A CVE has been requested for an issue fixed upstream in conntrack-tools: http://openwall.com/lists/oss-security/2015/08/14/4 The upstream bug and commit to fix the issue are linked in the message above. Mageia 4 and Mageia 5 are also affected. Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA5TOO, MGA4TOO
CVE-2015-6496 has been assigned: http://openwall.com/lists/oss-security/2015/08/18/1
Summary: conntrack-tools new DoS security issue => conntrack-tools new DoS security issue (CVE-2015-6496)
Debian has issued an advisory for this today (August 20): https://www.debian.org/security/2015/dsa-3341
URL: (none) => http://lwn.net/Vulnerabilities/655115/
Patched packages uploaded for Mageia 4, Mageia 5, and Cauldron. Advisory: ======================== Updated conntrack-tools packages fix security vulnerability: It was discovered that in certain configurations, if the relevant conntrack kernel module is not loaded, conntrackd will crash when handling DCCP, SCTP or ICMPv6 packets (CVE-2015-6496). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6496 https://www.debian.org/security/2015/dsa-3341 ======================== Updated packages in core/updates_testing: ======================== conntrack-tools-1.4.2-2.1.mga4 conntrack-tools-1.4.2-6.1.mga5 from SRPMS: conntrack-tools-1.4.2-2.1.mga4.src.rpm conntrack-tools-1.4.2-6.1.mga5.src.rpm
CC: (none) => mageiaVersion: Cauldron => 5Assignee: mageia => qa-bugsWhiteboard: MGA5TOO, MGA4TOO => MGA4TOO
In VirtualBox, M4, KDE, 32-bit Package(s) under test: conntrack-tools default conntrack-tools of conntrack-tools [root@localhost wilcal]# urpmi conntrack-tools Package conntrack-tools-1.4.2-2.mga4.i586 is already installed [root@localhost wilcal]# conntrack -S ( status responding ) install conntrack-tools from updates_testing [root@localhost wilcal]# urpmi conntrack-tools Package conntrack-tools-1.4.2-2.1.mga4.i586 is already installed [root@localhost wilcal]# conntrack -S ( status responding )
CC: (none) => wilcal.intWhiteboard: MGA4TOO => MGA4TOO MGA4-32-OK
In VirtualBox, M4, KDE, 64-bit Package(s) under test: conntrack-tools default conntrack-tools of conntrack-tools [root@localhost wilcal]# urpmi conntrack-tools Package conntrack-tools-1.4.2-2.mga4.x86_64 is already installed [root@localhost wilcal]# conntrack -S ( status responding ) install conntrack-tools from updates_testing [root@localhost wilcal]# urpmi conntrack-tools Package conntrack-tools-1.4.2-2.1.mga4.x86_64 is already installed [root@localhost wilcal]# conntrack -S ( status responding )
Whiteboard: MGA4TOO MGA4-32-OK => MGA4TOO MGA4-32-OK MGA4-64-OK
In VirtualBox, M5, KDE, 32-bit Package(s) under test: conntrack-tools default conntrack-tools of conntrack-tools [root@localhost wilcal]# urpmi conntrack-tools Package conntrack-tools-1.4.2-6.mga5.i586 is already installed [root@localhost wilcal]# conntrack -S ( status responding ) install conntrack-tools from updates_testing [root@localhost wilcal]# urpmi conntrack-tools Package conntrack-tools-1.4.2-6.1.mga5.i586 is already installed [root@localhost wilcal]# conntrack -S ( status responding )
Whiteboard: MGA4TOO MGA4-32-OK MGA4-64-OK => MGA4TOO MGA4-32-OK MGA4-64-OK MGA5-32-OK
In VirtualBox, M5, KDE, 64-bit Package(s) under test: conntrack-tools default conntrack-tools of conntrack-tools [root@localhost wilcal]# urpmi conntrack-tools Package conntrack-tools-1.4.2-6.mga5.x86_64 is already installed [root@localhost wilcal]# conntrack -S ( status responding ) install conntrack-tools from updates_testing [root@localhost wilcal]# urpmi conntrack-tools Package conntrack-tools-1.4.2-6.1.mga5.x86_64 is already installed [root@localhost wilcal]# conntrack -S ( status responding )
Whiteboard: MGA4TOO MGA4-32-OK MGA4-64-OK MGA5-32-OK => MGA4TOO MGA4-32-OK MGA4-64-OK MGA5-32-OK MGA5-64-OK
This update works fine. conntrack-tools installs cleanly, responds with its status, updates cleanly then responds again with its status. I don't wanna become an expert on how this works. Sooo.. Testing complete for MGA4 & MGA5, 32-bit & 64-bit Validating the update. Could someone from the sysadmin team push to updates. Thanks
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Advisory uploaded.
Whiteboard: MGA4TOO MGA4-32-OK MGA4-64-OK MGA5-32-OK MGA5-64-OK => MGA4TOO advisory MGA4-32-OK MGA4-64-OK MGA5-32-OK MGA5-64-OK
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0363.html
Status: NEW => RESOLVEDResolution: (none) => FIXED