Fedora has issued an advisory on October 23: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/GDWZHBV4B3VZTM4ACXQMZKSLTIKFJUUO/ Mageia 6 is also affected.
Whiteboard: (none) => MGA6TOO
Assigning to all packagers collectively, since there is no registered maintainer for this package.
Assignee: bugsquad => pkg-bugsCC: (none) => marja11, smelror
Patched package uploaded for cauldron and Mageia 6. Advisory: ======================== Updated opencc package fixes security vulnerability: It was discovered that opencc contained an out of bounds pointer in BinaryDict.cpp which could lead to segment fault and a Denial of Service (CVE-2018-16982). References: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/GDWZHBV4B3VZTM4ACXQMZKSLTIKFJUUO/ https://github.com/BYVoid/OpenCC/issues/303 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16982 ======================== Updated packages in core/updates_testing: ======================== lib64opencc2-1.0.3-3.1.mga6 lib64opencc-devel-1.0.3-3.1.mga6 opencc-1.0.3-3.1.mga6 from opencc-1.0.3-3.1.mga6.src.rpm
CC: (none) => mramboWhiteboard: MGA6TOO => (none)Version: Cauldron => 6Assignee: pkg-bugs => qa-bugs
Mageia 6, x86_64 CVE-2018-16982 https://github.com/BYVoid/OpenCC/issues/303 $ opencc_dict -i keyoffsetPOC -o temp.txt -f ocd -t text Segmentation fault (core dumped) $ opencc_dict -i ValueOffsetPOC -o temp.txt -f ocd -t text Segmentation fault (core dumped) Clean update of the packages. Ran the POC tests again. $ opencc_dict -i keyoffsetPOC -o temp.txt -f ocd -t text Invalid format: Invalid OpenCC binary dictionary (keyOffset) $ opencc_dict -i ValueOffsetPOC -o temp.txt -f ocd -t text Invalid format: Invalid OpenCC binary dictionary (valueOffset) opencc has a --help facility but not knowing anything about input file formats I left this alone. Clean update and positive POC tests so this is OK for 64-bits.
CC: (none) => tarazed25Whiteboard: (none) => MGA6-64-OK
Validating. Advisory in Comment 2.
CC: (none) => andrewsfarm
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Advisoried from comment 2.
Keywords: (none) => advisoryCC: (none) => lewyssmith
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0443.html
Status: NEW => RESOLVEDResolution: (none) => FIXED