OpenSuSE has issued an advisory today (November 4): http://lists.opensuse.org/opensuse-updates/2015-11/msg00035.html The OpenSuSE bug has PoC information: https://bugzilla.suse.com/show_bug.cgi?id=949754 Patched package uploaded for Mageia 5. Advisory: ======================== Updated util-linux packages fix security vulnerability: A buffer overflow in the colcrt command in util-linux can lead to a crash when given a large input (CVE-2015-5218). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5218 http://lists.opensuse.org/opensuse-updates/2015-11/msg00035.html ======================== Updated packages in core/updates_testing: ======================== util-linux-2.25.2-3.2.mga5 libblkid1-2.25.2-3.2.mga5 libblkid-devel-2.25.2-3.2.mga5 libuuid1-2.25.2-3.2.mga5 libuuid-devel-2.25.2-3.2.mga5 uuidd-2.25.2-3.2.mga5 python-libmount-2.25.2-3.2.mga5 libmount1-2.25.2-3.2.mga5 libmount-devel-2.25.2-3.2.mga5 libsmartcols1-2.25.2-3.2.mga5 libsmartcols-devel-2.25.2-3.2.mga5 from util-linux-2.25.2-3.2.mga5.src.rpm Reproducible: Steps to Reproduce:
Created attachment 7183 [details] Test file for colcrt
CC: (none) => tarazed25
4.1.12-desktop-1.mga5 x86_64 Downloaded the test file from the PoC link provided. $ colcrt binZ8dhbQ3bFM.bin Segmentation fault Updated to the packages listed above, leaving out the development packages. Ran the same command - no seg fault. Adding the 64-bit OK.
Whiteboard: (none) => has_procedure MGA5-64-OK
Switched to 32-bit architecture on a VM. 4.1.12-desktop-1.mga5 Tried the PoC as before and received a segfault. Updated the seven packages (left out devel packages). No segfault for the same test. Ran it again under strace to see what was going on and it all looked above board. The last few lines indicate a successful read on file id 3 which returned the size of the file in bytes and then a normal close. read(3, "_\27\27\27\27\27\27\27\27\27\27\27\27\27\27\27\27\27\27\27\27\27\27\27\0\20\27\27\27\27\27\27"..., 4096) = 314 close(3) = 0 Good for 32-bits.
Whiteboard: has_procedure MGA5-64-OK => has_procedure MGA5-64-OK MGA5-32-OK
Keywords: (none) => validated_updateWhiteboard: has_procedure MGA5-64-OK MGA5-32-OK => has_procedure MGA5-64-OK MGA5-32-OK advisoryCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0434.html
Status: NEW => RESOLVEDResolution: (none) => FIXED