Fedora has issued an advisory on September 6: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7RPEBFDVJJU7ZJ2OQIKR35QQENJC2EI3/ The issues are fixed upstream in 2.2.4. Mageia 5 is also affected.
Whiteboard: (none) => MGA6TOO
Assigning to the registered maintainer.
Assignee: bugsquad => rverscheldeCC: (none) => marja11
Updated to 2.2.4 in Cauldron by David Geiger.
Version: Cauldron => 6CC: (none) => geiger.david68210Whiteboard: MGA6TOO => (none)
Advisory: ======================== Updated discount packages fix security vulnerabilities: The __mkd_trim_line function in mkdio.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file (CVE-2018-11468). DISCOUNT through version 2.2.3a is vulnerable to a Heap-based buffer-overflow in in the markdown.c:isfootnote() function. An attacker could exploit this to cause a denial of service (CVE-2018-11503). DISCOUNT through version 2.2.3a is vulnerable to a Heap-based buffer-overflow in in the markdown.c:islist() function. An attacker could exploit this to cause a denial of service (CVE-2018-11504). The quoteblock function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file (CVE-2018-12495). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11468 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11503 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11504 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12495 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7RPEBFDVJJU7ZJ2OQIKR35QQENJC2EI3/ ======================== Updated packages in core/updates_testing: ======================== discount-2.2.4-1.mga6 libmarkdown2-2.2.4-1.mga6 libmarkdown-devel-2.2.4-1.mga6 from discount-2.2.4-1.mga6.src.rpm
Assignee: rverschelde => qa-bugs
I got a bogus e-mail from the build system: The upload of the following packages failed: - libmarkdown2-2.2.4-1.mga6.i586.rpm - discount-debuginfo-2.2.4-1.mga6.x86_64.rpm - lib64markdown2-2.2.4-1.mga6.x86_64.rpm - libmarkdown-devel-2.2.4-1.mga6.i586.rpm - lib64markdown-devel-2.2.4-1.mga6.x86_64.rpm - discount-2.2.4-1.mga6.x86_64.rpm - discount-2.2.4-1.mga6.i586.rpm - discount-debuginfo-2.2.4-1.mga6.i586.rpm Upload log available in http://pkgsubmit.mageia.org/uploads/rejected//6/core/updates_testing/20190101213410.luigiwalser.duvel.35658.youri
CC: (none) => sysadmin-bugs
MGA6-32 MATE on IBM Thinkpad R50e No installation issues. Googling on the command man pages I created a small txt file: 1. Bird 2. Mammal 3. Reptile then at the CLI: $ markdown mkdwnexmpl.txt > mkdwnexmpl.html and got as result in the html file:<ol> <li>Bird</li> <li>Mammal</li> <li>Reptile</li> </ol> This seems OK as far as I understand.
Whiteboard: (none) => MGA6-32-OKCC: (none) => herman.viaene
Mageia 6, x86_64 There are test-case files posted against the CVEs, classified as issue1, issue2, etc. CVE-2018-11468 https://github.com/fCorleone/fuzz_programs/blob/master/discount/issue1_testcase $ discount-mkd2html issue1_testcase CVE-2018-11503 https://github.com/fCorleone/fuzz_programs/blob/master/discount/issue2_testcase $ discount-mkd2html issue2_testcase CVE-2018-11504 https://github.com/fCorleone/fuzz_programs/blob/master/discount/issue3_testcase $ discount-mkd2html issue3_testcase These all generated viable html code which could be displayed in a browser - cannot comment on the contents. Upstream tests in an ASAN framework led to aborts. Plain tests here do not signal any problems so it is possible that these issues had been dealt with in versions prior to the update.
CC: (none) => tarazed25
Updated packages. All three produced this message: getting information from /var/lib/urpmi/info.Core Updates Testing.xml.lzma Argument "bold" isn't numeric in subroutine entry at /usr/lib/perl5/vendor_perl/5.22.3/Gtk3.pm line 1600. The mkd2html tests produced the same results as before the update, as expected. Copied Herman's test file and used markdown to generate the same output. This is good for 64-bits as well.
Whiteboard: MGA6-32-OK => MGA6-32-OK MGA6-64-OK
Thank you both yet again. Validating, advisory from comment 3.
CC: (none) => lewyssmithKeywords: (none) => advisory, validated_update
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0020.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED