Already fixed in Cauldron.

Does not affect mga6 as the avx512 functions landed in 2.23 and we are at 2.22

Status: NEW => RESOLVED
Resolution: (none) => INVALID

Thanks.  What about CVE-2017-18269 and CVE-2018-11236?
http://lists.suse.com/pipermail/sle-security-updates/2018-June/004156.html

(In reply to David Walser from comment #2)
> Thanks.  What about CVE-2017-18269 and CVE-2018-11236?
> http://lists.suse.com/pipermail/sle-security-updates/2018-June/004156.html

Both fixed in Cauldron, but still valid for Mga6, so reopening...

Resolution: INVALID => (none)
Status: RESOLVED => REOPENED

openSUSE has issued an advisory for this today (June 8):
https://lists.opensuse.org/opensuse-security-announce/2018-06/msg00010.html

 CVE-2017-18269 and CVE-2018-11236 fixed in:

SRPMS:
glibc-2.22-29.mga6.src.rpm


i586:
glibc-2.22-29.mga6.i586.rpm
glibc-devel-2.22-29.mga6.i586.rpm
glibc-doc-2.22-29.mga6.noarch.rpm
glibc-i18ndata-2.22-29.mga6.i586.rpm
glibc-profile-2.22-29.mga6.i586.rpm
glibc-static-devel-2.22-29.mga6.i586.rpm
glibc-utils-2.22-29.mga6.i586.rpm
nscd-2.22-29.mga6.i586.rpm


x86_64:
glibc-2.22-29.mga6.x86_64.rpm
glibc-devel-2.22-29.mga6.x86_64.rpm
glibc-doc-2.22-29.mga6.noarch.rpm
glibc-i18ndata-2.22-29.mga6.x86_64.rpm
glibc-profile-2.22-29.mga6.x86_64.rpm
glibc-static-devel-2.22-29.mga6.x86_64.rpm
glibc-utils-2.22-29.mga6.x86_64.rpm
nscd-2.22-29.mga6.x86_64.rpm

Assignee: tmb => qa-bugs

Mageia 6, x86_64

The upstream links seem to indicate that one of the vulnerabilities affects 32-bit systems only.  No definite PoCs for the other two issues but there is a test program for one of them which upstream testers found rarely demonstrated the fault.

Updated all the packages and rebooted.

Compiled the memorex.c program from the man page for memusage.
$ ./memorex
malloc: 400
realloc: 440
[....]
realloc: 240
realloc: 440

I do not remember where this snippet came from but compiled it anyway.
--------------------------------
// test-posix-memalign.c
// gcc -o test-posix-memalign test-posix-memalign.c
#include <stdlib.h>
#include <stdint.h>

int main( int argc, char **argv )
{
	void *p;
 	return posix_memalign( &p, 0x10, SIZE_MAX - 0x20 );
}
--------------------------------
$ mtrace ./test-posix-memalign
No memory leaks.

Tried a local build.
Celestia sources already installed in a local directory.
$ cd celestia
$ ls
BUILD/  BUILDROOT/  RPMS/  SOURCES/  SPECS/  SRPMS/
$ bm -l
Successful rebuild of celestia packages with a lot of references to glibc.
$ ll RPMS/x86_64
total 37924
-rw-r--r-- 1 lcl lcl 34121386 Jun 18 08:59 celestia-1.6.1-18.mga6.x86_64.rpm
-rw-r--r-- 1 lcl lcl  4707726 Jun 18 08:59 celestia-debuginfo-1.6.1-18.mga6.x86_64.rpm

Name Service Caching Demon:
$ sudo nscd -g
produced  an extensive summary of the nscd configuration and  several cache tables.

It all looks fine.  This is one of those packages which should definitely be tested on 32-bit architectures particularly as one of the vulnerabilities manifests itself in operations which cross the 32-bit word-size boundary, such as block moves greater in size than a 31-bit number.  More tests for 64-bits would be good also.

CC: (none) => tarazed25

On real hardware, HP 6550b, 8GB, Intel graphics, Intel wifi. 64-bit Plasma system, using the desktop kernel.

No specific tests done here. Installed the presented updates, then rebooted. Used it for a short time, with no regressions noted. Then I updated to the 4.14.50-1 desktop kernel, and rebooted once more. After more use, again, no regressions noted. Using it to make this report.

CC: (none) => andrewsfarm

on mga6-32  4.14.44-server  xfce

updates installed:
- glibc-2.22-29.mga6.i586
- glibc-devel-2.22-29.mga6.i586

no regressions noted

seems to be OK for mga6-32 on this system:

Machine:   Device: desktop Mobo: ECS model: GeForce7050M-M v: 1.0
CPU:       Quad core AMD Phenom 9500 (-MCP-) 
Graphics:  Card: NVIDIA GK208B [GeForce GT 710]
           Display Server: Mageia X.org 119.5 drivers: nvidia,v4l
           GLX Renderer: GeForce GT 710/PCIe/SSE2/3DNOW!
           GLX Version: 4.6.0 NVIDIA 390.59

CC: (none) => jim

Installed and tested without issues.

Tested through two boot cycles and many applications used. No regressions noticed.

System: Mageia 6, x86_64, Plasma DE, LXQt DE, Intel CPU, nVidia GPU using nvidia340 proprietary driver.

$ uname -a
Linux marte 4.14.44-desktop-2.mga6 #1 SMP Mon May 28 22:35:45 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
$ rpm -qa | grep glibc | sort
glibc-2.22-29.mga6
glibc-devel-2.22-29.mga6

CC: (none) => mageia

on mga6-64  4.14.44-desktop  plasma

packages installed cleanly:
- glibc-2.22-29.mga6.x86_64
- glibc-devel-2.22-29.mga6.x86_64
- nscd-2.22-29.mga6.x86_64

no regressions noted

looks OK for mga6-64 on this system:
Machine:   Device: desktop System: Dell product: Precision Tower 3620
CPU:       Quad core Intel Core i7-6700 (-HT-MCP-)
Graphics:  Card: Intel HD Graphics 530

On real hardware, Athlon X2, 8GB, nvidia340 graphics, Atheros wifi, 64-bit Plasma install using the server kernel.

Installed glibc and glibc-devel first, then went back and installed kernel-server 4.14.50-2, because it frequently happens that users will update in one session like this.

All packages installed cleanly. Upon rebooting, tried several apps, no regressions noted.

Also OK in mga6-64 and mga6-32 vbox clients

on mga6-64  kernel-desktop  xfce

packages installed cleanly:
- glibc-2.22-29.mga6.x86_64
- glibc-devel-2.22-29.mga6.x86_64

no regressions noted

OK for mga6-64 on this system:

Machine:   Device: desktop Mobo: ECS model: GeForce7050M-M 
CPU:       Quad core AMD Phenom 9500 (-MCP-)
Graphics:  Card: NVIDIA GK208B [GeForce GT 710]

Mga6-32 on Pentium M740. Lots of testing done in both archs, whiteboarding.

Whiteboard: (none) => MGA6-64-OK MGA6-32-OK
CC: (none) => lists.jjorge

Copious OKs. Validating. Needs advisory Thomas.

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Advisory:
========================

Updated glibc packages fix security vulnerabilities:

An SSE2-optimized memmove implementation for i386 in
sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka
glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping
memory check if the source memory range spans the middle of the address space,
resulting in corrupt data being produced by the copy operation. This may
disclose information to context-dependent attackers, or result in a denial of
service, or, possibly, code execution (CVE-2017-18269).

stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and
earlier, when processing very long pathname arguments to the realpath function,
could encounter an integer overflow on 32-bit architectures, leading to a
stack-based buffer overflow and, potentially, arbitrary code execution
(CVE-2018-11236).

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18269
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11236
https://lists.opensuse.org/opensuse-security-announce/2018-06/msg00010.html

Thanks David. Advisoried.

Keywords: (none) => advisory

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0293.html

Resolution: (none) => FIXED
Status: REOPENED => RESOLVED