Debian has issued an advisory on January 24: https://www.debian.org/security/2018/dsa-4095 The issue was fixed upstream in 1.0 The upstream commit that fixed it is linked from here: https://security-tracker.debian.org/tracker/CVE-2018-5345 Mageia 5 and Mageia 6 are also affected.
Whiteboard: (none) => MGA6TOO
Assigning to all packagers collectively, since the registered maintainer for this package seems unavailable. @ Oden Please reassign to yourself if I'm wrong about that!
CC: (none) => marja11, oeAssignee: bugsquad => pkg-bugs
The issue was also fixed in the 0.8 release. Cauldron is not affected.
Version: Cauldron => 6Source RPM: gcab-0.8-1.mga7.src.rpm => gcab-0.7-1.mga6.src.rpmWhiteboard: MGA6TOO => (none)
Patched packages uploaded for Mageia 5 and Mageia 6. Advisory: ======================== Updated gcab packages fix security vulnerabilities: It was discovered that gcab is prone to a stack-based buffer overflow vulnerability when extracting .cab files. An attacker can take advantage of this flaw to cause a denial-of-service or, potentially the execution of arbitrary code with the privileges of the user running gcab, if a specially crafted .cab file is processed (CVE-2018-5345). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5345 https://www.debian.org/security/2018/dsa-4095 ======================== Updated packages in core/updates_testing: ======================== gcab-0.4-6.1.mga5 libgcab1.0_0-0.4-6.1.mga5 libgcab-gir1.0-0.4-6.1.mga5 libgcab-devel-0.4-6.1.mga5 gcab-0.7-1.1.mga6 libgcab1.0_0-0.7-1.1.mga6 libgcab-gir1.0-0.7-1.1.mga6 libgcab-devel-0.7-1.1.mga6 from SRPMS: gcab-0.4-6.1.mga5.src.rpm gcab-0.7-1.1.mga6.src.rpm
Assignee: pkg-bugs => qa-bugsWhiteboard: (none) => MGA5TOO
Testing M5/64 There is no PoC. BEFORE upodate, installed: gcab-0.4-6.mga5 lib64gcab1.0_0-0.4-6.mga5 lib64gcab-gir1.0-0.4-6.mga5 and the following commands from a randomly populated directory showed use of lib64gcab1.0_0 only for all main operations: 1. Create a CAB file: $ strace gcab -cv cabfile.cab * 2>&1 | grep libgcab open("/lib64/libgcab-1.0.so.0", O_RDONLY|O_CLOEXEC) = 3 2. List it: $ strace gcab -tv cabfile.cab 2>&1 | grep libgcab open("/lib64/libgcab-1.0.so.0", O_RDONLY|O_CLOEXEC) = 3 3. Extract it to a lower-level directory: $ mkdir tmp $ strace gcab -xv -C tmp cabfile.cab 2>&1 | grep libgcab open("/lib64/libgcab-1.0.so.0", O_RDONLY|O_CLOEXEC) = 3 whose contents were the same as the original. AFTER update: - gcab-0.4-6.1.mga5.x86_64 - lib64gcab-gir1.0-0.4-6.1.mga5.x86_64 - lib64gcab1.0_0-0.4-6.1.mga5.x86_64 1. Create a CAB file: $ gcab -cv cabfile.cab * ... List of files as archived. 2. List the archive : $ gcab -tv cabfile.cab ... The same file list. 3. Extract it to anothert directory: $ mkdir tmp $ gcab -xv -C tmp cabfile.cab ... The files listed as extracted. Final directory same as the original. Update OK for M5, advisorying.
Whiteboard: MGA5TOO => MGA5TOO MGA5-64-OKKeywords: (none) => advisory
Mageia 6 :: x86_64 Thanks to Lewis for pathfinding. Installed and exercized the utility before updating. Updated: - gcab-0.7-1.1.mga6.x86_64 - lib64gcab-devel-0.7-1.1.mga6.x86_64 - lib64gcab-gir1.0-0.7-1.1.mga6.x86_64 - lib64gcab1.0_0-0.7-1.1.mga6.x86_64 Followed tests detailed in comment 4. $ cd Documents $ gcab -cv odt.cab *.odt $ ll *.cab -rw-r--r-- 1 lcl lcl 12942584 Feb 5 07:53 odt.cab $ gcab -tv odt.cab abbreviations.odt Apology.odt audit_tasklist.odt .... TV_Licence.odt Untitled 1.odt wingandaprayer.odt $ mkdir tests $ gcab -xv -C tests odt.cab $ ls tests abbreviations.odt Front_1.odt parkingcharge_2.odt ............................ flooding.odt openjpeg.odt wingandaprayer.odt Working for x86_64.
CC: (none) => tarazed25
Whiteboard: MGA5TOO MGA5-64-OK => MGA5TOO MGA5-64-OK MGA6-64-OK
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0111.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED