Bug 17179 - python-m2crypto new buffer overflow security issue
Summary: python-m2crypto new buffer overflow security issue
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 5
Hardware: i586 Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL: http://lwn.net/Vulnerabilities/665047/
Whiteboard: has_procedure advisory MGA5-64-OK MGA...
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2015-11-19 18:14 CET by David Walser
Modified: 2015-11-26 21:48 CET (History)
3 users (show)

See Also:
Source RPM: python-m2crypto-0.22.3-5.mga5.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2015-11-19 18:14:42 CET
Fedora has issued an advisory today (November 19):
https://lists.fedoraproject.org/pipermail/package-announce/2015-November/172083.html

Note that the URL in the package also needs to be updated (see Fedora).

Mageia 5 is also affected.

Reproducible: 

Steps to Reproduce:
David Walser 2015-11-19 18:14:50 CET

Whiteboard: (none) => MGA5TOO

Comment 1 Philippe Makowski 2015-11-20 15:31:27 CET
updated to python-m2crypto-0.22.5 and patched in Cauldron mga6 and in mga5

In 5/core/update_testing :

python-m2crypto-0.22.5-1.mga5.i586
python-m2crypto-0.22.5-1.mga5.x86_64 

from : python-m2crypto-0.22.5-1.mga5.src

In 6/core/release :

python-m2crypto-0.22.5-1.mga6.i586
python-m2crypto-0.22.5-1.mga6.x86_64 

from : python-m2crypto-0.22.5-1.mga6.src

Assignee: makowski.mageia => security

Comment 2 David Walser 2015-11-20 15:53:26 CET
Advisory:
========================

Updated python-m2crypto package fixes security vulnerability:

A bug was found in pbkdf2 function of m2crypto package, such that when given
a 74 byte result, a buffer overflow occurs leading to crash of the
application (rhbz#1271165).

References:
https://lists.fedoraproject.org/pipermail/package-announce/2015-November/172083.html

Version: Cauldron => 5
Assignee: security => qa-bugs
Whiteboard: MGA5TOO => (none)

Dave Hodgins 2015-11-20 19:29:17 CET

CC: (none) => davidwhodgins
Whiteboard: (none) => advisory

Comment 3 Len Lawrence 2015-11-22 01:33:59 CET
mga5  x86_64  Mate

$ sudo urpmi python-m2crypto
Package python-m2crypto-0.22.3-5.mga5.x86_64 is already installed

Ran the interactive python test as described in the reference URL:

$ python
>>> import M2Crypto
>>> M2Crypto.EVP.pbkdf2('foo', 'abc', 1, 74)
*** stack smashing detected ***: python terminated
======= Backtrace: =========
/lib64/libc.so.6(+0x7241e)[0x7fc15f32441e]
.....
7fc15d262000-7fc15d461000 ---p 0001a000 08:03 27263891                   /usr/lib64/libz.so.1.2.8Abort

Updated to python-m2crypto-0.22.5-1 and ran the test again

$ python
Python 2.7.9 (default, Dec 14 2014, 10:12:16) 
[GCC 4.9.2] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import M2Crypto
>>> M2Crypto.EVP.pbkdf2('foo', 'abc', 1, 74)
'2n\x13\xdd\xab\xb1N\xbc\xc0\xb3\x16\x85\xb1_(#\x02\xe6\x92L\xf6\xb6\xf8<\x80\xb7v\xc8\xec\x83tZ\xfd4\x9f\r\xea>?\x1d\xbb\x9b\xe3\xe1"\xc9W\x9e\x80\xdc\x0e\x16t\x06\x8e\x86~q\x82\xd2,\xaaa\xb1\x06+4k\x1dg\xf7CXF'
>>> exit()

Assuming that this is an expected result, 64-bit OK.

CC: (none) => tarazed25

Len Lawrence 2015-11-22 01:34:45 CET

Whiteboard: advisory => has_procedure advisory MGA5-64-OK

Comment 4 Len Lawrence 2015-11-22 01:49:56 CET
mga5  i586 in vbox  Mate

$ sudo urpmi python-m2crypto
installing python-m2crypto-0.22.3-5.mga5.i586.rpm from /var/cache/urpmi/rpms   

$ python
>>> import M2Crypto
>>> M2Crypto.EVP.pbkdf2('foo', 'abc', 1, 74)
*** stack smashing detected ***: python terminated
Backtrace then the abort message.

After update:
Ran the test as above and it returned precisely the same encryption information as in the 64-bit test.
Len Lawrence 2015-11-22 01:50:43 CET

Whiteboard: has_procedure advisory MGA5-64-OK => has_procedure advisory MGA5-64-OK MGA5-32-OK

Len Lawrence 2015-11-22 17:56:04 CET

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 5 claire robinson 2015-11-23 10:56:24 CET
Well done Len
Comment 6 Mageia Robot 2015-11-26 21:48:32 CET
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2015-0458.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.