Bug 9952 - Update request: glibc-2.14.1-10.mga2
: Update request: glibc-2.14.1-10.mga2
Status: RESOLVED FIXED
Product: Mageia
Classification: Unclassified
Component: Security
: 2
: All Linux
: Normal Severity: normal
: ---
Assigned To: QA Team
: Sec team
:
: has_procedure mga2-32-ok mga2-64-ok
: validated_update
:
:
  Show dependency treegraph
 
Reported: 2013-05-02 22:59 CEST by Thomas Backlund
Modified: 2013-05-09 12:39 CEST (History)
2 users (show)

See Also:
Source RPM: glibc-2.14.1-10.mga2.src.rpm
CVE:


Attachments

Description Thomas Backlund 2013-05-02 22:59:14 CEST
Fixes:
- fix stack (frame) overflow in getaddrinfo() when processing entry mapping
  to long list of address structures (CVE-2013-1914)
- fix buffer overrun (DoS) in regexp matcher by processing multibyte
  characters (CVE-2013-0242)
- fix and re-enable P43: sha256-crypt and sha512-crypt support (#7793)


SRPMS:
glibc-2.14.1-10.mga2.src.rpm

i586:
glibc-2.14.1-10.mga2.i586.rpm
glibc-devel-2.14.1-10.mga2.i586.rpm
glibc-doc-2.14.1-10.mga2.noarch.rpm
glibc-doc-pdf-2.14.1-10.mga2.noarch.rpm
glibc-i18ndata-2.14.1-10.mga2.i586.rpm
glibc-profile-2.14.1-10.mga2.i586.rpm
glibc-static-devel-2.14.1-10.mga2.i586.rpm
glibc-utils-2.14.1-10.mga2.i586.rpm
nscd-2.14.1-10.mga2.i586.rpm

x86_64:
glibc-2.14.1-10.mga2.x86_64.rpm
glibc-devel-2.14.1-10.mga2.x86_64.rpm
glibc-doc-2.14.1-10.mga2.noarch.rpm
glibc-doc-pdf-2.14.1-10.mga2.noarch.rpm
glibc-i18ndata-2.14.1-10.mga2.x86_64.rpm
glibc-profile-2.14.1-10.mga2.x86_64.rpm
glibc-static-devel-2.14.1-10.mga2.x86_64.rpm
glibc-utils-2.14.1-10.mga2.x86_64.rpm
nscd-2.14.1-10.mga2.x86_64.rpm


Reproducible: 

Steps to Reproduce:
Comment 1 claire robinson 2013-05-03 16:17:16 CEST
Testing i586

Before
------
CVE-2013-1914
The PoC is IPv6 http://www.openwall.com/lists/oss-security/2013/04/03/2

This works IPv4:
# cp /etc/hosts /etc/hosts.bak
# for i in `seq 1 254`; do for n in `seq 1 254`; do echo "192.168.$i.$n a1" >>/etc/hosts; done; done
# ulimit -s 1024
# telnet a1
Segmentation fault
# cp /etc/hosts.bak /etc/hosts

CVE-2013-0242
PoC: http://sourceware.org/bugzilla/show_bug.cgi?id=15078#c0

$ echo ကျွန်ုပ်x | grep '[^x]x'
*** glibc detected *** grep: malloc(): memory corruption: 0x09aa27b8 ***
^C
$ echo ကျွန်ုပ် | sed 's/[^x]x//'
*** glibc detected *** sed: malloc(): memory corruption: 0x087d2388 ***
^C

Bug 7793 to add sha-256/512 support again
$ ruby -e 'puts "my-secret".crypt("$5$rounds=10000$sHpTPaXHPpFF8agG")'
*0
$ python -c 'from crypt import crypt; print(crypt("my-secret", "$5$rounds=10000$sHpTPaXHPpFF8agG"))'
*0
$ ruby -e 'puts "my-secret".crypt("$6$rounds=10000$sHpTPaXHPpFF8agG")'
*0
$ python -c 'from crypt import crypt; print(crypt("my-secret", "$6$rounds=10000$sHpTPaXHPpFF8agG"))'
*0

I'll test again after the reboot.
Comment 2 claire robinson 2013-05-03 17:03:20 CEST
Testing complete i586

After
-----
CVE-2013-1914
lots of 'No route to host' and segfault cured.

CVE-2013-0242
$ echo ကျွန်ုပ်x | grep '[^x]x'
ကျွန်ုပ်x
$ echo ကျွန်ုပ် | sed 's/[^x]x//'
ကျွန်ုပ်

Bug 7793
$ ruby -e 'puts "my-secret".crypt("$5$rounds=10000$sHpTPaXHPpFF8agG")'
$5$rounds=10000$sHpTPaXHPpFF8agG$IrVp.2mghjnCxFjXofJOCHDjzVywrvp8VXC.41wngvD

$ python -c 'from crypt import crypt; print(crypt("my-secret", "$5$rounds=10000$sHpTPaXHPpFF8agG"))'
$5$rounds=10000$sHpTPaXHPpFF8agG$IrVp.2mghjnCxFjXofJOCHDjzVywrvp8VXC.41wngvD

$ ruby -e 'puts "my-secret".crypt("$6$rounds=10000$sHpTPaXHPpFF8agG")'
$6$rounds=10000$sHpTPaXHPpFF8agG$7LCyF.mfj96JeySXYze1Ut8z.TZYOzg5HrCzJC7jYe69L.nM89eg2bp.WYkW8aed2xwuL/zeaOhqev2MA1GhI0

$ python -c 'from crypt import crypt; print(crypt("my-secret", "$6$rounds=10000$sHpTPaXHPpFF8agG"))'
$6$rounds=10000$sHpTPaXHPpFF8agG$7LCyF.mfj96JeySXYze1Ut8z.TZYOzg5HrCzJC7jYe69L.nM89eg2bp.WYkW8aed2xwuL/zeaOhqev2MA1GhI0
Comment 3 claire robinson 2013-05-07 15:02:14 CEST
Testing complete mga2 64

Validating

Could sysadmin please push from core/updates_testing to core/updates

Thanks!
Comment 4 David Walser 2013-05-07 19:28:57 CEST
Mandriva has issued an advisory for this today (May 7):
http://www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2013:163/
Comment 5 Thomas Backlund 2013-05-09 12:39:40 CEST
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0141

Note You need to log in before you can comment on or make changes to this bug.