Upstream has issued an advisory today (April 18): http://openwall.com/lists/oss-security/2017/04/18/5 The issue is fixed in 2.7.1. Mageia 5 is also affected.
Whiteboard: (none) => MGA5TOO
Whiteboard: MGA5TOO => (none)Version: Cauldron => 5CC: (none) => mageia
pushed in updates_testing src.rpm: minicom-2.7.1-1.mga5
Assignee: cooker => qa-bugs
Advisory: ======================== Updated minicom package fixes security vulnerability: In minicom before version 2.7.1, the escparms[] buffer in vt100.c is vulnerable to an overflow that may allow for remote code execution (CVE-2017-7467). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7467 http://openwall.com/lists/oss-security/2017/04/18/5 ======================== Updated packages in core/updates_testing: ======================== minicom-2.7.1-1.mga5 from minicom-2.7.1-1.mga5.src.rpm
Whiteboard: (none) => advisoryCC: (none) => davidwhodgins
Tested on 64bit Mag 5, using FTDI link to Cubibox I4, seems to work:- ====================================================================== [derij@pip ~]$ minicom Welcome to minicom 2.7.1 OPTIONS: I18n Compiled on Apr 22 2017, 19:35:58. Port /dev/ttyUSB0 Press CTRL-A Z for help on special keys Debian GNU/Linux stretch/sid ws ttymxc0 ws login: Debian GNU/Linux stretch/sid ws ttymxc0 ws login: root Password: Last login: Sat Mar 11 20:51:22 GMT 2017 on ttymxc0 Linux ws 3.14.14-cubox-i #2 SMP Wed Mar 11 13:01:02 CET 2015 armv7l ____ _ _ ____ __ __ ___ _ _ / ___| _| |__ _____ __ (_)___ \ ___\ \/ / / (_) || | | | | | | | '_ \ / _ \ \/ / | | __) / _ \\ / / /| | || |_ | |__| |_| | |_) | (_) > < | |/ __/ __// \ / / | |__ _| \____\__,_|_.__/ \___/_/\_\ |_|_____\___/_/\_\/_/ |_| |_| Welcome to ARMBIAN Debian GNU/Linux stretch/sid 3.14.14-cubox-i System load: 0.11 Up time: 23 days Memory usage: 18 % of 2015Mb Swap usage: 13 % of 512Mb IP: 192.168.0.251 HDD temp: 37�°C Usage of /: 54% of 7.4G [ 4 updates to install: apt-get upgrade ] Load: 0.26, 0.09, 0.06 - Drive: 37�°C - Memory: 1649Mb ===================================================================
CC: (none) => deri
Tested on i586, connecting to a Cisco device. All Ok.
Status: NEW => ASSIGNEDCC: (none) => lists.jjorgeWhiteboard: advisory => advisory MGA5-64-OK MGA5-32-OK
Thanks for the testing. Validating the update.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0128.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED