21046 – raptor2 two new heap overflow security issues fixed upstream (CVE-2017-18926)

Bug 21046 - raptor2 two new heap overflow security issues fixed upstream (CVE-2017-18926)

Summary: raptor2 two new heap overflow security issues fixed upstream (CVE-2017-18926)

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	5
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA5-32-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2017-06-08 03:07 CEST by David Walser
Modified:	2020-11-11 00:17 CET (History)
CC List:	5 users (show)

See Also:
Source RPM:	raptor2-2.0.15-1.mga5.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2017-06-08 03:07:30 CEST

An upstream fix for two heap overflows in raptor2 has been announced:
http://openwall.com/lists/oss-security/2017/06/07/1

Freeze push requested for Cauldron.

Patch added in Mageia 5 SVN.

Comment 1 Marja Van Waes 2017-06-08 23:19:08 CEST

Assigning to all packagers collectively, since there is no registered maintainer for this package.

CC: (none) => marja11
Assignee: bugsquad => pkg-bugs

Comment 2 David Walser 2017-12-28 06:12:03 CET

Advisory:
========================

Updated raptor2 packages fix security vulnerabilities:

The raptor2 package has been patched to fix two heap buffer overflows.

References:
http://openwall.com/lists/oss-security/2017/06/07/1
========================

Updated packages in core/updates_testing:
========================
raptor2-2.0.15-1.1.mga5
libraptor2_0-2.0.15-1.1.mga5
libraptor2-devel-2.0.15-1.1.mga5

from raptor2-2.0.15-1.1.mga5.src.rpm

Assignee: pkg-bugs => qa-bugs

Comment 3 Lewis Smith 2017-12-30 12:00:21 CET

To prioritise.

Dave Hodgins 2017-12-31 12:56:34 CET

CC: (none) => davidwhodgins
Keywords: (none) => advisory

Comment 4 Herman Viaene 2018-01-02 15:48:14 CET

MGA5-32 on Dell Latitude D600 Xfce
No installation issues
Downloaded some rdf example files from https://www.w3.org/2000/10/rdf-tests/ and tried one.
$ rapper ms_4.1_1.rdf 
rapper: Parsing URI file:///home/tester5/Downloads/rdf/ms_4.1_1.rdf with parser rdfxml
rapper: Serializing with serializer ntriples
_:genid1 <http://www.w3.org/1999/02/22-rdf-syntax-ns#subject> <http://www.w3.org/Home/Lassila> .
_:genid1 <http://www.w3.org/1999/02/22-rdf-syntax-ns#predicate> <http://description.org/schema/Creator> .
_:genid1 <http://www.w3.org/1999/02/22-rdf-syntax-ns#object> "Ora Lassila" .
_:genid1 <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <http://www.w3.org/1999/02/22-rdf-syntax-ns#Statement> .
_:genid1 <http://description.org/schema/attributedTo> "Ralph Swick" .
rapper: Parsing returned 5 triples
Looks OK

Whiteboard: (none) => MGA5-32-OK
CC: (none) => herman.viaene

Lewis Smith 2018-01-03 10:44:08 CET

Keywords: (none) => validated_update
CC: (none) => lewyssmith, sysadmin-bugs

Comment 5 Mageia Robot 2018-01-03 11:33:14 CET

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0028.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED

Comment 6 David Walser 2020-11-11 00:17:25 CET

This is CVE-2017-18926:
https://www.debian.org/security/2020/dsa-4785

Summary: raptor2 two new heap overflow security issues fixed upstream => raptor2 two new heap overflow security issues fixed upstream (CVE-2017-18926)

Note You need to log in before you can comment on or make changes to this bug.