Assigning to all packagers collectively, since there is no registered maintainer for this package.

Assignee: bugsquad => pkg-bugs
CC: (none) => marja11

Suggested advisory:
========================

The updated packages fix a security vulnerability:

WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd 0.10.1 mishandle iterators, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the WPXTableList class in WPXTable.cpp). This vulnerability can be triggered in LibreOffice before 5.3.7. It may lead to suffering a remote attack against a LibreOffice application. (CVE-2017-14226)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14226
========================

Updated packages in 5/core/updates_testing:
========================
libwpd-tools-0.10.2-1.mga5
lib(64)wpd0.10_10-0.10.2-1.mga5
lib(64)wpd-devel-0.10.2-1.mga5
libwpd-doc-0.10.2-1.mga5

from SRPMS:
libwpd-0.10.2-1.mga5.src.rpm

Updated packages in 6/core/updates_testing:
========================
libwpd-tools-0.10.2-1.mga6
lib(64)wpd0.10_10-0.10.2-1.mga6
lib(64)wpd-devel-0.10.2-1.mga6
libwpd-doc-0.10.2-1.mga6

from SRPMS:
libwpd-0.10.2-1.mga6.src.rpm

CC: (none) => nicolas.salguero
Version: Cauldron => 6
Whiteboard: MGA6TOO, MGA5TOO => MGA5TOO
Status: NEW => ASSIGNED
Assignee: pkg-bugs => qa-bugs

Background
----------
No previous updates for libwpd.
The bug is related mainly to LibreOffice.

Libwpd is a library for reading/writing WordPerfect files. It is designed to be used by another program (e.g.: a word processor) as an in-process component.

libwpd-tools: Tools to transform WordPerfect documents into other formats:
 /usr/bin/wpd2html
 /usr/bin/wpd2raw
 /usr/bin/wpd2text

https://bugzilla.redhat.com/show_bug.cgi?id=1489337 has a PoC in Attachments (a .rar file and an extracted file, to clarify) and its use in Description.

Unable to find any sample WordPerfect files... I used to have loads!

CC: (none) => lewyssmith

Yes, I used to use WordPerfect long ago.  I managed to locate one .wps file here, not .wpd though so it may be irrelevant.

CC: (none) => tarazed25

Correct.  WPS is a Microsoft Works format so .wps is irrelevant.

MGA6-32 on Asus A6000VM MATE
No installation issues.
First used the POC file as indicated above in Comment 3
and used
$ strace -o libwpd.txt wpd2html POC1.wpd > POC1.html
to confirm that libwpd is called OK
but as this file is crafted for some other issue, the display of the wpd file with OOWriter and of the resulting html file is not quite the same , so unsure if this is all OK.
Found another sample file at http://product.corel.com/en/WPO2002_Box/CorelTUTOR/WordPerfect/html_docs/popups/pop_fnt_download.htm
having plain readable text. So
$ strace -o libwpd.txt wpd2html fnt_sample_file.wpd fnt_sample_file.html

This gives a good result in OOWriter, the wpd and html file display the same.

CC: (none) => herman.viaene
Whiteboard: MGA5TOO => MGA5TOO MGA6-32-OK

In VirtualBox, M6, Plasma, 64-bit

Package(s) under test:
lib64revenge0.0_0 libwpd-doc-0.10.1 libwpd-tools-0.10.1
lib64wpd0.10_10 lib64zlib1-1.2.11

default install of lib64revenge0.0_0 libwpd-doc-0.10.1
libwpd-tools-0.10.1 lib64wpd0.10_10 lib64zlib1-1.2.11

[root@localhost wilcal]# urpmi lib64revenge0.0_0
Package lib64revenge0.0_0-0.0.4-3.mga6.x86_64 is already installed
[root@localhost wilcal]# urpmi libwpd-doc-0.10.1
Package libwpd-doc-0.10.1-2.mga6.noarch is already installed
[root@localhost wilcal]# urpmi libwpd-tools-0.10.1
Package libwpd-tools-0.10.1-2.mga6.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64wpd0.10_10
Package lib64wpd0.10_10-0.10.1-2.mga6.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64zlib1-1.2.11
Package lib64zlib1-1.2.11-4.mga6.x86_64 is already installed

Using Hermans sample file and another I found ( 7.5MB ) I was
able to open both with OpenOffice Writer.
wpd_sample_file_1.wpd opens and displays properly in OpenOffice Writer
wpd_sample_file_2.wpd opens and displays properly in OpenOffice Writer

install lib64revenge0.0_0 libwpd-doc-0.10.1 libwpd-tools-0.10.1
lib64wpd0.10_10 lib64zlib1-1.2.11 from updates_testing

[root@localhost wilcal]# urpmi lib64revenge0.0_0
Package lib64revenge0.0_0-0.0.4-3.mga6.x86_64 is already installed
[root@localhost wilcal]# urpmi libwpd-doc-0.10.1
Package libwpd-doc-0.10.1-2.mga6.noarch is already installed
[root@localhost wilcal]# urpmi libwpd-tools-0.10.1
Package libwpd-tools-0.10.1-2.mga6.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64wpd0.10_10
Package lib64wpd0.10_10-0.10.2-1.mga6.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64zlib1-1.2.11
Package lib64zlib1-1.2.11-4.mga6.x86_64 is already installed

wpd_sample_file_1.wpd opens and displays properly in OpenOffice Writer
wpd_sample_file_2.wpd opens and displays properly in OpenOffice Writer
Both files edit and save as .odt files

CC: (none) => wilcal.int

(In reply to William Kenney from comment #7)

> In VirtualBox, M6, Plasma, 64-bit........

This make sense Herman?

In VirtualBox, M5, KDE, 32-bit

Package(s) under test:
librevenge0 libwpd-tools-0.10.1 libwpd0.10_10 libzlib1-1.2.8

default install of librevenge0 libwpd-tools-0.10.1
libwpd0.10_10 libzlib1-1.2.8

[root@localhost wilcal]# urpmi librevenge0
Package librevenge0-0.0.4-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libwpd-tools-0.10.1
Package libwpd-tools-0.10.1-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libwpd0.10_10
Package libwpd0.10_10-0.10.1-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libzlib1-1.2.8
Package libzlib1-1.2.8-7.1.mga5.i586 is already installed

Using Hermans sample file and another I found ( 7.5MB ) I was
able to open both with OpenOffice Writer.
wpd_sample_file_1.wpd opens and displays properly in OpenOffice Writer
wpd_sample_file_2.wpd opens and displays properly in OpenOffice Writer

install librevenge0 libwpd-tools-0.10.1 libwpd0.10_10
libzlib1-1.2.8 from updates_testing

[root@localhost wilcal]# urpmi librevenge0
Package librevenge0-0.0.4-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libwpd-tools-0.10.1
Package libwpd-tools-0.10.1-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libwpd0.10_10
Package libwpd0.10_10-0.10.2-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi libzlib1-1.2.8
Package libzlib1-1.2.8-7.1.mga5.i586 is already installed

wpd_sample_file_1.wpd opens and displays properly in OpenOffice Writer
wpd_sample_file_2.wpd opens and displays properly in OpenOffice Writer
Both files edit and save as .odt files

In VirtualBox, M5, KDE, 64-bit

Package(s) under test:
lib64revenge0 libwpd-tools lib64wpd0.10_10 lib64zlib1

default install of lib64revenge0 libwpd-tools
lib64wpd0.10_10 lib64zlib1

[root@localhost wilcal]# urpmi lib64revenge0
Package lib64revenge0-0.0.4-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi libwpd-tools
Package libwpd-tools-0.10.1-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64wpd0.10_10
Package lib64wpd0.10_10-0.10.1-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64zlib1
Package lib64zlib1-1.2.8-7.1.mga5.x86_64 is already installed

Using Hermans sample file and another I found ( 7.5MB ) I was
able to open both with OpenOffice Writer.
wpd_sample_file_1.wpd opens and displays properly in OpenOffice Writer
wpd_sample_file_2.wpd opens and displays properly in OpenOffice Writer

install lib64revenge0 libwpd-tools lib64wpd0.10_10
lib64zlib1 from updates_testing

[[root@localhost wilcal]# urpmi lib64revenge0
Package lib64revenge0-0.0.4-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi libwpd-tools
Package libwpd-tools-0.10.2-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64wpd0.10_10
Package lib64wpd0.10_10-0.10.2-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64zlib1
Package lib64zlib1-1.2.8-7.1.mga5.x86_64 is already installed

wpd_sample_file_1.wpd opens and displays properly in OpenOffice Writer
wpd_sample_file_2.wpd opens and displays properly in OpenOffice Writer
Both files edit and save as .odt files

@ William
I don't know what this librevenge is doing here, it is not in the list in Comment 2.
Anyway, opening a  .wpd file in LibreOffice Writer as I did, does not call on libwpd, it's one of the wpd commands - like wpd2html - which do. So I fear you missed the point????

Testing M6/64

 https://bugzilla.redhat.com/attachment.cgi?id=1323059
"extracted from rar" is the PoC of interest, file POC1.wpd . The other attachment 'Triggered by "./wpd2html POC1"' is a rar file containing just the same thing, and called only POC1.

BEFORE the update:
 lib64wpd0.10_10-0.10.1-2.mga6
 libwpd-tools-0.10.1-2.mga6

$ wpd2html POC1.wpd
Segmentation fault (core dumped)
-------------------------------------
AFTER the update:
 lib64wpd0.10_10-0.10.2-1.mga6.x86_64
 libwpd-tools-0.10.2-1.mga6.x86_64

 $ wpd2html POC1.wpd
<!DOCTYPE HTML>
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" >
<title></title>
... a whole page of HTML on the terminal
</p>
<hr>
</body>
</html>

The URL given in comment 6 (thanks Herman) is to a page with the URL to the actual WordPerfect sample file:
 http://product.corel.com/en/WPO2002_Box/CorelTUTOR/WordPerfect/html_docs/popups/fnt_sample_file.wpd

 $ wpd2html fnt_sample_file.wpd > fnt_sample_file.htm
Viewing the result in a Browser was fine. (Without the redirection, it spills out on the terminal).
 $ strace wpd2html fnt_sample_file.wpd 2>&1 | grep wpd
included
 open("/lib64/libwpd-0.10.so.10", O_RDONLY|O_CLOEXEC) = 3

Seems conclusive enough for an OK.

Whiteboard: MGA5TOO MGA6-32-OK => MGA5TOO MGA6-32-OK MGA6-64-OK
Keywords: (none) => advisory

Addendum
Doing after the update:
 $ wpd2html POC1.wpd > POC.htm
and viewing the result in a browser - the page is in some oriental language!
Strace showed:
 open("/lib64/libwpd-0.10.so.10", O_RDONLY|O_CLOEXEC) = 3

Testing M5/64

BEFORE update:
 libwpd-tools-0.10.1-1.mga5
 lib64wpd0.10_10-0.10.1-1.mga5

 $ wpd2html POC1.wpd
Segmentation fault
--------------------------------------
AFTER update:
- lib64wpd0.10_10-0.10.2-1.mga5.x86_64
- libwpd-tools-0.10.2-1.mga5.x86_64

 $ wpd2html POC1.wpd > POC1.htm
No segfault. Viewing the ouptut in a browser worked - oriental page.
Stracing it showed use of the library:
 open("/lib64/libwpd-0.10.so.10", O_RDONLY|O_CLOEXEC) = 3

 $ wpd2html fnt_sample_file.wpd > fnt_sample_file.htm
Viewing the output shows a good "Using WordPerfect documentation" page.
 $ strace wpd2html fnt_sample_file.wpd 2>&1 | grep wpd
included opening the library:
 open("/lib64/libwpd-0.10.so.10", O_RDONLY|O_CLOEXEC) = 3

OKing & validating (3/4 OKs).

Keywords: (none) => validated_update
Whiteboard: MGA5TOO MGA6-32-OK MGA6-64-OK => MGA5TOO MGA6-32-OK MGA6-64-OK MGA5-64-OK
CC: (none) => sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2017-0358.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED