Fedora has issued an advisory on November 28: http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094628.html Mageia 2 may also be affected.
Whiteboard: (none) => MGA2TOO
Status: NEW => ASSIGNED
squashfs-tools-4.2-5.mga3 submitted to cauldron. squashfs-tools-4.2-3.mga2 submitted to mga2 core/updates_testing. Advisory: This update to squasfs-tools resolves the following security issues: remote arbitrary code execution via crafted list file (CVE-2012-4024) integer overflow in queue_init() may lead to abitrary code execution (CVE-2012-4025) RPM: squashfs-tools-4.2-3.mga2 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4024 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4025 http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094628.html https://bugs.mageia.org/show_bug.cgi?id=8448
CC: (none) => tmbVersion: Cauldron => 2Assignee: tmb => qa-bugsWhiteboard: MGA2TOO => (none)
Patches from mga2 package synced into Mageia 1 SVN.
Digging through the bickering on the SF thread there is a PoC for CVE-2012-4024 http://sourceforge.net/mailarchive/message.php?msg_id=29559731 I can't reproduce the segfault though $ mksquashfs test2 dir.test2 $ file dir.test2 dir.test2: Squashfs filesystem, little endian, version 4.0, 48560 bytes, 6 inodes, blocksize: 131072 bytes, created: Fri Jan 4 16:29:20 2013 $ unsquashfs dir.test2 -ef /$(perl -e 'print "A" x 2000')/ Parallel unsquashfs: Using 4 processors 0 inodes (0 blocks) to write created 0 files created 1 directories created 0 symlinks created 0 devices created 0 fifos CVE-2012-4025 seems more difficult to reproduce, needing a 'specially crafted' squashed filesystem. Just testing the new squashfs-tools can squash and unsquash OK to validate.
Testing complete mga2 64 $ ls test3/ media_info/ perl-Config-IniFiles-2.750.0-1.mga2.noarch.rpm $ mksquashfs test3 dir.test3 Parallel mksquashfs: Using 4 processors Creating 4.0 filesystem on dir.test3, block size 131072. [==================================================|] 4/4 100% Exportable Squashfs 4.0 filesystem, xz compressed, data block size 131072 compressed data, compressed metadata, compressed fragments, compressed xattrs duplicates are removed Filesystem size 47.42 Kbytes (0.05 Mbytes) 94.78% of uncompressed filesystem size (50.03 Kbytes) Inode table size 138 bytes (0.13 Kbytes) 71.13% of uncompressed inode table size (194 bytes) Directory table size 156 bytes (0.15 Kbytes) 100.00% of uncompressed directory table size (156 bytes) Number of duplicate files found 0 Number of inodes 6 Number of files 4 Number of fragments 1 Number of symbolic links 0 Number of device nodes 0 Number of fifo nodes 0 Number of socket nodes 0 Number of directories 2 Number of ids (unique uids + gids) 1 Number of uids 1 claire (500) Number of gids 1 claire (500) $ file dir.test3 dir.test3: Squashfs filesystem, little endian, version 4.0, 48560 bytes, 6 inodes, blocksize: 131072 bytes, created: Fri Jan 4 16:54:04 2013 $ unsquashfs dir.test3 Parallel unsquashfs: Using 4 processors 4 inodes (4 blocks) to write [=====================================================|] 4/4 100% created 4 files created 2 directories created 0 symlinks created 0 devices created 0 fifos $ ls squashfs-root/ media_info/ perl-Config-IniFiles-2.750.0-1.mga2.noarch.rpm
Hardware: i586 => AllWhiteboard: (none) => has_procedure mga2-64-OK
Testing complete mga2 32 Validating Advisory & SRPM in comment 1 Could sysadmin please push from core/updates_testing to core/updates Thanks!
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsWhiteboard: has_procedure mga2-64-OK => has_procedure mga2-64-OK mga2-32-OK
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0001
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED