openSUSE has issued an advisory on March 30: https://lists.opensuse.org/opensuse-updates/2018-03/msg00115.html The issue is fixed upstream in 2.15. Mageia 5 and Mageia 6 are also affected.
Whiteboard: (none) => MGA6TOO, MGA5TOO
Assigning to all packagers collectively, since there is no registered maintainer for this package.
CC: (none) => marja11, smelrorAssignee: bugsquad => pkg-bugs
Updated by Nicolas. Thanks! Advisory: ======================== Updated links packages fix security vulnerability: Buffer over-read vulnerability in case of corrupted UTF-8 data (CVE-2017-11114). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11114 https://lists.opensuse.org/opensuse-updates/2018-03/msg00115.html ======================== Updated packages in core/updates_testing: ======================== links-2.15-1.mga5 links-graphic-2.15-1.mga5 links-common-2.15-1.mga5 links-2.15-1.mga6 links-graphic-2.15-1.mga6 links-common-2.15-1.mga6 from SRPMS: links-2.15-1.mga5.src.rpm links-2.15-1.mga6.src.rpm
Version: Cauldron => 6CC: (none) => nicolas.salgueroWhiteboard: MGA6TOO, MGA5TOO => MGA5TOOAssignee: pkg-bugs => qa-bugs
Installed OK but is crashing in the quick tests I did. How to trigger the crash: 1. Execute "gdb links" 2. Run links with "run https://youtube.com/" 3. Change pages several times. 4. Press ESC to show menu. 5. Exit links. $ uname -a Linux marte 4.14.38-desktop-1.mga6 #1 SMP Mon Apr 30 13:15:08 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ rpm -qa | grep links-.*2.15 | sort links-2.15-1.mga6 links-common-2.15-1.mga6 links-debuginfo-2.15-1.mga6 $ gdb links <SNIP> (gdb) run https://youtube.com/ <SNIP> INTERNAL ERROR at error.c:515: mem_free(NULL) Forcing core dump Program received signal SIGSEGV, Segmentation fault. 0x00007ffff6afe818 in __GI_raise (sig=sig@entry=11) at ../sysdeps/unix/sysv/linux/raise.c:55 55 return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig); (gdb) bt #0 0x00007ffff6afe818 in __GI_raise (sig=sig@entry=11) at ../sysdeps/unix/sysv/linux/raise.c:55 #1 0x000000000041956a in force_dump () at error.c:149 #2 int_error (m=m@entry=0x485bb3 "mem_free(NULL)") at error.c:229 #3 0x000000000041976d in mem_free (p=<optimized out>) at error.c:515 #4 0x0000000000414584 in free_cookie (c=c@entry=0x7be540) at cookies.c:31 #5 0x0000000000414d83 in free_cookies () at cookies.c:225 #6 0x00000000004044eb in terminate_all_subsystems () at main.c:563 #7 main (argc=<optimized out>, argv=<optimized out>) at main.c:738 (gdb)
CC: (none) => mageia
Browsing mirrors.mageia.org and a mirror with it worked fine. I was able to load youtube.com but when I exited it did say Segmentation fault. Mageia 5 x86_64.
Advisory: ======================== Updated links packages fix security vulnerability: Buffer over-read vulnerability in case of corrupted UTF-8 data (CVE-2017-11114). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11114 https://lists.opensuse.org/opensuse-updates/2018-03/msg00115.html ======================== Updated packages in core/updates_testing: ======================== links-2.15-2.mga5 links-graphic-2.15-2.mga5 links-common-2.15-2.mga5 links-2.15-2.mga6 links-graphic-2.15-2.mga6 links-common-2.15-2.mga6 from SRPMS: links-2.15-2.mga5.src.rpm links-2.15-2.mga6.src.rpm
Status: NEW => ASSIGNED
Sorry, I made a mistake in the patch links-2.15-fix-segfault-on-loading-cookies.patch. Advisory: ======================== Updated links packages fix security vulnerability: Buffer over-read vulnerability in case of corrupted UTF-8 data (CVE-2017-11114). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11114 https://lists.opensuse.org/opensuse-updates/2018-03/msg00115.html ======================== Updated packages in core/updates_testing: ======================== links-2.15-3.mga5 links-graphic-2.15-3.mga5 links-common-2.15-3.mga5 links-2.15-3.mga6 links-graphic-2.15-3.mga6 links-common-2.15-3.mga6 from SRPMS: links-2.15-3.mga5.src.rpm links-2.15-3.mga6.src.rpm
Looks good on Mageia 5 x86_64.
Whiteboard: MGA5TOO => MGA5TOO MGA5-64-OK
After the last update the segfault is resolved. No issue found. Seems OK for Mageia 6 x86_64.
Whiteboard: MGA5TOO MGA5-64-OK => MGA5TOO MGA5-64-OK MGA6-64-OK
Keywords: (none) => advisory, validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0217.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED