A security issue fixed upstream in Hylafax+ has been announced: https://www.openwall.com/lists/oss-security/2018/09/20/1 The issue was fixed upstream in 5.6.1. Debian has issued an advisory for this on September 20: https://www.debian.org/security/2018/dsa-4298
CC: (none) => geiger.david68210
Done for mga6!
Assigning to all packagers collectively, since there is no registered maintainer for this package. Also CC'ing some committers.
CC: (none) => cjw, marja11, smelrorAssignee: bugsquad => pkg-bugs
(In reply to David GEIGER from comment #1) > Done for mga6! Thanks, David, and sorry for having missed that (It's still early) Assigning to you then, because there's no adivisory etc. yet.
Assignee: pkg-bugs => geiger.david68210
Advisory: ======================== Updated hylafax+ packages fixes security vulnerability: Luis Merino, Markus Vervier and Eric Sesterhenn discovered that missing input sanitising in the Hylafax fax software could potentially result in the execution of arbitrary code via a malformed fax message (CVE-2018-17141). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17141 https://www.debian.org/security/2018/dsa-4298 ======================== Updated packages in core/updates_testing: ======================== hylafax+-5.6.1-1.mga6 hylafax+-client-5.6.1-1.mga6 libhylafax+5-5.6.1-1.mga6 libhylafax+-devel-5.6.1-1.mga6 from hylafax+-5.6.1-1.mga6.src.rpm
Assignee: geiger.david68210 => qa-bugs
MGA6-32 MATE on IBM Thinkpad R50e No installation issues. No fax available here, trying hylafax service # systemctl start hylafax-faxq # systemctl -l status hylafax-faxq ● hylafax-faxq.service - HylaFAX faxq (job scheduler service) Loaded: loaded (/usr/lib/systemd/system/hylafax-faxq.service; enabled; vendor preset: enabled Active: inactive (dead) Condition: start condition failed at di 2018-10-23 11:30:07 CEST; 4s ago ConditionPathExists=/var/spool/hylafax/etc/setup.cache was not met which is fair enough as faxsetup.linux has not been run Printing is not affected , so I will not object OK if anyone else can test the fax functionality.
CC: (none) => herman.viaene
Using the new QA Repo tool with this update would have been easier if there had been a separate list for each arch in Comment 4. I installed the original hylafax packages, and then updated using Mageia Update. Packages installed cleanly. Since no one seems to have the hardware needed to test this, OKing and validating on the basis of clean installation. Suggested advisory in Comment 4.
Keywords: (none) => validated_updateWhiteboard: (none) => MGA6-64-OKCC: (none) => andrewsfarm, sysadmin-bugs
Advisoried from comment 4.
CC: (none) => lewyssmithKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0456.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED