A security issue fixed upstream in Hylafax+ has been announced:
The issue was fixed upstream in 5.6.1.
Debian has issued an advisory for this on September 20:
Done for mga6!
Assigning to all packagers collectively, since there is no registered maintainer for this package.
Also CC'ing some committers.
cjw, marja11, smelror
(In reply to David GEIGER from comment #1)
> Done for mga6!
Thanks, David, and sorry for having missed that (It's still early)
Assigning to you then, because there's no adivisory etc. yet.
Updated hylafax+ packages fixes security vulnerability:
Luis Merino, Markus Vervier and Eric Sesterhenn discovered that missing input
sanitising in the Hylafax fax software could potentially result in the
execution of arbitrary code via a malformed fax message (CVE-2018-17141).
Updated packages in core/updates_testing:
MGA6-32 MATE on IBM Thinkpad R50e
No installation issues.
No fax available here, trying hylafax service
# systemctl start hylafax-faxq
# systemctl -l status hylafax-faxq
● hylafax-faxq.service - HylaFAX faxq (job scheduler service)
Loaded: loaded (/usr/lib/systemd/system/hylafax-faxq.service; enabled; vendor preset: enabled
Active: inactive (dead)
Condition: start condition failed at di 2018-10-23 11:30:07 CEST; 4s ago
ConditionPathExists=/var/spool/hylafax/etc/setup.cache was not met
which is fair enough as faxsetup.linux has not been run
Printing is not affected , so I will not object OK if anyone else can test the fax functionality.
Using the new QA Repo tool with this update would have been easier if there had been a separate list for each arch in Comment 4.
I installed the original hylafax packages, and then updated using Mageia Update. Packages installed cleanly. Since no one seems to have the hardware needed to test this, OKing and validating on the basis of clean installation. Suggested advisory in Comment 4.
Advisoried from comment 4.
An update for this issue has been pushed to the Mageia Updates repository.