Bug 20644 - ming new security issue CVE-2017-7578 (incomplete fix for CVE-2016-9831)
Summary: ming new security issue CVE-2017-7578 (incomplete fix for CVE-2016-9831)
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 5
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL: https://cve.mitre.org/cgi-bin/cvename...
Whiteboard: has_procedure advisory MGA5-64-OK MGA...
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2017-04-10 07:53 CEST by Marja Van Waes
Modified: 2017-04-29 23:02 CEST (History)
5 users (show)

See Also:
Source RPM:
CVE:
Status comment:

Attachments
Extended description of update test (4.10 KB, text/plain)
2017-04-15 10:32 CEST, Len Lawrence 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Description Marja Van Waes 2017-04-10 07:53:43 CEST 
Nicolas Salguero pushed ming-0.4.5-8.2.mga5 to 5 core/updates_testing last Friday.

Suggested Advisory:

======================================

The update fixes CVE-2017-7578:

Multiple heap-based buffer overflows in parser.c in libming 0.4.7 allow remote attackers to cause a denial of service (listswf application crash) or possibly have unspecified other impact via a crafted SWF file. NOTE: this issue exists because of an incomplete fix for CVE-2016-9831. 

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7578

========================================

Updated packages in core/updates_testing:

========================================

    libming-devel-0.4.5-8.2.mga5.i586
    libming1-0.4.5-8.2.mga5.i586
    ming-utils-0.4.5-8.2.mga5.i586
    perl-SWF-0.4.5-8.2.mga5.i586
    python-SWF-0.4.5-8.2.mga5.i586

    lib64ming-devel-0.4.5-8.2.mga5.x86_64
    lib64ming1-0.4.5-8.2.mga5.x86_64
    ming-utils-0.4.5-8.2.mga5.x86_64
    perl-SWF-0.4.5-8.2.mga5.x86_64
    python-SWF-0.4.5-8.2.mga5.x86_64

from SRPM: 

    ming-0.4.5-8.2.mga5
Dave Hodgins 2017-04-15 00:45:35 CEST

Whiteboard: (none) => advisory
CC: (none) => davidwhodgins

Comment 1 Len Lawrence 2017-04-15 10:28:50 CEST 
Testing this on real x86_64 and i586 virtualbox.

The report is rather long so it is provided as an attachment.

Summary: libming was already installed on the 64-bit machine.  Downloaded a reproducer image (SWF) and found that listing its contents causes the script to hang.  After the update, listing runs to completion, with an acknowledgement that the file contains trailing garbage.  Installed clash, a drawing and animation program which uses libming.  At a primitive level it works. 

OK for 64-bits.

CC: (none) => tarazed25

Len Lawrence 2017-04-15 10:29:12 CEST

Whiteboard: advisory => advisory MGA5-64-OK

Comment 2 Len Lawrence 2017-04-15 10:32:09 CEST 
Created attachment 9201 [details]
Extended description of update test
Comment 3 Len Lawrence 2017-04-15 11:48:04 CEST 
i586 virtualbox

Obtained the reproducer file and ran the pre and post update listswf tests as detailed for x86_64 and found identical results.  listaction used to analyze an existing NASA animation; it showed the actions and the placing of various objects.  Installed clash and played with it.  Looks OK.

OK for 32-bits.
Len Lawrence 2017-04-15 11:50:30 CEST

Whiteboard: advisory MGA5-64-OK => has_procedure advisory MGA5-64-OK MGA5-32-OK

Comment 4 Dave Hodgins 2017-04-16 00:07:39 CEST 
Validating the update.

Len, feel free to validate updates that have been tested on both arches.

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 5 Mageia Robot 2017-04-16 00:23:30 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2017-0108.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED

Comment 6 David Walser 2017-04-29 23:02:08 CEST 
Several issues were announced as having been fixed in 0.4.8:
http://openwall.com/lists/oss-security/2017/04/29/

CC: (none) => luigiwalser
Note You need to log in before you can comment on or make changes to this bug.