+++ This bug was initially created as a clone of Bug #6858 +++ OpenSuSE has issued an advisory today (July 23): http://lists.opensuse.org/opensuse-updates/2012-07/msg00038.html Mageia 1 and Mageia 2 are also affected. The reproducer is very easy: test -e /dev/fd/111111111111111111111111111111111111 The patch to fix it is bash42-033 upstream. We have all of the patches through 028, so you might want to add the intervening patches as well. More info here: https://bugzilla.novell.com/show_bug.cgi?id=770795
Whiteboard: (none) => MGA1TOO
Patched packages uploaded for Mageia 1 and Mageia 2. Advisory: ======================== Bash has been updated to patchlevel 37 to fix several minor issues. One of these is a buffer overflow vulnerability related to using the test command with invalid filenames in the /dev/fd directory (CVE-2012-3410). Mageia is not vulnerable to a buffer overflow with this issue because of the compiler options that were used to build it, but it can still cause a crash. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3410 http://lists.opensuse.org/opensuse-updates/2012-07/msg00038.html ======================== Updated packages in core/updates_testing: ======================== bash-4.2-5.1.mga1 bash-doc-4.2-5.1.mga1 bash-4.2-5.1.mga2 bash-doc-4.2-5.1.mga2 from SRPMS: bash-4.2-5.1.mga1.src.rpm bash-4.2-5.1.mga2.src.rpm
Priority: Normal => LowAssignee: bugsquad => qa-bugsSeverity: normal => minor
Note to QA: When I built this locally and installed it, when I first tried it the reproducer still worked. I built it in a VM and rebooted it before trying it and the reproducer didn't work. So, if you install the update and the reproducer still works, try rebooting :o)
Testing on Mageia 2 64-bits. After installing bash-4.2-5.1.mga2, I closed the terminal. I opened a new one and I tried: test -e /dev/fd/111111111111111111111111111111111111 The crash had disappeared So, ok for me.
CC: (none) => olivier.delaune
(In reply to comment #3) > Testing on Mageia 2 64-bits. After installing bash-4.2-5.1.mga2, I closed the > terminal. I opened a new one and I tried: > test -e /dev/fd/111111111111111111111111111111111111 > The crash had disappeared > So, ok for me. Thanks, I've set the whiteboard comment based on your test.
Whiteboard: MGA1TOO => MGA1TOO mga2-64-OK
Testing complete on Mageia 1 i586. Before updating ... $ test -e /dev/fd/111111111111111111111111111111111111 *** buffer overflow detected ***: /bin/bash terminated After the update, $ test -e /dev/fd/111111111111111111111111111111111111 $ echo $? 1 I'll test Mageia 2 i586 shortly.
CC: (none) => davidwhodgins
Testing complete on Mageia 2 i586.
Whiteboard: MGA1TOO mga2-64-OK => MGA1TOO mga2-64-OK MGA1-32-OK MGA2-32-OK
Tested on Mga 1 64-bit. Before: crash message After: same as in comment 5 Presumably that's OK,so I've added it to the whiteboard. Carolyn
CC: (none) => isoldeWhiteboard: MGA1TOO mga2-64-OK MGA1-32-OK MGA2-32-OK => MGA1TOO mga2-64-OK MGA1-32-OK MGA2-32-OK MGA1-64-OK
That's great Carolyn, thankyou. This can be validated now, do you want to do it or shall I?
Update validated on Mga1 and Mga2 both archs. See comment 1 for advisory and SRPMs. Could sysadmin please push from core/updates_testing to core/updates. Thank you. Carolyn
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0184
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED