Bug 17179 - python-m2crypto new buffer overflow security issue
Summary: python-m2crypto new buffer overflow security issue
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 5
Hardware: i586 Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL: http://lwn.net/Vulnerabilities/665047/
Whiteboard: has_procedure advisory MGA5-64-OK MGA...
Keywords: validated_update
Depends on:
Reported: 2015-11-19 18:14 CET by David Walser
Modified: 2015-11-26 21:48 CET (History)
3 users (show)

See Also:
Source RPM: python-m2crypto-0.22.3-5.mga5.src.rpm
Status comment:


Description David Walser 2015-11-19 18:14:42 CET
Fedora has issued an advisory today (November 19):

Note that the URL in the package also needs to be updated (see Fedora).

Mageia 5 is also affected.


Steps to Reproduce:
David Walser 2015-11-19 18:14:50 CET

Whiteboard: (none) => MGA5TOO

Comment 1 Philippe Makowski 2015-11-20 15:31:27 CET
updated to python-m2crypto-0.22.5 and patched in Cauldron mga6 and in mga5

In 5/core/update_testing :


from : python-m2crypto-0.22.5-1.mga5.src

In 6/core/release :


from : python-m2crypto-0.22.5-1.mga6.src

Assignee: makowski.mageia => security

Comment 2 David Walser 2015-11-20 15:53:26 CET

Updated python-m2crypto package fixes security vulnerability:

A bug was found in pbkdf2 function of m2crypto package, such that when given
a 74 byte result, a buffer overflow occurs leading to crash of the
application (rhbz#1271165).


Version: Cauldron => 5
Assignee: security => qa-bugs
Whiteboard: MGA5TOO => (none)

Dave Hodgins 2015-11-20 19:29:17 CET

CC: (none) => davidwhodgins
Whiteboard: (none) => advisory

Comment 3 Len Lawrence 2015-11-22 01:33:59 CET
mga5  x86_64  Mate

$ sudo urpmi python-m2crypto
Package python-m2crypto-0.22.3-5.mga5.x86_64 is already installed

Ran the interactive python test as described in the reference URL:

$ python
>>> import M2Crypto
>>> M2Crypto.EVP.pbkdf2('foo', 'abc', 1, 74)
*** stack smashing detected ***: python terminated
======= Backtrace: =========
7fc15d262000-7fc15d461000 ---p 0001a000 08:03 27263891                   /usr/lib64/libz.so.1.2.8Abort

Updated to python-m2crypto-0.22.5-1 and ran the test again

$ python
Python 2.7.9 (default, Dec 14 2014, 10:12:16) 
[GCC 4.9.2] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import M2Crypto
>>> M2Crypto.EVP.pbkdf2('foo', 'abc', 1, 74)
>>> exit()

Assuming that this is an expected result, 64-bit OK.

CC: (none) => tarazed25

Len Lawrence 2015-11-22 01:34:45 CET

Whiteboard: advisory => has_procedure advisory MGA5-64-OK

Comment 4 Len Lawrence 2015-11-22 01:49:56 CET
mga5  i586 in vbox  Mate

$ sudo urpmi python-m2crypto
installing python-m2crypto-0.22.3-5.mga5.i586.rpm from /var/cache/urpmi/rpms   

$ python
>>> import M2Crypto
>>> M2Crypto.EVP.pbkdf2('foo', 'abc', 1, 74)
*** stack smashing detected ***: python terminated
Backtrace then the abort message.

After update:
Ran the test as above and it returned precisely the same encryption information as in the 64-bit test.
Len Lawrence 2015-11-22 01:50:43 CET

Whiteboard: has_procedure advisory MGA5-64-OK => has_procedure advisory MGA5-64-OK MGA5-32-OK

Len Lawrence 2015-11-22 17:56:04 CET

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 5 claire robinson 2015-11-23 10:56:24 CET
Well done Len
Comment 6 Mageia Robot 2015-11-26 21:48:32 CET
An update for this issue has been pushed to Mageia Updates repository.


Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.