OpenSuSE has issued an advisory on February 2: http://lists.opensuse.org/opensuse-updates/2015-02/msg00004.html More information is in the Novell bug and an oss-security post: https://bugzilla.suse.com/show_bug.cgi?id=912214 http://openwall.com/lists/oss-security/2015/02/03/12 The referenced Debian bug also has a PoC: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773041 cabextract is in SVN for Mageia 4 and Cauldron. Freeze push requested. Reproducible: Steps to Reproduce:
Updated packages uploaded for Mageia 4 and Cauldron. Advisory: ======================== Updated cabextract packages fix security vulnerability: Libmspack, a library to provide compression and decompression of some file formats used by Microsoft, is embedded in cabextract. A specially crafted cab file can cause cabextract to hang forever. If cabextract is exposed to any remotely-controlled user input, this issue can cause a denial-of-service (CVE-2014-9556). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9556 http://lists.opensuse.org/opensuse-updates/2015-02/msg00004.html ======================== Updated packages in core/updates_testing: ======================== cabextract-1.5-1.mga4 from cabextract-1.5-1.mga4.src.rpm
Assignee: bugsquad => qa-bugs
PoC file hang.cab is attached to this Debian bug message: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772891#3 Before: $ cabextract hang.cab Extracting cabinet: hang.cab extracting limerick ^C # (had to kill it because it hung in an infinite loop) After: $ cabextract hang.cab Extracting cabinet: hang.cab extracting limerick limerick: error in CAB data format All done, errors in processing 1 file(s) Mageia 4 i586 testing complete.
Whiteboard: (none) => has_procedure MGA4-32-OK
In VirtualBox, M4, KDE, 64-bit Package(s) under test: cabextract default install of cabextract [root@localhost Downloads]# urpmi cabextract Package cabextract-1.4-4.mga4.x86_64 is already installed [wilcal@localhost Downloads]$ cabextract hang.cab Extracting cabinet: hang.cab extracting limerick ^C hangs in infinite loop install cabextract from updates_testing [root@localhost wilcal]# urpmi cabextract Package cabextract-1.5-1.mga4.x86_64 is already installed [wilcal@localhost Downloads]$ cabextract hang.cab Extracting cabinet: hang.cab extracting limerick limerick: error in CAB data format All done, errors in processing 1 file(s) Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver virtualbox-4.3.10-1.1.mga4.x86_64 virtualbox-guest-additions-4.3.10-1.1.mga4.x86_64
CC: (none) => wilcal.int
This update works fine. Testing complete for mga4 32-bit & 64-bit Validating the update. Could someone from the sysadmin team push this to updates. Thanks
CC: (none) => sysadmin-bugsKeywords: (none) => validated_updateWhiteboard: has_procedure MGA4-32-OK => has_procedure MGA4-32-OK MGA4-64-OK
Advisory uploaded.
Whiteboard: has_procedure MGA4-32-OK MGA4-64-OK => has_procedure advisory MGA4-32-OK MGA4-64-OK
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0052.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
*** Bug 15211 has been marked as a duplicate of this bug. ***
CC: (none) => thomas