Bug 29914

Summary: htmldoc new security issue CVE-2021-43579
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: andrewsfarm, davidwhodgins, nicolas.salguero, sysadmin-bugs
Version: 8Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA8-64-OK
Source RPM: htmldoc-1.9.8-1.3.mga8.src.rpm CVE: CVE-2021-43579
Status comment:

Description David Walser 2022-01-20 19:46:39 CET 
SUSE has issued an advisory on January 19:
https://lists.suse.com/pipermail/sle-security-updates/2022-January/010028.html

The issue is fixed upstream in 1.9.14.

Mageia 8 is also affected.
David Walser 2022-01-20 19:47:20 CET

Whiteboard: (none) => MGA8TOO
Status comment: (none) => Fixed upstream in 1.9.14
CC: (none) => nicolas.salguero

Comment 1 Lewis Smith 2022-01-20 20:01:51 CET 
Do you mind doing this, NicolasS? You have done quite a number of CVEs for this SRPM.

CC: nicolas.salguero => (none)
Assignee: bugsquad => nicolas.salguero

Comment 2 Nicolas Salguero 2022-01-21 10:31:07 CET 
Suggested advisory:
========================

The updated packages fix a crash when clicking the button "Generate" and a security vulnerability:

A stack-based buffer overflow in image_load_bmp() in HTMLDOC <= 1.9.13 results in remote code execution if the victim converts an HTML document linking to a crafted BMP file. (CVE-2021-43579)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43579
https://lists.suse.com/pipermail/sle-security-updates/2022-January/010028.html
========================

Updated packages in core/updates_testing:
========================
htmldoc-nogui-1.9.14-1.mga8
htmldoc-1.9.14-1.mga8

from SRPM:
htmldoc-1.9.14-1.mga8.src.rpm

Source RPM: htmldoc-1.9.8-4.mga9.src.rpm => htmldoc-1.9.8-1.3.mga8.src.rpm
CC: (none) => nicolas.salguero
Whiteboard: MGA8TOO => (none)
Version: Cauldron => 8
Status: NEW => ASSIGNED
CVE: (none) => CVE-2021-43579
Status comment: Fixed upstream in 1.9.14 => (none)
Assignee: nicolas.salguero => qa-bugs

Comment 3 Thomas Andrews 2022-01-22 16:02:54 CET 
Updated the packages using qarepo, with no installation issues.

Tested using some html files of "Grokking the Gimp" that were downloaded so long ago that I don't remember doing it.

Tried the gui first, launched from the Plasma Tools menu. The crash from the "generate" button, which I had observed before, is fixed.

Tried the "nogui" next, on another html page, and produced a pdf of that page that looks just like the html page when viewed in Firefox.

It all looks good to me. Validating. Advisory in Comment 2.

Keywords: (none) => validated_update
Whiteboard: (none) => MGA8-64-OK
CC: (none) => andrewsfarm, sysadmin-bugs

Dave Hodgins 2022-01-24 22:57:33 CET

Keywords: (none) => advisory
CC: (none) => davidwhodgins

Comment 4 Mageia Robot 2022-01-25 13:14:31 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0033.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED