Fedora has issued an advisory today (December 19): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/M3U4WCFHXI3CPXBAGROGSUWCMG2M4FFG/ They added a patch: http://pkgs.fedoraproject.org/cgit/rpms/libextractor.git/plain/7cc63b001ceaf81143795321379c835486d0c92e.patch?id=a98c36b2bad10707da66264266567695c65c342c Mageia 5 and Mageia 6 are also affected.
CC: (none) => geiger.david68210Whiteboard: (none) => MGA6TOO, MGA5TOO
Assigning to the registered maintainer.
CC: (none) => marja11Assignee: bugsquad => anssi.hannula
Advisory: ======================== Updated libextractor packages fix security vulnerability: GNU Libextractor 1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted GIF, IT (Impulse Tracker), NSFE, S3M (Scream Tracker 3), SID, or XM (eXtended Module) file, as demonstrated by the EXTRACTOR_xm_extract_method function in plugins/xm_extractor.c (CVE-2017-17440). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17440 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/M3U4WCFHXI3CPXBAGROGSUWCMG2M4FFG/ ======================== Updated packages in core/updates_testing: ======================== extract-1.6-1.1.mga5 libextractor-common-1.6-1.1.mga5 libextractor3-1.6-1.1.mga5 libextractor_common1-1.6-1.1.mga5 libextractor-devel-1.6-1.1.mga5 extract-1.6-1.1.mga6 libextractor-common-1.6-1.1.mga6 libextractor3-1.6-1.1.mga6 libextractor_common1-1.6-1.1.mga6 libextractor-devel-1.6-1.1.mga6 from SRPMS: libextractor-1.6-1.1.mga5.src.rpm libextractor-1.6-1.1.mga6.src.rpm
Whiteboard: MGA6TOO, MGA5TOO => MGA5TOOAssignee: anssi.hannula => qa-bugsVersion: Cauldron => 6
MGA5-32 on Dell Latitude D600 Xfce No installation issues Tried the command $ extract 1973.jpg Trefwoorden voor bestand 1973.jpg: MIME-type - image/jpeg afbeeldingsafmetingen - 2904x4208 opmerking - Created with GIMP $ extract P7212389.ORF Trefwoorden voor bestand P7212389.ORF: MIME-type - image/x-olympus-orf $ extract kursustekst.pdf Trefwoorden voor bestand kursustekst.pdf: MIME-type - application/pdf door software geproduceerd - GPL Ghostscript 9.22 aanmaakdatum - Wed Nov 29 15:19:20 2017 wijzigingsdatum - Wed Nov 29 15:19:20 2017 aantal bladzijden - 84 encoder-versie - 1.4 $ extract POWERPOINT\ Aperitiefontmoeting.odp Trefwoorden voor bestand POWERPOINT Aperitiefontmoeting.odp: MIME-type - application/vnd.oasis.opendocument.presentation ingebedde bestandsnaam - mimetype ingebedde bestandsnaam - Thumbnails/thumbnail.png ingebedde bestandsnaam - meta.xml ingebedde bestandsnaam - settings.xml ingebedde bestandsnaam - Pictures/10000000000000EC000000B16A36C38E.jpg ingebedde bestandsnaam - Pictures/10000000000002A200000190F943819D.jpg ingebedde bestandsnaam - Pictures/1000000000000B3A00000AB4940BA658.png ingebedde bestandsnaam - Pictures/10000000000002FB000002C8D1D4E058.jpg ingebedde bestandsnaam - Pictures/10000000000000C80000012D88CC23DC.jpg ingebedde bestandsnaam - Pictures/10000000000002580000008BB6D484DB.jpg ingebedde bestandsnaam - Pictures/10000000000003FC0000021E2C934BFD.jpg ingebedde bestandsnaam - Pictures/100000000000025800000190CF5E2C90.jpg ingebedde bestandsnaam - Pictures/100000000000029E0000017889A41539.jpg ingebedde bestandsnaam - Pictures/100000000000012C0000012C273860A6.png ingebedde bestandsnaam - Pictures/10000000000002010000011B72BF5103.jpg ingebedde bestandsnaam - Pictures/100002010000012C0000012C354BF842.png ingebedde bestandsnaam - Pictures/100000000000030100000232FFF94F79.jpg ingebedde bestandsnaam - Pictures/10000000000000AD000000FAC3EF1AF4.jpg ingebedde bestandsnaam - Pictures/10000000000000B0000000ACA4DCE4AE.png ingebedde bestandsnaam - Pictures/10000000000001BA00000268DE6D2468.png ingebedde bestandsnaam - Pictures/10000000000001CC0000015FF1CED917.png ingebedde bestandsnaam - Pictures/100002010000022A0000011244F03356.png ingebedde bestandsnaam - Pictures/100000000000041A00000302C629B643.jpg ingebedde bestandsnaam - Pictures/100002010000005A0000006A1924C562.png ingebedde bestandsnaam - Pictures/10000000000007190000045C1D76D603.jpg ingebedde bestandsnaam - Pictures/10000000000000F200000085CB133F20.jpg ingebedde bestandsnaam - Pictures/100000000000025A000002D7CF87365A.jpg ingebedde bestandsnaam - Pictures/100000000000036E000002DB3CBF3D49.png ingebedde bestandsnaam - Pictures/10000000000000E2000000B1F88B11A2.jpg ingebedde bestandsnaam - Pictures/10000000000002C30000018E816D25CD.jpg ingebedde bestandsnaam - Pictures/100002010000035C000000B748953BB4.png ingebedde bestandsnaam - Pictures/10000000000000E9000000ACC2A82743.png ingebedde bestandsnaam - Pictures/TablePreview1.svm ingebedde bestandsnaam - Pictures/1000000000000185000000E592017016.jpg ingebedde bestandsnaam - Pictures/10000000000000EF000001DCB8FC6AF7.jpg ingebedde bestandsnaam - Pictures/10000201000000B0000000B03AD68DDF.png ingebedde bestandsnaam - Pictures/1000000000000437000000E84FE46229.png ingebedde bestandsnaam - Pictures/10000201000002580000009EAA25738E.png ingebedde bestandsnaam - Pictures/100000000000035E000002D156212927.jpg ingebedde bestandsnaam - Pictures/100000000000015E000001361E09A39E.png ingebedde bestandsnaam - Pictures/1000000000000373000001F156798FF5.jpg ingebedde bestandsnaam - Pictures/10000201000005DE00000465D976DB02.png ingebedde bestandsnaam - Pictures/10000000000000CC000000353976E1DF.png ingebedde bestandsnaam - Configurations2/floater/ ingebedde bestandsnaam - Configurations2/accelerator/current.xml ingebedde bestandsnaam - Configurations2/toolpanel/ ingebedde bestandsnaam - Configurations2/progressbar/ ingebedde bestandsnaam - Configurations2/statusbar/ ingebedde bestandsnaam - Configurations2/images/Bitmaps/ ingebedde bestandsnaam - Configurations2/popupmenu/ ingebedde bestandsnaam - Configurations2/menubar/ ingebedde bestandsnaam - Configurations2/toolbar/ ingebedde bestandsnaam - META-INF/manifest.xml ingebedde bestandsnaam - content.xml ingebedde bestandsnaam - styles.xml indeling - ZIP 2.0 (uncompressed) MIME-type - application/vnd.oasis.opendocument.presentation door software gemaakt - LibreOffice/4.4.7.2$Linux_X86_64 LibreOffice_project/40$Build-2 onbekende datum - 2016-02-24T13:28:15.156288859 titel - PowerPoint-presentatie Looks all good to me.
CC: (none) => herman.viaeneWhiteboard: MGA5TOO => MGA5TOO MGA5-32-OK
Keywords: (none) => advisoryCC: (none) => davidwhodgins
Confirmed extract is working for various image formats. Validating the update.
Whiteboard: MGA5TOO MGA5-32-OK => MGA5TOO MGA5-32-OK MGA6-64-OKKeywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0043.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED