Bug 5139 - gnutls new security issue CVE-2012-1573
Summary: gnutls new security issue CVE-2012-1573
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 1
Hardware: i586 Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact:
URL:
Whiteboard:
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2012-03-27 22:03 CEST by David Walser
Modified: 2012-04-11 21:46 CEST (History)
3 users (show)

See Also:
Source RPM: gnutls-2.10.5-2.1.mga1.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2012-03-27 22:03:49 CEST 
Mandriva has issued this advisory today (March 27):
http://www.mandriva.com/en/support/security/advisories/?dis=2010.1&name=MDVSA-2012:040

Cauldron is not vulnerable (it has 3.0.17).
Comment 1 David Walser 2012-03-27 22:53:11 CEST 
Patched package uploaded.

Advisory:
========================

Updated gnutls packages fix security vulnerability:

gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before
3.0.15 does not properly handle data encrypted with a block cipher,
which allows remote attackers to cause a denial of service (heap
memory corruption and application crash) via a crafted record, as
demonstrated by a crafted GenericBlockCipher structure (CVE-2012-1573).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1573
http://www.mandriva.com/en/support/security/advisories/?dis=2010.1&name=MDVSA-2012:040
========================

Updated packages in core/updates_testing:
========================
gnutls-2.10.5-2.2.mga1
libgnutls26-2.10.5-2.2.mga1
libgnutls-devel-2.10.5-2.2.mga1

from gnutls-2.10.5-2.2.mga1.src.rpm

Assignee: bugsquad => qa-bugs

Comment 2 Dave Hodgins 2012-03-28 05:52:45 CEST 
I'm trying to test with test case 2 from
http://wiki.mandriva.com/en/Testing:Gnutls but I'm getting ...
gnutls-cli -p 143 localhost -s
Resolving 'localhost'...
Connecting to '127.0.0.1:143'...

- Simple Client Mode:

* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE STARTTLS AUTH=PLAIN] Dovecot ready.
STARTTLS
STARTTLS BAD Error in IMAP command received by server.

Suggestions?

CC: (none) => davidwhodgins

Comment 3 David Walser 2012-03-29 02:35:47 CEST 
Because you didn't put the dot first.  Don't worry, I did the same thing at first.

[david@marin ~]$ gnutls-cli -p 143 localhost -s
Resolving 'localhost'...
Connecting to '127.0.0.1:143'...

- Simple Client Mode:

* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE STARTTLS AUTH=PLAIN] Dovecot ready.
STARTTLS
STARTTLS BAD Error in IMAP command received by server.
. STARTTLS
. OK Begin TLS negotiation now.
Comment 4 Dave Hodgins 2012-03-29 03:13:01 CEST 
Lol. Thanks. Works much better with it. :-)

Testing complete on i586 for the srpm
gnutls-2.10.5-2.2.mga1.src.rpm
Comment 5 Dave Hodgins 2012-04-06 05:14:10 CEST 
Ping.  We still need x86-64 bit testing for this security update.
Comment 6 Manuel Hiebel 2012-04-11 02:10:37 CEST 
Testing complete using my mail provider.


Suggested Advisory:
-------------
Updated gnutls packages fix security vulnerability:

gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before
3.0.15 does not properly handle data encrypted with a block cipher,
which allows remote attackers to cause a denial of service (heap
memory corruption and application crash) via a crafted record, as
demonstrated by a crafted GenericBlockCipher structure (CVE-2012-1573).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1573
http://www.mandriva.com/en/support/security/advisories/?dis=2010.1&name=MDVSA-2012:040

https://bugs.mageia.org/show_bug.cgi?id=5139
-------------

SRPM: gnutls-2.10.5-2.2.mga1.src.rpm

Could sysadmin please push from core/updates_testing to core/updates

Thankyou!

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 7 Thomas Backlund 2012-04-11 21:46:22 CEST 
Update pushed

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.