Fedora has issued an advisory on March 30: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2GWIW33ZLQWFLVRBTPEOEXQZSADQTHSY/ The issues are fixed upstream in 20180209. Mageia 5 and Mageia 6 are also affected.
Whiteboard: (none) => MGA6TOO
Assigning to the registered maintainer.
CC: (none) => marja11Assignee: bugsquad => shlomif
Source RPM: apcica-tools-20171110-1.mga7.src.rpm => acpica-tools-20171110-1.mga7.src.rpm
acpica-tools-20180313-1.mga7 uploaded for Cauldron by Shlomi.
Version: Cauldron => 6Whiteboard: MGA6TOO => (none)
Updated package uploaded for Mageia 6 by Shlomi. Advisory: ======================== Updated acpica-tools package fixes security vulnerabilities: acpi operand cache leak in dsutils.c (CVE-2017-13693). acpi parse and parseext cache leaks (CVE-2017-13694). acpi operand cache leak in nseval.c (CVE-2017-13695). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13693 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13694 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13695 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2GWIW33ZLQWFLVRBTPEOEXQZSADQTHSY/ ======================== Updated packages in core/updates_testing: ======================== acpica-tools-20180313-1.mga6 from acpica-tools-20180313-1.mga6.src.rpm
Assignee: shlomif => qa-bugsSeverity: normal => majorCC: (none) => shlomif
Mageia6, x86_64 The CVE links do not lead to anything we can use for testing but reference documents are available from https://www.acpica.org/. The main reference is a PDF comprising 313 pages; not something to be taken lightly and in any case the ACPI stuff is very low level. The package updated cleanly. # urpmq -i acpica-tools Name : acpica-tools Version : 20160930 Release : 1.mga6 Group : Development/Kernel Size : 2914623 Architecture: x86_64 Source RPM : acpica-tools-20160930-1.mga6.src.rpm URL : http://www.acpica.org Summary : ACPICA tools for the development and debug of ACPI tables Description : IASL compiles ASL (ACPI Source Language) into AML (ACPI Machine Language). This AML is suitable for inclusion as a DSDT in system firmware. It also can disassemble AML, for debugging purposes. This summary of the tools comes from Fedora: -- iasl: compiles ASL (ACPI Source Language) into AML (ACPI Machine Language), suitable for inclusion as a DSDT in system firmware. It also can disassemble AML, for debugging purposes. -- acpibin: performs basic operations on binary AML files (e.g., comparison, data extraction) -- acpidump: write out the current contents of ACPI tables -- acpiexec: simulate AML execution in order to debug method definitions -- acpihelp: display help messages describing ASL keywords and op-codes -- acpinames: display complete ACPI name space from input AML -- acpisrc: manipulate the ACPICA source tree and format source files for specific environments -- acpixtract: extract binary ACPI tables from acpidump output (see also the pmtools package) $ locate acpi | grep bin demonstrated that the tools were all in place after the update. $ locate acpica | grep share /usr/share/doc/acpica-tools /usr/share/doc/acpica-tools/changes.txt /usr/share/doc/kernel-doc/acpi/linuxized-acpica.txt The man pages need to be accessed directly rather than via 'man 8 acpi*'. e.g. $ man /usr/src/kernel-4.14.25-1.mga6/tools/power/acpi/man/acpidump.8 Tried two of the commands which were likely to be harmless: $ sudo acpidump | less SSDT @ 0x0000000000000000 0000: 53 53 44 54 AC 05 00 00 02 A1 49 6E 74 65 6C 5F SSDT......Intel_ 0010: 49 73 63 74 54 61 62 6C 00 10 00 00 49 4E 54 4C IsctTabl....INTL 0020: 11 07 12 20 10 47 58 5C 5F 53 42 5F 5B 82 4E 57 ... .GX\_SB_[.NW 0030: 49 41 4F 45 5B 80 49 53 43 54 00 0C 98 1E 67 DE IAOE[.ISCT....g. 0040: 0B 0D 00 5B 81 29 49 53 43 54 10 57 4B 52 53 08 ...[.)ISCT.WKRS. and lots more like that. $ acpihelp -i Intel ACPI Component Architecture ACPI Help Utility version 20180313 Copyright (c) 2000 - 2018 Intel Corporation ACPI and PNP Device/Hardware IDs: 10EC5640 Realtek I2S Audio Codec 80860F09 Intel PWM Controller 80860F0A Intel Atom UART Controller etc, etc. There is not much else we can do with this. It looks OK on the face of it.
CC: (none) => tarazed25Whiteboard: (none) => MGA6-64-OK
Keywords: (none) => advisory, validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0192.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED