Fedora has issued an advisory on January 22: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JR5R2FSPYCLDAHTXQC2LKY74N5YW2PQQ/ However, both upstream and RedHat have concluded that this is not a security issue in libnl3 itself. Patched package uploaded for Cauldron. Patch checked into Mageia 5 SVN. If we have any reason to update this package in the future, the fix will be included.
(In reply to David Walser from comment #0) > Fedora has issued an advisory on January 22: > https://lists.fedoraproject.org/archives/list/package-announce@lists. > fedoraproject.org/thread/JR5R2FSPYCLDAHTXQC2LKY74N5YW2PQQ/ > > However, both upstream and RedHat have concluded that this is not a security > issue in libnl3 itself. > > Patched package uploaded for Cauldron. Patch checked into Mageia 5 SVN. > > If we have any reason to update this package in the future, the fix will be > included. Assigning to the registered libnl3 maintainer, even if no action is needed now.
CC: (none) => marja11Assignee: bugsquad => tmb
Fedora has issued an advisory today (April 22) for a similar issue: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/KIHASXRQO2YTQPKVP4VGIB2XHPANG6YX/ Patched packages uploaded for Mageia 5 and Cauldron. Advisory: ======================== Updated libnl3 packages fix security vulnerabilities: An elevation of privilege vulnerability in the libnl library could enable a local malicious application to execute arbitrary code within the context of a privileged process (CVE-2017-0386). An integer overflow vulnerability was found in nlmsg_reserve() triggered by crafted @len argument resulting into reserving too few bytes (CVE-2017-0553). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0553 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JR5R2FSPYCLDAHTXQC2LKY74N5YW2PQQ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/KIHASXRQO2YTQPKVP4VGIB2XHPANG6YX/ ======================== Updated packages in core/updates_testing: ======================== libnl3_200-3.2.25-3.1.mga5 libnl-cli3_200-3.2.25-3.1.mga5 libnl-route3_200-3.2.25-3.1.mga5 libnl-genl3_200-3.2.25-3.1.mga5 libnl-nf3_200-3.2.25-3.1.mga5 libnl-idiag3_200-3.2.25-3.1.mga5 libnl3-devel-3.2.25-3.1.mga5 libnl3-config-3.2.25-3.1.mga5 libnl3-tools-3.2.25-3.1.mga5 from libnl3-3.2.25-3.1.mga5.src.rpm
Summary: libnl3 new bug CVE-2017-0386 => libnl3 new security issues CVE-2017-0386 and CVE-2017-0553Assignee: tmb => qa-bugs
These libraries provide a netlink protocol API between applications and the kernel. As far as PoCs are concerned there is no useful information for QA in the bug links so the best we can do is look at applications dependent on libnl. There is a tools package which populates /sbin with nl-* files and documentation for these is accessed via the --help option. Some applications which use the libraries are: aircrack-ng : complete suite of tools to assess WiFi network security crda : udev helper for regulatory compliance hostapd : turn your network card into a wifi access point iw ; configuration utility for wireless devices keepalived : routing software kismet : packet sniffer, etc. knemo : network monitor networkmanager ntrack : track network online status changes powertop : tool to diagnose issues with power consumption and management python-ethtool : display or change ethernet settings sssd : security services daemon wireshark wpa_supplicant : wireless access management
CC: (none) => tarazed25
x86_64 on real hardware. Updated the packages and used wireshark for functionality test. Added user to wireshark group. Ran wireshark under strace; chose IPv4 capture filter for ethernet interface and set it running without any packet limit. Not familiar with network language but recognized addresses on the LAN, references to router and dropbox. Clicked on a packet to examine it in a separate window - the information looked as if it made sense.Stopped it manually. Goto packet highlighted the entry and allowed examination in popup window. Saved the frame as a pcap file. Closed wireshark and restarted it to load the capture file. Looked at it frame by frame. All good. Checked the strace file: $ cat wire.trace | grep libnl open("/usr/lib64/libnl-route-3.so.200", O_RDONLY|O_CLOEXEC) = 3 open("/usr/lib64/libnl-genl-3.so.200", O_RDONLY|O_CLOEXEC) = 3 open("/usr/lib64/libnl-3.so.200", O_RDONLY|O_CLOEXEC) = 3 stat("/etc/libnl/classid", {st_mode=S_IFREG|0644, st_size=1130, ...}) = 0 open("/etc/libnl/classid", O_RDONLY) = 3 That confirms that the updated libraries are in use. Ran iw to see how it looked and noted that it has an option for netlink debugging. Giving this an OK. Not going to try vbox (i586).
Whiteboard: (none) => MGA5-64-OK
CC: (none) => davidwhodginsComponent: RPM Packages => SecurityQA Contact: (none) => securityWhiteboard: MGA5-64-OK => MGA5-64-OK advisory
Similar testing on i586 under vb. Validating the update.
Whiteboard: MGA5-64-OK advisory => MGA5-64-OK advisory MGA5-32-OKKeywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0158.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED