| Summary: | libmspack new security issues CVE-2017-6419 and CVE-2017-11423 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | mageia, sysadmin-bugs, tarazed25 |
| Version: | 6 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | advisory MGA5TOO MGA5-64-OK MGA6-64-OK | ||
| Source RPM: | libmspack-0.5-0.2.alpha.mga6.src.rpm | CVE: | CVE-2017-6419 CVE-2017-11423 |
| Status comment: | |||
| Bug Depends on: | |||
| Bug Blocks: | 21555 | ||
|
Description
David Walser
2017-08-17 22:51:38 CEST
David Walser
2017-08-17 22:51:47 CEST
Whiteboard:
(none) =>
MGA6TOO, MGA5TOO pushed in updates_testing
src.rpm:
libmspack-0.5-0.1.alpha.1.mga5
libmspack-0.5-0.2.alpha.1.mga6CVE:
(none) =>
CVE-2017-6419 CVE-2017-11423
Nicolas Lécureuil
2017-08-18 00:08:48 CEST
Whiteboard:
MGA6TOO, MGA5TOO =>
MGA5TOO Advisory: ======================== Updated libmspack packages fix security vulnerabilities: It was discovered that libmspack incorrectly handled certain malformed CHM files. A remote attacker could use this issue to cause libmspack to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2017-6419). It was discovered that libmspack incorrectly handled certain malformed CAB files. A remote attacker could use this issue to cause libmspack to crash, resulting in a denial of service (CVE-2017-11423). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6419 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11423 https://usn.ubuntu.com/usn/usn-3394-1/ ======================== Updated packages in core/updates_testing: ======================== libmspack0-0.5-0.1.alpha.1.mga5 libmspack-devel-0.5-0.1.alpha.1.mga5 libmspack0-0.5-0.2.alpha.1.mga6 libmspack-devel-0.5-0.2.alpha.1.mga6 from SRPMS: libmspack-0.5-0.1.alpha.1.mga5.src.rpm libmspack-0.5-0.2.alpha.1.mga6.src.rpm Blocks:
(none) =>
21555 mga5 x86_64 CAB files are not readily available so use lcab to create one. Could not find anything which would help to test the CVEs. Installed lcab and cabextract and created a small cabinet file. $ lcab -r work work.cab lcab v1.0b11 (2003) by Rien (rien@geekshop.be) nopath : no recursive : yes quiet : no inputfiles : work/report work/sample outputfile : work.cab cabfile : 3130 bytes (approx. 3.06 Kbytes) cfileInit: work\report localtime: cfileInit: work\sample localtime: tmp,header,folder,.. done $ ls -l work.cab -rw-r--r-- 1 lcl lcl 1673 Aug 18 10:05 work.cab $ mkdir ditto Integrity check: $ cabextract -t work.cab Testing cabinet: work.cab work/report OK 2b4378746648cb6fbef23d2bf1a73ef5 work/sample OK 6a7d342aae4f9cebb5b94e9a9576e85d Extract contents to named directory: $ cabextract -d ditto work.cab Extracting cabinet: work.cab extracting ditto/work/report extracting ditto/work/sample All done, no errors. $ tree ditto ditto └── work ├── report └── sample Check to show that the library is being accessed: $ strace cabextract work.cab 2> trace $ cat trace | grep mspack open("/lib64/libmspack.so.0", O_RDONLY|O_CLOEXEC) = 3 Installed the updates and ran similar tests on a larger set of files, leaving out the strace. There were no problems. CC:
(none) =>
tarazed25
Len Lawrence
2017-08-18 11:37:02 CEST
Whiteboard:
MGA5TOO =>
MGA5TOO MGA5-64-OK mga6 x86_64 Repeated the tests outlined in comment 3 using more files. Collected my whole bookshelf into a 766 MB file which passed the integrity check and expanded into a folder on another partition. Before updates: OK afterwards: OK
Len Lawrence
2017-08-18 11:59:15 CEST
Whiteboard:
MGA5TOO MGA5-64-OK =>
MGA5TOO MGA5-64-OK MGA6-64-OK Validating, advisory uploaded. Keywords:
(none) =>
validated_update An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0283.html Status:
NEW =>
RESOLVED |