Bug 21126 - valgrind new security issues CVE-2016-2226, CVE-2016-4487, CVE-2016-4488, CVE-2016-4489, CVE-2016-4490, CVE-2016-4491, CVE-2016-4492, CVE-2016-4493, CVE-2016-6131
Summary: valgrind new security issues CVE-2016-2226, CVE-2016-4487, CVE-2016-4488, CVE...
Status: NEW
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 5
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA5-32-OK advisory
Keywords:
Depends on:
Blocks:
 
Reported: 2017-06-22 00:17 CEST by David Walser
Modified: 2017-07-20 20:52 CEST (History)
4 users (show)

See Also:
Source RPM: valgrind-3.12.0-4.mga6.src.rpm
CVE:
Status comment:


Attachments
file to compile and run valgrind to the executable (251 bytes, text/plain)
2017-07-18 15:10 CEST, Herman Viaene
Details

Description David Walser 2017-06-22 00:17:49 CEST
Ubuntu has issued an advisory today (June 21):
https://www.ubuntu.com/usn/usn-3337-1/

Mageia 5 is also affected.
Comment 1 David Walser 2017-06-24 18:42:24 CEST
Note that CVE-2016-2226 is already fixed in the version in Cauldron.
Comment 2 David Walser 2017-06-24 18:48:34 CEST
The Ubuntu patch for 3.12.0 only references CVE-2016-4491, but apparently it fixes all of the remaining issues.  I've checked it into SVN and requested a freeze push.
Comment 3 David Walser 2017-06-24 23:53:29 CEST
valgrind-3.12.0-5.mga6 uploaded for Cauldron, presumably fixing this.
Comment 4 David Walser 2017-07-08 21:56:30 CEST
Patched package uploaded for Mageia 5.

Advisory:
========================

Updated valgrind packages fix security vulnerabilities:

It was discovered that Valgrind incorectly handled certain string operations.
If a user or automated system were tricked into processing a specially crafted
binary, a remote attacker could possibly execute arbitrary code
(CVE-2016-2226).

It was discovered that Valgrind incorrectly handled parsing certain binaries.
If a user or automated system were tricked into processing a specially crafted
binary, a remote attacker could use this issue to cause Valgrind to crash,
resulting in a denial of service (CVE-2016-4487, CVE-2016-4488, CVE-2016-4489,
CVE-2016-4490, CVE-2016-4491, CVE-2016-4492, CVE-2016-4493, CVE-2016-6131).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2226
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4487
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4488
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4489
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4490
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4491
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4492
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4493
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6131
https://www.ubuntu.com/usn/usn-3337-1/
========================

Updated packages in core/updates_testing:
========================
valgrind-3.10.1-2.1.mga5
valgrind-devel-3.10.1-2.1.mga5
valgrind-openmpi-3.10.1-2.1.mga5

from valgrind-3.10.1-2.1.mga5.src.rpm
Comment 5 Herman Viaene 2017-07-18 15:09:50 CEST
MGA5-32 on Asus A6000VM Xfce
No installation issues
Found test in http://valgrind.org/docs/manual/quick-start.html (test file will be uploaded), compiled and
at CLI:
$ valgrind --leak-check=yes /home/tester5/Documenten/valgrindtest 
==7637== Memcheck, a memory error detector
==7637== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==7637== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info
==7637== Command: /home/tester5/Documenten/valgrindtest
==7637== 
==7637== Invalid write of size 4
==7637==    at 0x8048437: f (in /home/tester5/Documenten/valgrindtest)
==7637==    by 0x8048454: main (in /home/tester5/Documenten/valgrindtest)
==7637==  Address 0x4222050 is 0 bytes after a block of size 40 alloc'd
==7637==    at 0x402951B: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==7637==    by 0x804842A: f (in /home/tester5/Documenten/valgrindtest)
==7637==    by 0x8048454: main (in /home/tester5/Documenten/valgrindtest)
==7637== 
==7637== 
==7637== HEAP SUMMARY:
==7637==     in use at exit: 40 bytes in 1 blocks
==7637==   total heap usage: 1 allocs, 0 frees, 40 bytes allocated
==7637== 
==7637== 40 bytes in 1 blocks are definitely lost in loss record 1 of 1
==7637==    at 0x402951B: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==7637==    by 0x804842A: f (in /home/tester5/Documenten/valgrindtest)
==7637==    by 0x8048454: main (in /home/tester5/Documenten/valgrindtest)
==7637== 
==7637== LEAK SUMMARY:
==7637==    definitely lost: 40 bytes in 1 blocks
==7637==    indirectly lost: 0 bytes in 0 blocks
==7637==      possibly lost: 0 bytes in 0 blocks
==7637==    still reachable: 0 bytes in 0 blocks
==7637==         suppressed: 0 bytes in 0 blocks
==7637== 
==7637== For counts of detected and suppressed errors, rerun with: -v
==7637== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 0 from 0)
Comment 6 Herman Viaene 2017-07-18 15:10:59 CEST
Created attachment 9504 [details]
file to compile and run valgrind to the executable

Note You need to log in before you can comment on or make changes to this bug.