21302 – catdoc new security issue CVE-2017-11110

Bug 21302 - catdoc new security issue CVE-2017-11110

Summary: catdoc new security issue CVE-2017-11110

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	6
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	advisory MGA5TOO has_procedure mga6-6...
Keywords:	validated_update

Depends on:
Blocks:

Reported:	2017-07-20 12:19 CEST by David Walser
Modified:	2017-08-03 21:06 CEST (History)
CC List:	3 users (show)

See Also:
Source RPM:	catdoc-0.95-1.mga5.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2017-07-20 12:19:23 CEST

openSUSE has issued an advisory on July 19:
https://lists.opensuse.org/opensuse-updates/2017-07/msg00076.html

Mageia 5 and Mageia 6 are also affected.

David Walser 2017-07-20 12:20:24 CEST

Whiteboard: (none) => MGA6TOO, MGA5TOO

Comment 1 Marja Van Waes 2017-07-21 20:51:16 CEST

Assigning to the registered maintainer.

CC: (none) => marja11
Assignee: bugsquad => mageia

Comment 2 David Walser 2017-07-29 23:48:07 CEST

Patched packages uploaded for Mageia 5, Mageia 6, and Cauldron.

Advisory:
========================

Updated catdoc package fixes security vulnerability:

Attackers may have used specially crafted files to cause a denial of service
through a heap-based buffer under-flow and application crash, or have
unspecified other impact (CVE-2017-11110).

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11110
https://lists.opensuse.org/opensuse-updates/2017-07/msg00076.html
========================

Updated packages in core/updates_testing:
========================
catdoc-0.95-1.1.mga5
catdoc-0.95-1.1.mga6

from SRPMS:
catdoc-0.95-1.1.mga5.src.rpm
catdoc-0.95-1.1.mga6.src.rpm

Whiteboard: MGA6TOO, MGA5TOO => MGA5TOO
Version: Cauldron => 6
Assignee: mageia => qa-bugs

Comment 3 claire robinson 2017-07-30 14:28:50 CEST

Testing complete mga6 64

$ catdoc <some .doc file>
..
Text of the doc file
..

Whiteboard: MGA5TOO => MGA5TOO has_procedure mga6-64-ok

Comment 4 Len Lawrence 2017-08-02 23:59:16 CEST

Adding this for completeness.
x86_64  Mate
Found a POC for CVE-2017-11110.
Before the update it triggered a stack dump and aborted.

Afterwards:
$ catdoc heap_overflow
sectorSize < 4 not supported
Broken OLE file. Try using -b switch.
Using the -b switch produces a load of indecipherable text.

CC: (none) => tarazed25

Comment 5 Len Lawrence 2017-08-03 00:33:06 CEST

mga5   x86_64
PoC file for CVE-2017-11110 downloaded from https://bugzilla.redhat.com/show_bug.cgi?id=1468471
Before update:
$ catdoc heap_overflow
*** Error in `catdoc': munmap_chunk(): invalid pointer: 0x0000000001118110 ***
<...backtrace...>
Aborted

After updating:
$ catdoc heap_overflow
sectorSize < 4 not supported
Broken OLE file. Try using -b switch

$ catdoc whatever.doc
Output clear text.

Len Lawrence 2017-08-03 00:33:45 CEST

Whiteboard: MGA5TOO has_procedure mga6-64-ok => MGA5TOO has_procedure mga6-64-ok MGA5-64-OK

Rémi Verschelde 2017-08-03 09:45:08 CEST

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Rémi Verschelde 2017-08-03 18:55:10 CEST

Whiteboard: MGA5TOO has_procedure mga6-64-ok MGA5-64-OK => advisory MGA5TOO has_procedure mga6-64-ok MGA5-64-OK

Comment 6 Mageia Robot 2017-08-03 21:06:41 CEST

An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2017-0240.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.