| Summary: | htmldoc new security issue CVE-2021-40985 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, davidwhodgins, hdetavernier, herman.viaene, mageia, nicolas.salguero, sysadmin-bugs, tarazed25 |
| Version: | 8 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA8-64-OK | ||
| Source RPM: | htmldoc-1.9.8-1.2.mga8.src.rpm | CVE: | CVE-2021-40985 |
| Status comment: | |||
|
Description
David Walser
2021-12-23 17:41:13 CET
David Walser
2021-12-23 17:41:34 CET
Whiteboard:
(none) =>
MGA8TOO This SRPM has had various packagers, of whom NicolasS has done several recent CVEs, so assigning to you. Assignee:
bugsquad =>
nicolas.salguero Nicolas patched it again: htmldoc-nogui-1.9.8-1.3.mga8 htmldoc-1.9.8-1.3.mga8 from htmldoc-1.9.8-1.3.mga8.src.rpm We really should at least update Cauldron to 1.9.12. Status comment:
Fixed upstream in 1.9.12 =>
(none) Suggested advisory: ======================== The updated packages fix a security vulnerability: Buffer overflow vulnerability in htmldoc before 1.9.12, allows attackers to cause a denial of service via a crafted BMP image to image_load_bmp. (CVE-2021-40985) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40985 https://lists.suse.com/pipermail/sle-security-updates/2021-December/009935.html ======================== Updated packages in core/updates_testing: ======================== htmldoc-nogui-1.9.8-1.3.mga8 htmldoc-1.9.8-1.3.mga8 from SRPM: htmldoc-1.9.8-1.3.mga8.src.rpm Status:
NEW =>
ASSIGNED
Nicolas Salguero
2021-12-24 14:33:51 CET
CVE:
(none) =>
CVE-2021-40985
Nicolas Salguero
2021-12-24 14:34:11 CET
Source RPM:
htmldoc-1.9.8-3.mga9.src.rpm =>
htmldoc-1.9.8-1.2.mga8.src.rpm Mageia 8 X64 Gnome Installed without any problem. I tried to generate a pdf file with GUI HTMLDOC but I've got always this error: Segmentation Error (core dumped) Maybe I don't use the good options. No problem with cli. I generate a pdf and a epub files from a complex html page. CC:
(none) =>
hdetavernier MGA8-64 Plasma on Lenovo B50 in Dutch No installation issues I can confirm the issue Hugues reported above with GUI: I launched the htmldoc from the CLI and I can define all settings in the different tabs of the interface, but as I click "Generate" the program s aborted and the Segmentation error is on the feedbackin the CLI. CC:
(none) =>
herman.viaene Hugues, Herman, did either of you try the htmldoc gui BEFORE installing the update? Installed htmldoc and dependency: The following 3 packages are going to be installed: - htmldoc-1.9.8-1.2.mga8.x86_64 - htmldoc-nogui-1.9.8-1.2.mga8.x86_64 - lib64fltk1.3-1.3.5-2.mga8.x86_64 After installation, I tried converting a simple html file into a pdf, but when I hit the "Generate" button I get the same segmentation error you guys are reporting with the update. Last update was in late June/early July, bug 29101 and bug 29161. Nobody reported anything like that at that time. Am I doing something wrong? Could someone try a new install of the current version and confirm what I'm seeing? CC:
(none) =>
andrewsfarm @TJ, referring to comment 6 Yes, before updating htmldoc segfaults with the same test. CC:
(none) =>
tarazed25 Continuing from comment 7: The updated version behaves in the same way - segfault -> gui vanishes. Sending it back to Nicolas because of the segfault when the "Generate" button is pressed in the gui. Since this problem exists in the current version and the proposed update for Mageia 8, I believe Cauldron should be examined, too. Assignee:
qa-bugs =>
nicolas.salguero Just tried the same test on htmldoc in Cauldron and it failed with a segfault on Generate. For the record:
Add a user HTML file
Select it
Open it
Check pdf
No compression
Generate
Back in mga8 repeated the test under strace.
$ tail htmldoc.trace
read(4, "d0 Macron\nf6d1 cyrBreve\nf6d2 cyr"..., 4096) = 2668
read(4, "", 4096) = 0
close(4) = 0
openat(AT_FDCWD, "/usr/share/htmldoc/data/iso-8859-1", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0444, st_size=2292, ...}) = 0
read(4, "0x20 0x0020\n0x21 0x0021\n0x22 0x0"..., 4096) = 2292
read(4, "", 4096) = 0
close(4) = 0
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x78} ---
+++ killed by SIGSEGV (core dumped) +++
if the segfault exists even before the patch maybe this should not block the update but in parallel we should open a new bugreport. CC:
(none) =>
mageia (In reply to Nicolas Lécureuil from comment #11) > if the segfault exists even before the patch maybe this should not block the > update but in parallel we should open a new bugreport. Giving this bug an OK then, and validating. Advisory in Comment 3. I suppose the new bug report should probably be opened against Cauldron, with an MGA8TOO in the whiteboard. I would do that, but I don't presently have a Cauldron install so I have not personally observed the problem there. Would one of you care to take care of it? Whiteboard:
(none) =>
MGA8-64-OK
Dave Hodgins
2022-01-14 22:32:19 CET
CC:
(none) =>
davidwhodgins An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0014.html Resolution:
(none) =>
FIXED |