in line 14 of /etc/audit/audit.rules
That is the line I added. I checked the man page, but I don't see the problem.

(In reply to Herman Viaene from comment #10)
> To answer all questions above:
> No, I did not run "systemctl restart auditd.service", well I tried it but
> this does not work. Instead I rebooted the PC completely.
> I found info to test on
> http://www.golinuxhub.com/2013/05/using-audit-in-linux-to-track-system.html
> Running "auditctl -R /etc/audit/audit.rules" now gives at the end:
> Error sending add rule data request (Invalid argument)
> There was an error in line 14 of /etc/audit/audit.rules
> That is the line I added. I checked the man page, but I don't see the
> problem.

It looks like the "permission" part is missing.  Try:
-w /home/tester5/test -p w -k TEST

or:
-w /home/tester5/test -p a -k TEST

In VirtualBox, M4, KDE, 32-bit

Package(s) under test:
audit libaudit1 libauparse0 python-audit

default install of audit libaudit1 libauparse0 & python-audit

[root@localhost wilcal]# urpmi audit
Package audit-2.3.2-2.4.mga4.i586 is already installed
[root@localhost wilcal]# urpmi libaudit1
Package libaudit1-2.3.2-2.4.mga4.i586 is already installed
[root@localhost wilcal]# urpmi libauparse0
Package libauparse0-2.3.2-2.4.mga4.i586 is already installed
[root@localhost wilcal]# urpmi python-audit
Package python-audit-2.3.2-2.4.mga4.i586 is already installed

packages install without error

install audit libaudit1 libauparse0 & python-audit from updates_testing

[root@localhost wilcal]# urpmi audit
Package audit-2.3.2-2.5.mga4.i586 is already installed
[root@localhost wilcal]# urpmi libaudit1
Package libaudit1-2.3.2-2.5.mga4.i586 is already installed
[root@localhost wilcal]# urpmi libauparse0
Package libauparse0-2.3.2-2.5.mga4.i586 is already installed
[root@localhost wilcal]# urpmi python-audit
Package python-audit-2.3.2-2.5.mga4.i586 is already installed

packages update without error

Whiteboard: MGA4TOO => MGA4TOO MGA4-32-OK

In VirtualBox, M4, KDE, 64-bit

Package(s) under test:
audit lib64audit1 lib64auparse0 python-audit

default install of audit lib64audit1 lib64auparse0 & python-audit

[root@localhost wilcal]# urpmi audit
Package audit-2.3.2-2.4.mga4.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64audit1
Package lib64audit1-2.3.2-2.4.mga4.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64auparse0
Package lib64auparse0-2.3.2-2.4.mga4.x86_64 is already installed
[root@localhost wilcal]# urpmi python-audit
Package python-audit-2.3.2-2.4.mga4.x86_64 is already installed

packages install without error

install audit lib64audit1 lib64auparse0 & python-audit from updates_testing

[root@localhost wilcal]# urpmi audit
Package audit-2.3.2-2.5.mga4.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64audit1
Package lib64audit1-2.3.2-2.5.mga4.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64auparse0
Package lib64auparse0-2.3.2-2.5.mga4.x86_64 is already installed
[root@localhost wilcal]# urpmi python-audit
Package python-audit-2.3.2-2.5.mga4.x86_64 is already installed

packages update without error

In VirtualBox, M5, KDE, 32-bit

Package(s) under test:
audit libaudit1 libauparse0 python-audit

default install of audit libaudit1 libauparse0 & python-audit

[root@localhost wilcal]# urpmi audit
Package audit-2.4.1-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libaudit1
Package libaudit1-2.4.1-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libauparse0
Package libauparse0-2.4.1-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi python-audit
Package python-audit-2.4.1-1.mga5.i586 is already installed

packages install without error

install audit libaudit1 libauparse0 & python-audit from updates_testing

[root@localhost wilcal]# urpmi audit
Package audit-2.4.4-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libaudit1
Package libaudit1-2.4.4-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libauparse0
Package libauparse0-2.4.4-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi python-audit
Package python-audit-2.4.4-1.mga5.i586 is already installed

packages update without error

Whiteboard: MGA4TOO MGA4-32-OK MGA4-64-OK => MGA4TOO MGA4-32-OK MGA4-64-OK MGA5-32-OK

In VirtualBox, M5, KDE, 64-bit

Package(s) under test:
audit lib64audit1 lib64auparse0 python-audit

default install of audit lib64audit1 lib64auparse0 & python-audit

[root@localhost wilcal]# urpmi audit
Package audit-2.4.1-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64audit1
Package lib64audit1-2.4.1-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64auparse0
Package lib64auparse0-2.4.1-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi python-audit
Package python-audit-2.4.1-1.mga5.x86_64 is already installed

packages install without error

install audit lib64audit1 lib64auparse0 & python-audit from updates_testing

[root@localhost wilcal]# urpmi audit
Package audit-2.4.4-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64audit1
Package lib64audit1-2.4.4-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64auparse0
Package lib64auparse0-2.4.4-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi python-audit
Package python-audit-2.4.4-1.mga5.x86_64 is already installed

packages update without error

This update updates cleanly works fine.
Testing complete for MGA4 & MGA5, 32-bit & 64-bit
Validating the update.
Could someone from the sysadmin team push to updates.
Thanks

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Advisory uploaded.

Whiteboard: MGA4TOO MGA4-32-OK MGA4-64-OK MGA5-32-OK MGA5-64-OK => MGA4TOO MGA4-32-OK MGA4-64-OK MGA5-32-OK MGA5-64-OK advisory

An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2015-0333.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED