Bug 6859 - bash new security issue CVE-2012-3410 [mga1 & 2]
: bash new security issue CVE-2012-3410 [mga1 & 2]
Status: RESOLVED FIXED
Product: Mageia
Classification: Unclassified
Component: Security
: 2
: All Linux
: Low Severity: minor
: ---
Assigned To: QA Team
:
: http://lwn.net/Vulnerabilities/507815/
: MGA1TOO mga2-64-OK MGA1-32-OK MGA2-32...
: validated_update
: 6858
:
  Show dependency treegraph
 
Reported: 2012-07-23 23:32 CEST by Olivier Blin
Modified: 2012-07-29 22:38 CEST (History)
7 users (show)

See Also:
Source RPM: bash-4.2-5.mga1.src.rpm
CVE:


Attachments

Description Olivier Blin 2012-07-23 23:32:22 CEST
+++ This bug was initially created as a clone of Bug #6858 +++

OpenSuSE has issued an advisory today (July 23):
http://lists.opensuse.org/opensuse-updates/2012-07/msg00038.html

Mageia 1 and Mageia 2 are also affected.

The reproducer is very easy:
test -e /dev/fd/111111111111111111111111111111111111

The patch to fix it is bash42-033 upstream.

We have all of the patches through 028, so you might want to add the intervening patches as well.

More info here:
https://bugzilla.novell.com/show_bug.cgi?id=770795
Comment 1 David Walser 2012-07-25 15:27:12 CEST
Patched packages uploaded for Mageia 1 and Mageia 2.

Advisory:
========================

Bash has been updated to patchlevel 37 to fix several minor issues.  One
of these is a buffer overflow vulnerability related to using the test
command with invalid filenames in the /dev/fd directory (CVE-2012-3410).
Mageia is not vulnerable to a buffer overflow with this issue because of
the compiler options that were used to build it, but it can still cause a
crash.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3410
http://lists.opensuse.org/opensuse-updates/2012-07/msg00038.html
========================

Updated packages in core/updates_testing:
========================
bash-4.2-5.1.mga1
bash-doc-4.2-5.1.mga1
bash-4.2-5.1.mga2
bash-doc-4.2-5.1.mga2

from SRPMS:
bash-4.2-5.1.mga1.src.rpm
bash-4.2-5.1.mga2.src.rpm
Comment 2 David Walser 2012-07-25 15:29:32 CEST
Note to QA: When I built this locally and installed it, when I first tried it the reproducer still worked.  I built it in a VM and rebooted it before trying it and the reproducer didn't work.  So, if you install the update and the reproducer still works, try rebooting :o)
Comment 3 Olivier Delaune 2012-07-25 17:52:17 CEST
Testing on Mageia 2 64-bits. After installing bash-4.2-5.1.mga2, I closed the terminal. I opened a new one and I tried:
test -e /dev/fd/111111111111111111111111111111111111
The crash had disappeared
So, ok for me.
Comment 4 David Walser 2012-07-25 17:58:59 CEST
(In reply to comment #3)
> Testing on Mageia 2 64-bits. After installing bash-4.2-5.1.mga2, I closed the
> terminal. I opened a new one and I tried:
> test -e /dev/fd/111111111111111111111111111111111111
> The crash had disappeared
> So, ok for me.

Thanks, I've set the whiteboard comment based on your test.
Comment 5 Dave Hodgins 2012-07-25 20:50:10 CEST
Testing complete on Mageia 1 i586.

Before updating ...
$ test -e /dev/fd/111111111111111111111111111111111111
*** buffer overflow detected ***: /bin/bash terminated

After the update,
$ test -e /dev/fd/111111111111111111111111111111111111
$ echo $?
1

I'll test Mageia 2 i586 shortly.
Comment 6 Dave Hodgins 2012-07-25 21:42:02 CEST
Testing complete on Mageia 2 i586.
Comment 7 Carolyn Rowse 2012-07-27 19:02:37 CEST
Tested on Mga 1 64-bit.

Before: crash message
After: same as in comment 5

Presumably that's OK,so I've added it to the whiteboard.

Carolyn
Comment 8 claire robinson 2012-07-27 19:23:43 CEST
That's great Carolyn, thankyou.

This can be validated now, do you want to do it or shall I?
Comment 9 Carolyn Rowse 2012-07-27 20:28:57 CEST
Update validated on Mga1 and Mga2 both archs.

See comment 1 for advisory and SRPMs.

Could sysadmin please push from core/updates_testing to core/updates.

Thank you.

Carolyn
Comment 10 Thomas Backlund 2012-07-29 22:38:33 CEST
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0184

Note You need to log in before you can comment on or make changes to this bug.