Fedora has issued an advisory on January 25: https://lists.fedoraproject.org/pipermail/package-announce/2014-February/127861.html Patched packages uploaded for Mageia 3, Mageia 4, and Cauldron. Note to QA: there is a reproducer linked in the RedHat bug: https://bugzilla.redhat.com/show_bug.cgi?id=1056699 Advisory: ======================== Updated mupdf packages fix security vulnerability: A stack-based buffer overflow was found in mupdf's xps_parse_color() function. An attacker could create a specially crafted XPS file that, when opened, could cause mupdf or an application using mupdf to crash. References: http://seclists.org/fulldisclosure/2014/Jan/130 https://lists.fedoraproject.org/pipermail/package-announce/2014-February/127861.html ======================== Updated packages in core/updates_testing: ======================== mupdf-1.1-3.1.mga3 libmupdf-devel-1.1-3.1.mga3 mupdf-1.2-2.1.mga4 libmupdf-devel-1.2-2.1.mga4 from SRPMS: mupdf-1.1-3.1.mga3.src.rpm mupdf-1.2-2.1.mga4.src.rpm Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA3TOO
The reproducer listed in the redhat bug is for windows (launches calc.exe). Testing general use, starting with mga4-32.
CC: (none) => wrw105
tested mga4-32 Opens pdfs, 1 page per launch. attempting to open the exploit shows a limit in colors, which is what the fix is supposed to do, according to the fedora bug.
Whiteboard: MGA3TOO => MGA3TOO mga4-32-ok
Tested mga4-64 as above, all OK.
Whiteboard: MGA3TOO mga4-32-ok => MGA3TOO mga4-32-ok mga4-64-ok
mga3-64 tested, all OK
Whiteboard: MGA3TOO mga4-32-ok mga4-64-ok => MGA3TOO mga4-32-ok mga4-64-ok mga3-64-ok
mga3-32 tested. All OK. Ready to validate when advisory is uploaded to svn.
Whiteboard: MGA3TOO mga4-32-ok mga4-64-ok mga3-64-ok => MGA3TOO mga4-32-ok mga4-64-ok mga3-64-ok mga3-32-ok
Thanks Bill :) Advisory uploaded. Validating Could sysadmin please push from 3&4 core/updates_testing to updates Thanks
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Whiteboard: MGA3TOO mga4-32-ok mga4-64-ok mga3-64-ok mga3-32-ok => MGA3TOO advisory has_procedure mga4-32-ok mga4-64-ok mga3-64-ok mga3-32-ok
Update pushed: http://advisories.mageia.org/MGASA-2014-0041.html
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED
This has been assigned CVE-2014-2013: http://openwall.com/lists/oss-security/2014/02/18/2
Summary: mupdf new buffer overflow security issue => mupdf new buffer overflow security issue (CVE-2014-2013)