FEDORA-2018-7c2e0a998d created by ahs3 3 years ago for Fedora 27

Security fix for CVE-2017-13693, CVE-2017-13694, CVE-2017-13695.

This provides fixes for the user space ACPICA tools only. Any kernel updates are handled separately.

This update also includes the upgrade to the 20190209 version of the upstream source.

09 February 2018. Summary of changes for version 20180209:

1) ACPICA kernel-resident subsystem:

Completed the final integration of the recent changes to Package Object handling and the module-level AML code support. This allows forward references from individual package elements when the package object is declared from within module-level code blocks. Provides compatibility with other ACPI implementations.

The new architecture for the AML module-level code has been completed and is now the default for the ACPICA code. This new architecture executes the module-level code in-line as the ACPI table is loaded/parsed instead of the previous architecture which deferred this code until after the table was fully loaded. This solves some ASL code ordering issues and provides compatibility with other ACPI implementations. At this time, there is an option to fallback to the earlier architecture, but this support is deprecated and is planned to be completely removed later this year.

Added a compile-time option to ignore AE_NOT_FOUND exceptions during resolution of named reference elements within Package objects. Although this is potentially a serious problem, it can generate a lot of noise/errors on platforms whose firmware carries around a bunch of unused Package objects. To disable these errors, define ACPI_IGNORE_PACKAGE_RESOLUTION_ERRORS in the OS-specific header. All errors are always reported for ACPICA applications such as AcpiExec.

Fixed a regression related to the explicit type-conversion AML operators (ToXXXX). The regression was introduced early in 2017 but was not seen until recently because these operators are not fully supported by other ACPI implementations and are thus rarely used by firmware developers. The operators are defined by the ACPI specification to not implement the "implicit result object conversion". The regression incorrectly introduced this object conversion for the following explicit conversion operators:

  • ToInteger
  • ToString
  • ToBuffer
  • ToDecimalString
  • ToHexString
  • ToBCD
  • FromBCD

2) iASL Compiler/Disassembler and Tools:

iASL: Fixed a problem with the compiler constant folding feature as related to the ToXXXX explicit conversion operators. These operators do not support the "implicit result object conversion" by definition. Thus, ASL expressions that use these operators cannot be folded to a simple Store operator because Store implements the implicit conversion. This change uses the CopyObject operator for the ToXXXX operator folding instead. CopyObject is defined to not implement implicit result conversions and is thus appropriate for folding the ToXXXX operators.

iASL: Changed the severity of an error condition to a simple warning for the case where a symbol is declared both locally and as an external symbol. This accommodates existing ASL code.

AcpiExec: The -ep option to enable the new architecture for module-level code has been removed. It is replaced by the -dp option which instead has the opposite effect: it disables the new architecture (the default) and enables the legacy architecture. When the legacy code is removed in the future, the -dp option will be removed also.

How to install

sudo dnf upgrade --advisory=FEDORA-2018-7c2e0a998d

This update has been submitted for testing by ahs3.

3 years ago

This update has been pushed to testing.

3 years ago
User Icon mhayden commented & provided feedback 3 years ago

Works for me.

Hallo @ahs3, I am confused as to why this update is tagged as 'security'. The lines

"Security fix for CVE-2017-13693, CVE-2017-13694, CVE-2017-13695."

(all Kernel) and

"This provides fixes for the user space ACPICA tools only. Any kernel updates are handled separately."

do not seem to match. Does this mean that when using ACPICA Tools without the update, I am vulnerable to the CVEs You mention? The kernel seems to be fixed since FEDORA-2017-a3a8638a60, FEDORA-2017-6764d16965.


Howdy @lewassec.

Sorry for the confusion; the source code used for ACPICA is common to both acpica-tools and the kernel (see drivers/acpi/acpica). It is the same upstream, but very different packaging. You are correct that the kernel has been repaired in the notices listed; if you are using that kernel, you are not vulnerable. This version of acpica-tools just makes sure that the user space tools are consistent with what the kernel is doing functionally; since these tools do not run in kernel space, they cannot expose the same information that was the original concern in the CVEs. Unfortunately, I just re-used the recommended text in the bug report for #1485355 and it is indeed ambiguous.

Is that clearer?

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

3 years ago

This update has been submitted for batched by ahs3.

3 years ago

This update has been submitted for stable by ahs3.

3 years ago

This update has been pushed to stable.

3 years ago

Please login to add feedback.

Content Type
Test Gating
Unstable by Karma
Stable by Karma
Stable by Time
3 years ago
in testing
3 years ago
in stable
3 years ago
BZ#1485355 CVE-2017-13693 CVE-2017-13694 CVE-2017-13695 acpica-tools: various flaws [fedora-all]

Automated Test Results