| Summary: | mxml new security issues CVE-2018-2000[45] and CVE-2018-2059[23] | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | andrewsfarm, geiger.david68210, herman.viaene, marja11, mhrambo3501, sysadmin-bugs, tmb |
| Version: | 6 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA6-32-OK | ||
| Source RPM: | mxml-2.12-1.mga7.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2019-03-28 21:19:08 CET
David Walser
2019-03-28 21:19:13 CET
Whiteboard:
(none) =>
MGA6TOO
David Walser
2019-03-28 21:23:03 CET
Status comment:
(none) =>
Fixed upstream in 3.0 Assigning to all packagers collectively, since there is no registered maintainer for this package. Also CC'ing two committers. Assignee:
bugsquad =>
pkg-bugs Fixed both mga6 and cauldron! Advisory: ======================== Updated mxml packages fix security vulnerabilities: An issue has been found in Mini-XML (aka mxml) 2.12. It is a stack-based buffer overflow in mxml_write_node in mxml-file.c via vectors involving a double-precision floating point number and the '<order type="real">' substring, as demonstrated by testmxml (CVE-2018-20004). An issue has been found in Mini-XML (aka mxml) 2.12. It is a use-after-free in mxmlWalkNext in mxml-search.c, as demonstrated by mxmldoc (CVE-2018-20005). In Mini-XML (aka mxml) v2.12, there is a use-after-free in the mxmlAdd function of the mxml-node.c file. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted xml file, as demonstrated by mxmldoc (CVE-2018-20592). In Mini-XML (aka mxml) v2.12, there is stack-based buffer overflow in the scan_file function in mxmldoc.c (CVE-2018-20593). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20004 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20005 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20592 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20593 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/N53IJHDYR5HVQLKH4J6B27OEQLGKSGY5/ ======================== Updated packages in core/updates_testing: ======================== libmxml1-3.0-1.mga6 libmxml-devel-3.0-1.mga6 from mxml-3.0-1.mga6.src.rpm Version:
Cauldron =>
6 MGA6-32 MATE on IBM Thinkpad R50e
No installation issues.
# urpmq --whatrequires libmxml1
carla
carla-vst
dreamchess
libmxml-devel
libmxml1
ufoai
yoshimi
zynaddsubfx
Decided to try yoshimi, so
$ strace -o libmxml.txt yoshimi
Yoshimi 1.5.2 is starting
ConfigFile /home/tester6/.config/yoshimi/yoshimi.config not found, will use default settings
/usr/share/yoshimi/presets
/home/tester6/.config/yoshimi/presets
Cannot connect to server socket err = No such file or directory
and loads of these
but it opens and I can play on the virtual keyboard, and the trace shows
open("/lib/i686/libmxml.so.1", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/lib/sse2/libmxml.so.1", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/lib/libmxml.so.1", O_RDONLY|O_CLOEXEC) = 3
The last one is provided by the libmxml1 package.
OK for me.CC:
(none) =>
herman.viaene Thanks, Herman. Validating. Advisory in Comment 3. Keywords:
(none) =>
validated_update
Thomas Backlund
2019-05-12 09:16:48 CEST
Keywords:
(none) =>
advisory An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0159.html Resolution:
(none) =>
FIXED |