Bug 22856 - acpica-tools new security issues CVE-2017-1369[3-5]
Summary: acpica-tools new security issues CVE-2017-1369[3-5]
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 6
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA6-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2018-03-31 22:48 CEST by David Walser
Modified: 2018-04-03 20:49 CEST (History)
4 users (show)

See Also:
Source RPM: acpica-tools-20171110-1.mga7.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2018-03-31 22:48:27 CEST 
Fedora has issued an advisory on March 30:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2GWIW33ZLQWFLVRBTPEOEXQZSADQTHSY/

The issues are fixed upstream in 20180209.

Mageia 5 and Mageia 6 are also affected.
David Walser 2018-03-31 22:48:38 CEST

Whiteboard: (none) => MGA6TOO

Comment 1 Marja Van Waes 2018-03-31 22:56:15 CEST 
Assigning to the registered maintainer.

CC: (none) => marja11
Assignee: bugsquad => shlomif

Shlomi Fish 2018-04-01 10:28:28 CEST

Source RPM: apcica-tools-20171110-1.mga7.src.rpm => acpica-tools-20171110-1.mga7.src.rpm

Comment 2 David Walser 2018-04-01 17:04:33 CEST 
acpica-tools-20180313-1.mga7 uploaded for Cauldron by Shlomi.

Version: Cauldron => 6
Whiteboard: MGA6TOO => (none)

Comment 3 David Walser 2018-04-01 19:05:14 CEST 
Updated package uploaded for Mageia 6 by Shlomi.

Advisory:
========================

Updated acpica-tools package fixes security vulnerabilities:

acpi operand cache leak in dsutils.c (CVE-2017-13693).

acpi parse and parseext cache leaks (CVE-2017-13694).

acpi operand cache leak in nseval.c (CVE-2017-13695).

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13693
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13694
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13695
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2GWIW33ZLQWFLVRBTPEOEXQZSADQTHSY/
========================

Updated packages in core/updates_testing:
========================
acpica-tools-20180313-1.mga6

from acpica-tools-20180313-1.mga6.src.rpm

Assignee: shlomif => qa-bugs
Severity: normal => major
CC: (none) => shlomif

Comment 4 Len Lawrence 2018-04-02 19:12:24 CEST 
Mageia6, x86_64

The CVE links do not lead to anything we can use for testing but reference documents are available from https://www.acpica.org/.  The main reference is a PDF comprising 313 pages; not something to be taken lightly and in any case the ACPI stuff is very low level.

The package updated cleanly.

# urpmq -i acpica-tools
Name        : acpica-tools                                                     
Version     : 20160930
Release     : 1.mga6
Group       : Development/Kernel
Size        : 2914623                      Architecture: x86_64
Source RPM  : acpica-tools-20160930-1.mga6.src.rpm
URL         : http://www.acpica.org
Summary     : ACPICA tools for the development and debug of ACPI tables
Description :
IASL compiles ASL (ACPI Source Language) into AML (ACPI Machine
Language). This AML is suitable for inclusion as a DSDT in system
firmware. It also can disassemble AML, for debugging purposes.

This summary of the tools comes from Fedora:
-- iasl: compiles ASL (ACPI Source Language) into AML (ACPI Machine Language), suitable for inclusion as a DSDT in system firmware. It also can disassemble AML, for debugging purposes.
-- acpibin: performs basic operations on binary AML files (e.g., comparison, data extraction)
-- acpidump: write out the current contents of ACPI tables
-- acpiexec: simulate AML execution in order to debug method definitions
-- acpihelp: display help messages describing ASL keywords and op-codes
-- acpinames: display complete ACPI name space from input AML
-- acpisrc: manipulate the ACPICA source tree and format source files for specific environments
-- acpixtract: extract binary ACPI tables from acpidump output (see also the pmtools package)

$ locate acpi | grep bin
demonstrated that the tools were all in place after the update.
$ locate acpica | grep share
/usr/share/doc/acpica-tools
/usr/share/doc/acpica-tools/changes.txt
/usr/share/doc/kernel-doc/acpi/linuxized-acpica.txt

The man pages need to be accessed directly rather than via 'man 8 acpi*'.
e.g. $ man /usr/src/kernel-4.14.25-1.mga6/tools/power/acpi/man/acpidump.8

Tried two of the commands which were likely to be harmless:
$ sudo acpidump | less
SSDT @ 0x0000000000000000
  0000: 53 53 44 54 AC 05 00 00 02 A1 49 6E 74 65 6C 5F  SSDT......Intel_
  0010: 49 73 63 74 54 61 62 6C 00 10 00 00 49 4E 54 4C  IsctTabl....INTL
  0020: 11 07 12 20 10 47 58 5C 5F 53 42 5F 5B 82 4E 57  ... .GX\_SB_[.NW
  0030: 49 41 4F 45 5B 80 49 53 43 54 00 0C 98 1E 67 DE  IAOE[.ISCT....g.
  0040: 0B 0D 00 5B 81 29 49 53 43 54 10 57 4B 52 53 08  ...[.)ISCT.WKRS.
and lots more like that.

$ acpihelp -i

Intel ACPI Component Architecture
ACPI Help Utility version 20180313
Copyright (c) 2000 - 2018 Intel Corporation

ACPI and PNP Device/Hardware IDs:

10EC5640   Realtek I2S Audio Codec
80860F09   Intel PWM Controller
80860F0A   Intel Atom UART Controller
etc, etc.

There is not much else we can do with this.  It looks OK on the face of it.

CC: (none) => tarazed25
Whiteboard: (none) => MGA6-64-OK

Lewis Smith 2018-04-03 11:41:43 CEST

Keywords: (none) => advisory, validated_update
CC: (none) => sysadmin-bugs

Comment 5 Mageia Robot 2018-04-03 20:49:14 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0192.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED
Note You need to log in before you can comment on or make changes to this bug.