Bug 21302

Summary: catdoc new security issue CVE-2017-11110
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: marja11, sysadmin-bugs, tarazed25
Version: 6Keywords: validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: advisory MGA5TOO has_procedure mga6-64-ok MGA5-64-OK
Source RPM: catdoc-0.95-1.mga5.src.rpm CVE:
Status comment:

Description David Walser 2017-07-20 12:19:23 CEST 
openSUSE has issued an advisory on July 19:
https://lists.opensuse.org/opensuse-updates/2017-07/msg00076.html

Mageia 5 and Mageia 6 are also affected.
David Walser 2017-07-20 12:20:24 CEST

Whiteboard: (none) => MGA6TOO, MGA5TOO

Comment 1 Marja Van Waes 2017-07-21 20:51:16 CEST 
Assigning to the registered maintainer.

CC: (none) => marja11
Assignee: bugsquad => mageia

Comment 2 David Walser 2017-07-29 23:48:07 CEST 
Patched packages uploaded for Mageia 5, Mageia 6, and Cauldron.

Advisory:
========================

Updated catdoc package fixes security vulnerability:

Attackers may have used specially crafted files to cause a denial of service
through a heap-based buffer under-flow and application crash, or have
unspecified other impact (CVE-2017-11110).

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11110
https://lists.opensuse.org/opensuse-updates/2017-07/msg00076.html
========================

Updated packages in core/updates_testing:
========================
catdoc-0.95-1.1.mga5
catdoc-0.95-1.1.mga6

from SRPMS:
catdoc-0.95-1.1.mga5.src.rpm
catdoc-0.95-1.1.mga6.src.rpm

Whiteboard: MGA6TOO, MGA5TOO => MGA5TOO
Version: Cauldron => 6
Assignee: mageia => qa-bugs

Comment 3 claire robinson 2017-07-30 14:28:50 CEST 
Testing complete mga6 64

$ catdoc <some .doc file>
..
Text of the doc file
..

Whiteboard: MGA5TOO => MGA5TOO has_procedure mga6-64-ok

Comment 4 Len Lawrence 2017-08-02 23:59:16 CEST 
Adding this for completeness.
x86_64  Mate
Found a POC for CVE-2017-11110.
Before the update it triggered a stack dump and aborted.

Afterwards:
$ catdoc heap_overflow
sectorSize < 4 not supported
Broken OLE file. Try using -b switch.
Using the -b switch produces a load of indecipherable text.

CC: (none) => tarazed25

Comment 5 Len Lawrence 2017-08-03 00:33:06 CEST 
mga5   x86_64
PoC file for CVE-2017-11110 downloaded from https://bugzilla.redhat.com/show_bug.cgi?id=1468471
Before update:
$ catdoc heap_overflow
*** Error in `catdoc': munmap_chunk(): invalid pointer: 0x0000000001118110 ***
<...backtrace...>
Aborted

After updating:
$ catdoc heap_overflow
sectorSize < 4 not supported
Broken OLE file. Try using -b switch

$ catdoc whatever.doc
Output clear text.
Len Lawrence 2017-08-03 00:33:45 CEST

Whiteboard: MGA5TOO has_procedure mga6-64-ok => MGA5TOO has_procedure mga6-64-ok MGA5-64-OK

Rémi Verschelde 2017-08-03 09:45:08 CEST

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Rémi Verschelde 2017-08-03 18:55:10 CEST

Whiteboard: MGA5TOO has_procedure mga6-64-ok MGA5-64-OK => advisory MGA5TOO has_procedure mga6-64-ok MGA5-64-OK

Comment 6 Mageia Robot 2017-08-03 21:06:41 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2017-0240.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED