RedHat has issued an advisory on June 20: https://rhn.redhat.com/errata/RHSA-2012-0810.html This was fixed upstream in 1.20.0. There is a link to the upstream bug report and commit to fix it here: https://bugzilla.redhat.com/show_bug.cgi?id=725364 Mageia 1 and Mageia 2 are also affected.
CC: (none) => shlomifWhiteboard: (none) => MGA2TOO, MGA1TOO
I have this all ready for Mageia 2 (built locally) and Mageia 1. It just will not build on Cauldron. Seems to be a problem with the kernel.
Assignee: bugsquad => tmb
Nope. its a uclibc issue
CC: (none) => tmbAssignee: tmb => shlomif
CC: (none) => thierry.vignaud
Thanks Thomas. Shlomi, could you help fix this?
(In reply to comment #3) > Thanks Thomas. > > Shlomi, could you help fix this? Well, there is a new uClibc package in svn+ssh://svn.mageia.org/svn/packages/cauldron/uClibc/current , and it installs fine, but I'm not sure if it is working properly. How can I test it? Regards, -- Shlomi Fish
Shlomi, upload it to Cauldron and then resubmit a build of busybox and see if it builds :o)
(In reply to comment #5) > Shlomi, upload it to Cauldron and then resubmit a build of busybox and see if > it builds :o) OK. Regards, -- Shlomi Fish
Notes to self for eventual advisory: Mageia 1 update also fixes CVE-2006-1168. Mageia 2 update also fixes build issues with kernel 3.3.
Fixed in Cauldron by rtp. Mageia 1 and Mageia 2 updates built by me. Assigning to QA. The advisory is slightly different for each, so it's separated. Advisory (Mageia 1): ======================== Updated busybox packages fix security vulnerabilities: A buffer underflow flaw was found in the way the uncompress utility of BusyBox expanded certain archive files compressed using Lempel-Ziv compression. If a user were tricked into expanding a specially-crafted archive file with uncompress, it could cause BusyBox to crash or, potentially, execute arbitrary code with the privileges of the user running BusyBox (CVE-2006-1168). The BusyBox DHCP client, udhcpc, did not sufficiently sanitize certain options provided in DHCP server replies, such as the client hostname. A malicious DHCP server could send such an option with a specially-crafted value to a DHCP client. If this option's value was saved on the client system, and then later insecurely evaluated by a process that assumes the option is trusted, it could lead to arbitrary code execution with the privileges of that process. Note: udhcpc is not used on Red Hat Enterprise Linux by default, and no DHCP client script is provided with the busybox packages (CVE-2011-2716). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1168 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2716 https://rhn.redhat.com/errata/RHSA-2012-0810.html ======================== Advisory (Mageia 2): ======================== Updated busybox packages fix security vulnerability: The BusyBox DHCP client, udhcpc, did not sufficiently sanitize certain options provided in DHCP server replies, such as the client hostname. A malicious DHCP server could send such an option with a specially-crafted value to a DHCP client. If this option's value was saved on the client system, and then later insecurely evaluated by a process that assumes the option is trusted, it could lead to arbitrary code execution with the privileges of that process. Note: udhcpc is not used on Red Hat Enterprise Linux by default, and no DHCP client script is provided with the busybox packages (CVE-2011-2716). Additionally, build issues with Linux kernel 3.3 have been fixed. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2716 https://rhn.redhat.com/errata/RHSA-2012-0810.html ======================== Updated packages in core/updates_testing: ======================== busybox-1.18.4-1.1.mga1 busybox-static-1.18.4-1.1.mga1 busybox-1.19.3-1.1.mga2 busybox-static-1.19.3-1.1.mga2 from SRPMS: busybox-1.18.4-1.1.mga1.src.rpm busybox-1.19.3-1.1.mga2.src.rpm
Version: Cauldron => 2Assignee: shlomif => qa-bugsWhiteboard: MGA2TOO, MGA1TOO => MGA1TOO
Testing complete mga2 x86_64 Tested busybox and busybox-static using simple commands prefixed with either busybox or busybox.static eg. $ busybox ps $ busybox ls $ busybox cat <file> $ busybox sleep 5 $ busybox.static ps $ busybox.static ls $ busybox.static cat <file $ busybox.static sleep 5
Hardware: i586 => AllWhiteboard: MGA1TOO => MGA1TOO mga2-64-OK
Testing complete mga1 x86_64
Whiteboard: MGA1TOO mga2-64-OK => MGA1TOO mga2-64-OK mga1-64-OK
Testing complete on Mageia 1 i586. I'll test Mageia 2 i586 shortly.
CC: (none) => davidwhodgins
Testing complete on Mageia 2 i586. Could someone from the sysadmin team push the srpm busybox-1.19.3-1.1.mga2.src.rpm from Mageia 2 Core Updates Testing to Core Updates and the srpm busybox-1.18.4-1.1.mga1.src.rpm from Mageia 1 Core Updates Testing to Core Updates. Advisory: Updated busybox packages fix security vulnerability: The BusyBox DHCP client, udhcpc, did not sufficiently sanitize certain options provided in DHCP server replies, such as the client hostname. A malicious DHCP server could send such an option with a specially-crafted value to a DHCP client. If this option's value was saved on the client system, and then later insecurely evaluated by a process that assumes the option is trusted, it could lead to arbitrary code execution with the privileges of that process. Note: udhcpc is not used on Red Hat Enterprise Linux by default, and no DHCP client script is provided with the busybox packages (CVE-2011-2716). Additionally, build issues with Linux kernel 3.3 have been fixed. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2716 https://rhn.redhat.com/errata/RHSA-2012-0810.html https://bugs.mageia.org/show_bug.cgi?id=6673
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsWhiteboard: MGA1TOO mga2-64-OK mga1-64-OK => MGA1TOO mga2-64-OK mga1-64-OK MGA1-32-OK MGA2-32-OK
Just to be clear, the advisories are slightly different for Mageia 1 and Mageia 2. You can find both in Comment 8.
Update pushed: Mageia 1: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0171 Mageia 2: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0172
Status: NEW => RESOLVEDResolution: (none) => FIXED