A security issue in augeas has been announced today (August 17): http://openwall.com/lists/oss-security/2017/08/17/3 A proposed patch upstream is linked from the message above. Mageia 5 and Mageia 6 are also affected.
Whiteboard: (none) => MGA6TOO, MGA5TOO
Version: Cauldron => 6CC: (none) => mageiaWhiteboard: MGA6TOO, MGA5TOO => MGA5TOO
pushed in updates_testing src.rpm: augeas-1.8.0-1.1.mga6
pushed in mga5 too src.rpm: augeas-1.2.0-3.1.mga5
Assignee: bruno => qa-bugs
Advisory: ======================== Updated augeas packages fix security vulnerability: A vulnerability was discovered in augeas affecting the handling of escaped strings. An attacker could send crafted strings that would cause the application using augeas to copy past the end of a buffer, leading to a crash or possible code execution (CVE-2017-7555). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7555 http://openwall.com/lists/oss-security/2017/08/17/3 ======================== Updated packages in core/updates_testing: ======================== augeas-1.2.0-3.1.mga5 libaugeas-devel-1.2.0-3.1.mga5 libaugeas0-1.2.0-3.1.mga5 libfa1-1.2.0-3.1.mga5 augeas-lenses-1.2.0-3.1.mga5 augeas-1.8.0-1.1.mga6 libaugeas-devel-1.8.0-1.1.mga6 libaugeas0-1.8.0-1.1.mga6 libfa1-1.8.0-1.1.mga6 augeas-lenses-1.8.0-1.1.mga6 from SRPMS: augeas-1.2.0-3.1.mga5.src.rpm augeas-1.8.0-1.1.mga6.src.rpm
MGA5-32 on Asus A6000VM Xfce No installation issues. Available commands augtool and augparse At CLI: $ augtool augtool> help Admin commands: help - print help load - (re)load files under /files and more... augtool> print /files/etc displays whole tree of /etc same with augtool> print /files/lib $ augparse --version augparse 1.2.0 <http://augeas.net/> Copyright (C) 2007-2011 David Lutterkort License LGPLv2+: GNU LGPL version 2.1 or later <http://www.gnu.org/licenses/lgpl-2.1.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Written by David Lutterkort OK for me.
CC: (none) => herman.viaeneWhiteboard: MGA5TOO => MGA5TOO MGA5-32-OK
CC: (none) => lewyssmithWhiteboard: MGA5TOO MGA5-32-OK => MGA5TOO MGA5-32-OK advisory
Following in Herman's footsteps, hoping to test this on mga6::x86_64. I set up a sandbox as instructed and edited the /etc/hosts file under root: $ export AUGEAS_ROOT=/tmp/augeas-sandbox $ mkdir $AUGEAS_ROOT $ sudo cp -pr /etc $AUGEAS_ROOT $ sudo chown -R $(id -nu):$(id -ng) $AUGEAS_ROOT $ augtool -b augtool> print /file/etc/resolv.conf augtool> set /files/etc/hosts/01/ipaddr 208.67.222.222 augtool> set /files/etc/hosts/01/canonical resolver1.opendns.com augtool> set /files/etc/hosts/01/alias[1] dns1 augtool> save Saved 1 file(s) augtool> ls /files/etc/hosts/01 ipaddr = 208.67.222.222 canonical = resolver1.opendns.com alias = dns1 augtool> Then: $ cd ${AUGEAS_ROOT} && diff -u ./etc/hosts ./etc/hosts.augsave --- ./etc/hosts 2017-08-20 20:54:46.383550252 +0100 +++ ./etc/hosts.augsave 2017-08-20 20:25:44.625550460 +0100 @@ -19,4 +19,3 @@ 192.168.1.10 rastaban 192.168.1.1 Arcturus 208.67.222.222 resolver1.opendns.com dns1 -208.67.222.222 resolver1.opendns.com dns1 So far so good I think. The file /tmp/augeas-sandbox/etc/hosts.augsave contains the added information. Replacing the target configuration file with this is done with the store command if I understand the documentation but that requires a specific "lens" to map the information in the sandbox file to the actual file. However, I could not find a way to do this, following the manual to the letter. Changed to user root $ augtool augtool> load augtool> store Host_Conf /files/etc/hosts/01 /etc/hosts error: No match for path expression Source node /files/etc/hosts/01 does not exist augtool> store Host_Conf /tmp/augeas-sandbox/etc/hosts/01 /etc/hosts error: No match for path expression Source node /tmp/augeas-sandbox/etc/hosts/01 does not exist augtool> print /files/etc/hosts /files/etc/hosts /files/etc/hosts/#comment = "generated by drakhosts" /files/etc/hosts/1 /files/etc/hosts/1/ipaddr = "127.0.0.1" /files/etc/hosts/1/canonical = "localhost" /files/etc/hosts/2 ......................... /files/etc/hosts/21 /files/etc/hosts/21/ipaddr = "208.67.222.222" /files/etc/hosts/21/canonical = "resolver1.opendns.com" /files/etc/hosts/21/alias = "dns1" augtool> store Host_Conf /files/etc/hosts /etc/hosts error: No match for path expression Source node /files/etc/hosts has a NULL value augtool> ls /files/etc postfix/ = (none) ......................... nsswitch.conf/ = (none) hosts/ = (none) X11/ = (none) ......................... augtool> store Host_Conf /files/etc/hosts/21 /etc/hosts error: No match for path expression Source node /files/etc/hosts/21 has a NULL value augtool> quit $ Having to give up on this one - been at it for hours. Almost no progress.
CC: (none) => tarazed25
It occurs to me that even if there is a good reason to use augtool for editing there is no point at all in using augtool for replacing the target file. Just make your own backup copy and $ sudo cp $AUGEAS_ROOT/etc/hosts.augsave /etc/hosts Anyway, I am done with it.
In VirtualBox, M5.1, KDE, 64-bit Package(s) under test: augeas augeas-lenses lib64augeas0 & lib64fa1 default install of augeas augeas-lenses lib64augeas0 lib64fa1 [root@localhost wilcal]# urpmi augeas Package augeas-1.2.0-3.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi augeas-lenses Package augeas-lenses-1.2.0-3.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi lib64augeas0 Package lib64augeas0-1.2.0-3.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi lib64fa1 Package lib64fa1-1.2.0-3.mga5.x86_64 is already installed All packages installed without issue. install augeas augeas-lenses lib64augeas0 & lib64fa1 from updates_testing [root@localhost wilcal]# urpmi augeas Package augeas-1.2.0-3.1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi augeas-lenses Package augeas-lenses-1.2.0-3.1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi lib64augeas0 Package lib64augeas0-1.2.0-3.1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi lib64fa1 Package lib64fa1-1.2.0-3.1.mga5.x86_64 is already installed All packages installed without issue.
CC: (none) => wilcal.int
Whiteboard: MGA5TOO MGA5-32-OK advisory => MGA5TOO MGA5-32-OK MGA5-64-OK advisory
In VirtualBox, M6, MATE, 32-bit Package(s) under test: augeas augeas-lenses libaugeas0 & libfa1 default install of augeas augeas-lenses libaugeas0 libfa1 [root@localhost wilcal]# urpmi augeas Package augeas-1.8.0-1.mga6.i586 is already installed [root@localhost wilcal]# urpmi augeas-lenses Package augeas-lenses-1.8.0-1.mga6.i586 is already installed [root@localhost wilcal]# urpmi libaugeas0 Package libaugeas0-1.8.0-1.mga6.i586 is already installed [root@localhost wilcal]# urpmi libfa1 Package libfa1-1.8.0-1.mga6.i586 is already installed All packages installed without issue. install augeas augeas-lenses libaugeas0 & libfa1 from updates_testing [root@localhost wilcal]# urpmi augeas Package augeas-1.8.0-1.1.mga6.i586 is already installed [root@localhost wilcal]# urpmi augeas-lenses Package augeas-lenses-1.8.0-1.1.mga6.i586 is already installed [root@localhost wilcal]# urpmi libaugeas0 Package libaugeas0-1.8.0-1.1.mga6.i586 is already installed [root@localhost wilcal]# urpmi libfa1 Package libfa1-1.8.0-1.1.mga6.i586 is already installed All packages installed without issue.
Whiteboard: MGA5TOO MGA5-32-OK MGA5-64-OK advisory => MGA5TOO MGA5-32-OK MGA5-64-OK MGA5-32-OK advisory
Whiteboard: MGA5TOO MGA5-32-OK MGA5-64-OK MGA5-32-OK advisory => MGA5TOO MGA5-32-OK MGA5-64-OK MGA6-32-OK advisory
In VirtualBox, M6, MATE, 64-bit Package(s) under test: augeas augeas-lenses lib64augeas0 & lib64fa1 default install of augeas augeas-lenses lib64augeas0 lib64fa1 [root@localhost wilcal]# urpmi augeas Package augeas-1.8.0-1.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi augeas-lenses Package augeas-lenses-1.8.0-1.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi lib64augeas0 Package lib64augeas0-1.8.0-1.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi lib64fa1 Package lib64fa1-1.8.0-1.mga6.x86_64 is already installed All packages installed without issue. install augeas augeas-lenses lib64augeas0 & lib64fa1 from updates_testing [root@localhost wilcal]# urpmi augeas Package augeas-1.8.0-1.1.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi augeas-lenses Package augeas-lenses-1.8.0-1.1.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi lib64augeas0 Package lib64augeas0-1.8.0-1.1.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi lib64fa1 Package lib64fa1-1.8.0-1.1.mga6.x86_64 is already installed All packages installed without issue.
Whiteboard: MGA5TOO MGA5-32-OK MGA5-64-OK MGA6-32-OK advisory => MGA5TOO MGA5-32-OK MGA5-64-OK MGA6-32-OK MGA6-64-OK advisory
This update works fine. Testing complete for MGA5 & MGA6, 32-bit & 64-bit Validating the update. Could someone from the sysadmin team push to updates. Thanks
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0306.html
Status: NEW => RESOLVEDResolution: (none) => FIXED