Fixes: - fix stack (frame) overflow in getaddrinfo() when processing entry mapping to long list of address structures (CVE-2013-1914) - fix buffer overrun (DoS) in regexp matcher by processing multibyte characters (CVE-2013-0242) - fix and re-enable P43: sha256-crypt and sha512-crypt support (#7793) SRPMS: glibc-2.14.1-10.mga2.src.rpm i586: glibc-2.14.1-10.mga2.i586.rpm glibc-devel-2.14.1-10.mga2.i586.rpm glibc-doc-2.14.1-10.mga2.noarch.rpm glibc-doc-pdf-2.14.1-10.mga2.noarch.rpm glibc-i18ndata-2.14.1-10.mga2.i586.rpm glibc-profile-2.14.1-10.mga2.i586.rpm glibc-static-devel-2.14.1-10.mga2.i586.rpm glibc-utils-2.14.1-10.mga2.i586.rpm nscd-2.14.1-10.mga2.i586.rpm x86_64: glibc-2.14.1-10.mga2.x86_64.rpm glibc-devel-2.14.1-10.mga2.x86_64.rpm glibc-doc-2.14.1-10.mga2.noarch.rpm glibc-doc-pdf-2.14.1-10.mga2.noarch.rpm glibc-i18ndata-2.14.1-10.mga2.x86_64.rpm glibc-profile-2.14.1-10.mga2.x86_64.rpm glibc-static-devel-2.14.1-10.mga2.x86_64.rpm glibc-utils-2.14.1-10.mga2.x86_64.rpm nscd-2.14.1-10.mga2.x86_64.rpm Reproducible: Steps to Reproduce:
Testing i586 Before ------ CVE-2013-1914 The PoC is IPv6 http://www.openwall.com/lists/oss-security/2013/04/03/2 This works IPv4: # cp /etc/hosts /etc/hosts.bak # for i in `seq 1 254`; do for n in `seq 1 254`; do echo "192.168.$i.$n a1" >>/etc/hosts; done; done # ulimit -s 1024 # telnet a1 Segmentation fault # cp /etc/hosts.bak /etc/hosts CVE-2013-0242 PoC: http://sourceware.org/bugzilla/show_bug.cgi?id=15078#c0 $ echo áá»á½ááºá¯ááºx | grep '[^x]x' *** glibc detected *** grep: malloc(): memory corruption: 0x09aa27b8 *** ^C $ echo áá»á½ááºá¯áẠ| sed 's/[^x]x//' *** glibc detected *** sed: malloc(): memory corruption: 0x087d2388 *** ^C Bug 7793 to add sha-256/512 support again $ ruby -e 'puts "my-secret".crypt("$5$rounds=10000$sHpTPaXHPpFF8agG")' *0 $ python -c 'from crypt import crypt; print(crypt("my-secret", "$5$rounds=10000$sHpTPaXHPpFF8agG"))' *0 $ ruby -e 'puts "my-secret".crypt("$6$rounds=10000$sHpTPaXHPpFF8agG")' *0 $ python -c 'from crypt import crypt; print(crypt("my-secret", "$6$rounds=10000$sHpTPaXHPpFF8agG"))' *0 I'll test again after the reboot.
Testing complete i586 After ----- CVE-2013-1914 lots of 'No route to host' and segfault cured. CVE-2013-0242 $ echo áá»á½ááºá¯ááºx | grep '[^x]x' áá»á½ááºá¯ááºx $ echo áá»á½ááºá¯áẠ| sed 's/[^x]x//' áá»á½ááºá¯áẠBug 7793 $ ruby -e 'puts "my-secret".crypt("$5$rounds=10000$sHpTPaXHPpFF8agG")' $5$rounds=10000$sHpTPaXHPpFF8agG$IrVp.2mghjnCxFjXofJOCHDjzVywrvp8VXC.41wngvD $ python -c 'from crypt import crypt; print(crypt("my-secret", "$5$rounds=10000$sHpTPaXHPpFF8agG"))' $5$rounds=10000$sHpTPaXHPpFF8agG$IrVp.2mghjnCxFjXofJOCHDjzVywrvp8VXC.41wngvD $ ruby -e 'puts "my-secret".crypt("$6$rounds=10000$sHpTPaXHPpFF8agG")' $6$rounds=10000$sHpTPaXHPpFF8agG$7LCyF.mfj96JeySXYze1Ut8z.TZYOzg5HrCzJC7jYe69L.nM89eg2bp.WYkW8aed2xwuL/zeaOhqev2MA1GhI0 $ python -c 'from crypt import crypt; print(crypt("my-secret", "$6$rounds=10000$sHpTPaXHPpFF8agG"))' $6$rounds=10000$sHpTPaXHPpFF8agG$7LCyF.mfj96JeySXYze1Ut8z.TZYOzg5HrCzJC7jYe69L.nM89eg2bp.WYkW8aed2xwuL/zeaOhqev2MA1GhI0
Whiteboard: (none) => has_procedure mga2-32-ok
Testing complete mga2 64 Validating Could sysadmin please push from core/updates_testing to core/updates Thanks!
Keywords: (none) => validated_updateWhiteboard: has_procedure mga2-32-ok => has_procedure mga2-32-ok mga2-64-okCC: (none) => sysadmin-bugs
Mandriva has issued an advisory for this today (May 7): http://www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2013:163/
CC: (none) => luigiwalser
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0141
Status: NEW => RESOLVEDResolution: (none) => FIXED