OpenSuSE has issued an advisory on June 11: http://lists.opensuse.org/opensuse-updates/2015-06/msg00024.html Patch checked into Mageia 4 and Cauldron SVN. Freeze push requested. Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA5TOO, MGA4TOO
Patched packages uploaded for Mageia 4 and Cauldron. Note to QA: this package is used by php-tidy, which you can test with the PHP update. Advisory: ======================== Updated tidy packages fix security vulnerability: A heap-based buffer overflow in tidy could have unspecified impact when processing user-supplied input. References: http://lists.opensuse.org/opensuse-updates/2015-06/msg00024.html ======================== Updated packages in core/updates_testing: ======================== tidy-20090904-6.1.mga4 libtidy0.99_0-20090904-6.1.mga4 libtidy-devel-20090904-6.1.mga4 from tidy-20090904-6.1.mga4.src.rpm
Version: Cauldron => 4Assignee: bugsquad => qa-bugsWhiteboard: MGA5TOO, MGA4TOO => (none)
It is also used by the Web Page Validator plugin in Konqueror, documented here: https://docs.kde.org/stable4/en/applications/konqueror/konq-plugin.html
CVE request: http://openwall.com/lists/oss-security/2015/06/04/2
I'm going to test this bug on MGA4-x86-64. Stay tuned.
CC: (none) => shlomif
The PoC (= Proof-of-Concept) in the CVE Request link from comment #3 gives me an "Out of memory" exception before the update and is handled fine after the update from updates_testing. Adding MGA4-64-OK.
Whiteboard: (none) => MGA4-64-OK
Gonna test on MGA4-i586. Stay tuned.
MGA4-32-OKing this. Same results as MGA4-x86-64.
Whiteboard: MGA4-64-OK => MGA4-64-OK MGA4-32-OK
Advisory committed to svn. Someone from the sysadmin team please push 16114 to updates for Mageia 4.
Keywords: (none) => validated_updateWhiteboard: MGA4-64-OK MGA4-32-OK => MGA4-64-OK MGA4-32-OK advisoryCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0257.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
CVE-2015-5522 and CVE-2015-5523 assigned: http://www.openwall.com/lists/oss-security/2015/07/15/3
Summary: tidy new heap-based buffer overflow security issue fixed upstream => tidy new heap-based buffer overflow security issue fixed upstream (CVE-2015-552[23])
LWN reference with the CVEs; I've asked them to merge them: http://lwn.net/Vulnerabilities/651765/