Upstream has released 0.21.8 which should fix the remaining crasher issues: http://openwall.com/lists/oss-security/2014/12/22/4 This is a follow-up to Bug 14783. Hopefully it also fixes the issue in this post, which hadn't been addressed by the previous update: http://openwall.com/lists/oss-security/2014/12/11/11 Advisory: ======================== Updated unrtf package fixes security vulnerability: Hanno Böck also reported a number of other crashes in unrtf besides the ones associated with CVE-2014-9275. These could allow a denial of service when opening a malicious malformed RTF file which causes unrtf to crash. References: http://openwall.com/lists/oss-security/2014/12/22/4 ======================== Updated package in core/updates_testing: ======================== unrtf-0.21.8-1.mga4 from unrtf-0.21.8-1.mga4.src.rpm Reproducible: Steps to Reproduce:
Created attachment 5758 [details] RTF sample test file Testing on Mageia 4x32 real hardware From current package : -------------------- unrtf-0.21.7-1.mga4 First with PoC $ perl -e 'print "{" x 100000' > test2.rtf $ unrtf test2.rtf Erreur de segmentation Then with a rtfsampletest.rtf written in LibreOffice (in attachment) $ unrtf rtfsampletest.rtf outputs in html format. If output copied to a html file, opens in browser ok. $ unrtf --text rtfsampletest.rtf outputs in ASCII characters To updated testing package : -------------------------- unrtf-0.21.8-1.mga4 $ perl -e 'print "{" x 100000' > test3.rtf $ unrtf test3.rtf Warning: Max group depth reached (...) gives a warning but no segmentation fault. $ unrtf rtfsampletest.rtf outputs in html format. If output copied to a html file, opens in browser ok. $ unrtf --text rtfsampletest.rtf ### Translation from RTF performed by UnRTF, version 0.21.8 ### font table contains 13 fonts total ### creation date: 24 December 2014 10:22 ### revision date: ### last printed: ### comments: LibreOffice ----------------- Error (line 71): output personality lacks sufficient font size change capability It can't output my sample rtf test in ASCII characters anymore. New version resolves the bug (segfault) but produces a regression on my installation.
CC: (none) => olchal
Thanks Olivier. Would you mind reporting the regression upstream? http://savannah.gnu.org/projects/unrtf/
Whiteboard: (none) => feedback
(In reply to David Walser from comment #2) > Thanks Olivier. > > Would you mind reporting the regression upstream? > http://savannah.gnu.org/projects/unrtf/ Done David !
Thanks Olivier! http://savannah.gnu.org/bugs/?43888
Regression fixed upstream in 0.21.9. Freeze push requested for Cauldron. unrtf-0.21.9-1.mga4 from unrtf-0.21.9-1.mga4.src.rpm uploaded for Mageia 4.
Whiteboard: feedback => (none)
Testing done with Mga4 64&32 no issues found i validate this. Sysadmins push to updates.
CC: (none) => ozkyster, sysadmin-bugsWhiteboard: (none) => MGA4-64-OK MGA4-32-OK
Keywords: (none) => validated_update
Do you want to add anything to the advisory David?
No, this one's ready to go. They do need to push it in Cauldron also.
Advisory from comment 0 with srpm from comment 5 uploaded.
Whiteboard: MGA4-64-OK MGA4-32-OK => has_procedure advisory MGA4-64-OK MGA4-32-OK
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0016.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
URL: (none) => http://lwn.net/Vulnerabilities/629243/