Fedora has issued an advisory on March 6: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DCVKRTMEAJTXCYXNA53WZFPDF67TN7NC/ Mageia 6 is also affected.
Whiteboard: (none) => MGA6TOO
Assigning to all packagers collectively, since there is no registered maintainer for this package. Also CC'ing some committers.
CC: (none) => guillomovitch, mageia, marja11, nicolas.salguero, pterjanAssignee: bugsquad => pkg-bugs
Suggested advisory: ======================== The updated packages fix security vulnerabilities: The printDefineFont2 function (util/listfdb.c) in libming through 0.4.8 is vulnerable to a heap-based buffer overflow, which may allow attackers to cause a denial of service or unspecified other impact via a crafted FDB file. (CVE-2018-6358) There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8 during a RegisterNumber sprintf. A Crafted input will lead to a denial of service attack. (CVE-2018-7867) There is a heap-based buffer over-read in the getName function of util/decompile.c in libming 0.4.8 for CONSTANT8 data. A Crafted input will lead to a denial of service attack. (CVE-2018-7868) An invalid memory address dereference was discovered in getString in util/decompile.c in libming 0.4.8 for CONSTANT16 data. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. (CVE-2018-7870) There is a heap-based buffer over-read in the getName function of util/decompile.c in libming 0.4.8 for CONSTANT16 data. A crafted input will lead to a denial of service or possibly unspecified other impact. (CVE-2018-7871) An invalid memory address dereference was discovered in the function getName in libming 0.4.8 for CONSTANT16 data. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. (CVE-2018-7872) There is a heap-based buffer over-read in the getString function of util/decompile.c in libming 0.4.8 for CONSTANT8 data. A Crafted input will lead to a denial of service attack. (CVE-2018-7875) The pushdup function in util/decompile.c in libming through 0.4.8 does not recognize the need for ActionPushDuplicate to perform a deep copy when a String is at the top of the stack, making the library vulnerable to a util/decompile.c getName NULL pointer dereference, which may allow attackers to cause a denial of service via a crafted SWF file. (CVE-2018-9165) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6358 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7867 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7868 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7870 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7871 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7872 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7875 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9165 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DCVKRTMEAJTXCYXNA53WZFPDF67TN7NC/ ======================== Updated packages in core/updates_testing: ======================== lib(64)ming1-0.4.9-0.git20181112.1.mga6 lib(64)ming-devel-0.4.9-0.git20181112.1.mga6 perl-SWF-0.4.9-0.git20181112.1.mga6 python-SWF-0.4.9-0.git20181112.1.mga6 ming-utils-0.4.9-0.git20181112.1.mga6 from SRPMS: ming-0.4.9-0.git20181112.1.mga6.src.rpm
Status: NEW => ASSIGNEDVersion: Cauldron => 6Assignee: pkg-bugs => qa-bugsSource RPM: ming-0.4.5-18.mga7.src.rpm => ming-0.4.5-14.1.mga6.src.rpmWhiteboard: MGA6TOO => (none)
MGA6-32 MATE on IBM Thinkpad R50e No installation issues, skipped the devel pack Ref to bug 22815 Comment 7, using an swf file created by some other test. $ swftopython output.swf > testming.py $ head testming.py #!/usr/bin/python from ming import * m = SWFMovie(); Ming_setScale(1.0); # Note: using v5+ syntax for script blocks (original SWF file version was 4)! m.setRate(1.000000); $ swftophp output.swf > testming.php $ head testming.php <?php $m = new SWFMovie(); ming_setscale(1.0); /* Note: using v5+ syntax for script blocks (original SWF file version was 4)! */ $m->setRate(1.000000); $m->setDimension(65280, 48960); $m->setFrames(14); $ swftoperl output.swf > testming.pl $ head testming.pl #!/usr/bin/perl -w # Generated by swftoperl converter included with ming. Have fun. # Change this to your needs. If you installed perl-ming global you don't need this. #use lib("/home/peter/mystuff/lib/site_perl"); # We import all because our converter is not so clever to select only needed. ;-) use SWF qw(:ALL); # Just copy from a sample, needed to use Constants like SWFFILL_RADIAL_GRADIENT use SWF::Constants qw(:Text :Button :DisplayItem :Fill); $ swftocxx output.swf > testming.c++ $ head testming.c++ #include <mingpp.h> main(){ SWFMovie* m = new SWFMovie(); Ming_setScale(1.0); // Note: using v5+ syntax for script blocks (original SWF file version was 4)! This all looks quite similar, so relying on Len's reputation, OK for me
Whiteboard: (none) => MGA6-32-OKCC: (none) => herman.viaene
No 64-bit installation issues. Validating. Suggested advisory in Comment 2.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0137.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED