Ubuntu has issued an advisory today (June 21): https://www.ubuntu.com/usn/usn-3337-1/ Mageia 5 is also affected.
Whiteboard: (none) => MGA5TOO
CC: (none) => marja11Assignee: bugsquad => thierry.vignaud
Note that CVE-2016-2226 is already fixed in the version in Cauldron.
The Ubuntu patch for 3.12.0 only references CVE-2016-4491, but apparently it fixes all of the remaining issues. I've checked it into SVN and requested a freeze push.
valgrind-3.12.0-5.mga6 uploaded for Cauldron, presumably fixing this.
Whiteboard: MGA5TOO => (none)Version: Cauldron => 5
Patched package uploaded for Mageia 5. Advisory: ======================== Updated valgrind packages fix security vulnerabilities: It was discovered that Valgrind incorectly handled certain string operations. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could possibly execute arbitrary code (CVE-2016-2226). It was discovered that Valgrind incorrectly handled parsing certain binaries. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause Valgrind to crash, resulting in a denial of service (CVE-2016-4487, CVE-2016-4488, CVE-2016-4489, CVE-2016-4490, CVE-2016-4491, CVE-2016-4492, CVE-2016-4493, CVE-2016-6131). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2226 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4487 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4488 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4489 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4490 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4491 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4492 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4493 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6131 https://www.ubuntu.com/usn/usn-3337-1/ ======================== Updated packages in core/updates_testing: ======================== valgrind-3.10.1-2.1.mga5 valgrind-devel-3.10.1-2.1.mga5 valgrind-openmpi-3.10.1-2.1.mga5 from valgrind-3.10.1-2.1.mga5.src.rpm
CC: (none) => thierry.vignaudAssignee: thierry.vignaud => qa-bugs
MGA5-32 on Asus A6000VM Xfce No installation issues Found test in http://valgrind.org/docs/manual/quick-start.html (test file will be uploaded), compiled and at CLI: $ valgrind --leak-check=yes /home/tester5/Documenten/valgrindtest ==7637== Memcheck, a memory error detector ==7637== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al. ==7637== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info ==7637== Command: /home/tester5/Documenten/valgrindtest ==7637== ==7637== Invalid write of size 4 ==7637== at 0x8048437: f (in /home/tester5/Documenten/valgrindtest) ==7637== by 0x8048454: main (in /home/tester5/Documenten/valgrindtest) ==7637== Address 0x4222050 is 0 bytes after a block of size 40 alloc'd ==7637== at 0x402951B: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==7637== by 0x804842A: f (in /home/tester5/Documenten/valgrindtest) ==7637== by 0x8048454: main (in /home/tester5/Documenten/valgrindtest) ==7637== ==7637== ==7637== HEAP SUMMARY: ==7637== in use at exit: 40 bytes in 1 blocks ==7637== total heap usage: 1 allocs, 0 frees, 40 bytes allocated ==7637== ==7637== 40 bytes in 1 blocks are definitely lost in loss record 1 of 1 ==7637== at 0x402951B: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==7637== by 0x804842A: f (in /home/tester5/Documenten/valgrindtest) ==7637== by 0x8048454: main (in /home/tester5/Documenten/valgrindtest) ==7637== ==7637== LEAK SUMMARY: ==7637== definitely lost: 40 bytes in 1 blocks ==7637== indirectly lost: 0 bytes in 0 blocks ==7637== possibly lost: 0 bytes in 0 blocks ==7637== still reachable: 0 bytes in 0 blocks ==7637== suppressed: 0 bytes in 0 blocks ==7637== ==7637== For counts of detected and suppressed errors, rerun with: -v ==7637== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 0 from 0)
Whiteboard: (none) => MGA5-32-OKCC: (none) => herman.viaene
Created attachment 9504 [details] file to compile and run valgrind to the executable
CC: (none) => lewyssmithWhiteboard: MGA5-32-OK => MGA5-32-OK advisory
Installed and tested using test binary without issues. Tested with other binaries and IDEs, again without issue. System: x86_64, Plasma, nVidia (proprietary driver) $ uname -a Linux marte 4.4.78-desktop-1.mga5 #1 SMP Mon Jul 24 20:49:58 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux $ rpm -q valgrind valgrind-3.10.1-2.1.mga5 $ valgrind --leak-check=yes ./valgrindtest ==1582== Memcheck, a memory error detector ==1582== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al. ==1582== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info ==1582== Command: ./valgrindtest ==1582== ==1582== Invalid write of size 4 ==1582== at 0x400646: f (in /tmp/pedro/valgrindtest) ==1582== by 0x400656: main (in /tmp/pedro/valgrindtest) ==1582== Address 0x51e8068 is 0 bytes after a block of size 40 alloc'd ==1582== at 0x4C27F7F: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==1582== by 0x400639: f (in /tmp/pedro/valgrindtest) ==1582== by 0x400656: main (in /tmp/pedro/valgrindtest) ==1582== ==1582== ==1582== HEAP SUMMARY: ==1582== in use at exit: 40 bytes in 1 blocks ==1582== total heap usage: 1 allocs, 0 frees, 40 bytes allocated ==1582== ==1582== 40 bytes in 1 blocks are definitely lost in loss record 1 of 1 ==1582== at 0x4C27F7F: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==1582== by 0x400639: f (in /tmp/pedro/valgrindtest) ==1582== by 0x400656: main (in /tmp/pedro/valgrindtest) ==1582== ==1582== LEAK SUMMARY: ==1582== definitely lost: 40 bytes in 1 blocks ==1582== indirectly lost: 0 bytes in 0 blocks ==1582== possibly lost: 0 bytes in 0 blocks ==1582== still reachable: 0 bytes in 0 blocks ==1582== suppressed: 0 bytes in 0 blocks ==1582== ==1582== For counts of detected and suppressed errors, rerun with: -v ==1582== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 0 from 0)
Whiteboard: MGA5-32-OK advisory => MGA5-32-OK MGA5-64-OK advisoryCC: (none) => mageia
Thank you Herman & PC_LX for the tests. Validating, already advisoried.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0222.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED