Bug 23825 - coreutils new security issue CVE-2018-17942
Summary: coreutils new security issue CVE-2018-17942
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 6
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA6-32-OK
Keywords: advisory, validated_update
Depends on:
Blocks: 22495
  Show dependency treegraph
 
Reported: 2018-11-08 19:25 CET by David Walser
Modified: 2019-01-08 22:51 CET (History)
5 users (show)

See Also:
Source RPM: coreutils-8.30-2.mga7.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2018-11-08 19:25:51 CET 
Fedora has issued an advisory on October 30:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4ZP6L5HXDOVKYTM5ELLYE64H75MT4LZR/

Mageia 6 is also affected.
David Walser 2018-11-08 19:26:04 CET

Whiteboard: (none) => MGA6TOO

Comment 1 Marja Van Waes 2018-11-08 23:07:35 CET 
Assigning to the Base System maintainers, CC'ing the registered maintainer.

Assignee: bugsquad => basesystem
CC: (none) => marja11, tmb

Comment 2 David Walser 2019-01-01 01:50:08 CET 
coreutils-8.30-3.mga7 uploaded for Cauldron to fix this.

Whiteboard: MGA6TOO => (none)
Version: Cauldron => 6

David Walser 2019-01-01 04:28:05 CET

Blocks: (none) => 22495

Comment 3 David Walser 2019-01-01 20:41:49 CET 
Advisory:
========================

Updated coreutils packages fix security vulnerabilities:

A flaw was found in GNU Coreutils through 8.29 in chown-core.c. The functions
chown and chgrp do not prevent replacement of a plain file with a symlink
during use of the POSIX "-R -L" options, which allows local users to modify the
ownership of arbitrary files by leveraging a race condition (CVE-2017-18018).

A flaw was found in Gnulib before 2018-09-23. The convert_to_decimal function
in vasnprintf.c has a heap-based buffer overflow because memory is not
allocated for a trailing '\0' character during %f processing (CVE-2018-17942).

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18018
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17942
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JK2ISMPYUEU3JS3L7AVXEHWCI56INCJJ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4ZP6L5HXDOVKYTM5ELLYE64H75MT4LZR/
https://bugs.mageia.org/show_bug.cgi?id=22495
https://bugs.mageia.org/show_bug.cgi?id=23825
========================

Updated packages in core/updates_testing:
========================
coreutils-8.25-3.1.mga6
coreutils-doc-8.25-3.1.mga6

from coreutils-8.25-3.1.mga6.src.rpm

Assignee: basesystem => qa-bugs

Comment 4 Herman Viaene 2019-01-07 15:46:58 CET 
MGA6-32 MATE on IBM Thinkpad R50e
No installation issues
Tested commands basename, cat, date, df, id, hostid, uname,users,whoami, mkdir, rmdir
All seem OK

Whiteboard: (none) => MGA6-32-OK
CC: (none) => herman.viaene

Lewis Smith 2019-01-07 19:03:07 CET

Keywords: (none) => advisory, validated_update
CC: (none) => lewyssmith, sysadmin-bugs

Comment 5 Mageia Robot 2019-01-08 22:51:40 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2019-0022.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED
Note You need to log in before you can comment on or make changes to this bug.