Fedora has issued an advisory on May 27: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/5BBWUKF5U44F6HF2DUOJ3YDSML67Q4TT/
Already fixed in Cauldron. Does not affect mga6 as the avx512 functions landed in 2.23 and we are at 2.22
Status: NEW => RESOLVEDResolution: (none) => INVALID
Thanks. What about CVE-2017-18269 and CVE-2018-11236? http://lists.suse.com/pipermail/sle-security-updates/2018-June/004156.html
(In reply to David Walser from comment #2) > Thanks. What about CVE-2017-18269 and CVE-2018-11236? > http://lists.suse.com/pipermail/sle-security-updates/2018-June/004156.html Both fixed in Cauldron, but still valid for Mga6, so reopening...
Resolution: INVALID => (none)Status: RESOLVED => REOPENED
CC: (none) => marja11Summary: glibc new security issue CVE-2018-11237 => glibc new security issue CVE-2017-18269 and CVE-2018-11236
openSUSE has issued an advisory for this today (June 8): https://lists.opensuse.org/opensuse-security-announce/2018-06/msg00010.html
CVE-2017-18269 and CVE-2018-11236 fixed in: SRPMS: glibc-2.22-29.mga6.src.rpm i586: glibc-2.22-29.mga6.i586.rpm glibc-devel-2.22-29.mga6.i586.rpm glibc-doc-2.22-29.mga6.noarch.rpm glibc-i18ndata-2.22-29.mga6.i586.rpm glibc-profile-2.22-29.mga6.i586.rpm glibc-static-devel-2.22-29.mga6.i586.rpm glibc-utils-2.22-29.mga6.i586.rpm nscd-2.22-29.mga6.i586.rpm x86_64: glibc-2.22-29.mga6.x86_64.rpm glibc-devel-2.22-29.mga6.x86_64.rpm glibc-doc-2.22-29.mga6.noarch.rpm glibc-i18ndata-2.22-29.mga6.x86_64.rpm glibc-profile-2.22-29.mga6.x86_64.rpm glibc-static-devel-2.22-29.mga6.x86_64.rpm glibc-utils-2.22-29.mga6.x86_64.rpm nscd-2.22-29.mga6.x86_64.rpm
Assignee: tmb => qa-bugs
Mageia 6, x86_64 The upstream links seem to indicate that one of the vulnerabilities affects 32-bit systems only. No definite PoCs for the other two issues but there is a test program for one of them which upstream testers found rarely demonstrated the fault. Updated all the packages and rebooted. Compiled the memorex.c program from the man page for memusage. $ ./memorex malloc: 400 realloc: 440 [....] realloc: 240 realloc: 440 I do not remember where this snippet came from but compiled it anyway. -------------------------------- // test-posix-memalign.c // gcc -o test-posix-memalign test-posix-memalign.c #include <stdlib.h> #include <stdint.h> int main( int argc, char **argv ) { void *p; return posix_memalign( &p, 0x10, SIZE_MAX - 0x20 ); } -------------------------------- $ mtrace ./test-posix-memalign No memory leaks. Tried a local build. Celestia sources already installed in a local directory. $ cd celestia $ ls BUILD/ BUILDROOT/ RPMS/ SOURCES/ SPECS/ SRPMS/ $ bm -l Successful rebuild of celestia packages with a lot of references to glibc. $ ll RPMS/x86_64 total 37924 -rw-r--r-- 1 lcl lcl 34121386 Jun 18 08:59 celestia-1.6.1-18.mga6.x86_64.rpm -rw-r--r-- 1 lcl lcl 4707726 Jun 18 08:59 celestia-debuginfo-1.6.1-18.mga6.x86_64.rpm Name Service Caching Demon: $ sudo nscd -g produced an extensive summary of the nscd configuration and several cache tables. It all looks fine. This is one of those packages which should definitely be tested on 32-bit architectures particularly as one of the vulnerabilities manifests itself in operations which cross the 32-bit word-size boundary, such as block moves greater in size than a 31-bit number. More tests for 64-bits would be good also.
CC: (none) => tarazed25
On real hardware, HP 6550b, 8GB, Intel graphics, Intel wifi. 64-bit Plasma system, using the desktop kernel. No specific tests done here. Installed the presented updates, then rebooted. Used it for a short time, with no regressions noted. Then I updated to the 4.14.50-1 desktop kernel, and rebooted once more. After more use, again, no regressions noted. Using it to make this report.
CC: (none) => andrewsfarm
on mga6-32 4.14.44-server xfce updates installed: - glibc-2.22-29.mga6.i586 - glibc-devel-2.22-29.mga6.i586 no regressions noted seems to be OK for mga6-32 on this system: Machine: Device: desktop Mobo: ECS model: GeForce7050M-M v: 1.0 CPU: Quad core AMD Phenom 9500 (-MCP-) Graphics: Card: NVIDIA GK208B [GeForce GT 710] Display Server: Mageia X.org 119.5 drivers: nvidia,v4l GLX Renderer: GeForce GT 710/PCIe/SSE2/3DNOW! GLX Version: 4.6.0 NVIDIA 390.59
CC: (none) => jim
Installed and tested without issues. Tested through two boot cycles and many applications used. No regressions noticed. System: Mageia 6, x86_64, Plasma DE, LXQt DE, Intel CPU, nVidia GPU using nvidia340 proprietary driver. $ uname -a Linux marte 4.14.44-desktop-2.mga6 #1 SMP Mon May 28 22:35:45 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ rpm -qa | grep glibc | sort glibc-2.22-29.mga6 glibc-devel-2.22-29.mga6
CC: (none) => mageia
on mga6-64 4.14.44-desktop plasma packages installed cleanly: - glibc-2.22-29.mga6.x86_64 - glibc-devel-2.22-29.mga6.x86_64 - nscd-2.22-29.mga6.x86_64 no regressions noted looks OK for mga6-64 on this system: Machine: Device: desktop System: Dell product: Precision Tower 3620 CPU: Quad core Intel Core i7-6700 (-HT-MCP-) Graphics: Card: Intel HD Graphics 530
On real hardware, Athlon X2, 8GB, nvidia340 graphics, Atheros wifi, 64-bit Plasma install using the server kernel. Installed glibc and glibc-devel first, then went back and installed kernel-server 4.14.50-2, because it frequently happens that users will update in one session like this. All packages installed cleanly. Upon rebooting, tried several apps, no regressions noted.
Also OK in mga6-64 and mga6-32 vbox clients
on mga6-64 kernel-desktop xfce packages installed cleanly: - glibc-2.22-29.mga6.x86_64 - glibc-devel-2.22-29.mga6.x86_64 no regressions noted OK for mga6-64 on this system: Machine: Device: desktop Mobo: ECS model: GeForce7050M-M CPU: Quad core AMD Phenom 9500 (-MCP-) Graphics: Card: NVIDIA GK208B [GeForce GT 710]
Mga6-32 on Pentium M740. Lots of testing done in both archs, whiteboarding.
Whiteboard: (none) => MGA6-64-OK MGA6-32-OKCC: (none) => lists.jjorge
Blocks: (none) => 22711
Copious OKs. Validating. Needs advisory Thomas.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Advisory: ======================== Updated glibc packages fix security vulnerabilities: An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space, resulting in corrupt data being produced by the copy operation. This may disclose information to context-dependent attackers, or result in a denial of service, or, possibly, code execution (CVE-2017-18269). stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution (CVE-2018-11236). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18269 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11236 https://lists.opensuse.org/opensuse-security-announce/2018-06/msg00010.html
Thanks David. Advisoried.
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0293.html
Resolution: (none) => FIXEDStatus: REOPENED => RESOLVED