Ubuntu has issued an advisory on July 18: https://usn.ubuntu.com/4066-1/ Mageia 6 and Mageia 7 are also affected.
Whiteboard: (none) => MGA7TOO, MGA6TOO
Assigning to the registered maintainer.
CC: (none) => marja11Assignee: bugsquad => geiger.david68210
Here https://nvd.nist.gov/vuln/detail/CVE-2019-1010305 it is write: "The attack vector is: the victim must open a specially crafted chm file. The fixed version is: after commit 2f084136cfe0d05e5bf5703f3e83c6d955234b4d" So this fixes is already included in latest 0.10.1alpha release that we have on mga7 and Cauldron.
Version: Cauldron => 6Whiteboard: MGA7TOO, MGA6TOO => (none)
Done for mga6 updating to latest 0.10.1alpha upstream release!
Advisory: ======================== Updated libmspack packages fix security vulnerability: It was discovered that libmspack incorrectly handled certain CHM files. A remote attacker could possibly use this issue to access sensitive information (CVE-2019-1010305). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010305 https://usn.ubuntu.com/4066-1/ ======================== Updated packages in core/updates_testing: ======================== libmspack0-0.10.1-0.alpha.1.mga6 libmspack-devel-0.10.1-0.alpha.1.mga6 from libmspack-0.10.1-0.alpha.1.mga6.src.rpm
CC: (none) => geiger.david68210Assignee: geiger.david68210 => qa-bugs
mga6, x86_64 $ rpm -qa | grep mspack lib64mspack0-0.9.1-0.alpha.1.mga6 lib64mspack-devel-0.9.1-0.alpha.1.mga6 Installed cabextract. $ urpmq --requires cabextract cabextract: libmspack.so.0()(64bit) CVE-2019-1010305 https://github.com/JsHuang/pocs/blob/master/libmspack/chmextract-overflow-chmd-486 $ chmextract chmextract-overflow-chmd-486 This POC requires chmextract which is an example program shipped with versions before 0.8. Presumably that has been supplanted by cabextract. It is not known if this utility can be used effectively with the POC but it handles the malformed file cleanly. It would be risky to draw any conclusions from this. $ cabextract chmextract-overflow-chmd-486 chmextract-overflow-chmd-486: no valid cabinets found All done, errors in processing 1 file(s) One can predict that the same message will appear after the update. Ran the update and tested the POC file with cabextract - same message. Utility tests using https://bugs.mageia.org/show_bug.cgi?id=23365 as a reference. Used CAB files prepared earlier with lcab/gcab which do not use libmspack. Note this from $ urpmq -i libmspack0 [...] Summary : Library for CAB and related files compression and decompression Description : The purpose of libmspack is to provide both compression and decompression of some loosely related file formats used by Microsoft. There do not appear to be any compression utilities based on libmspack. $ cabextract -t odt.cab Testing cabinet: odt.cab xyz.odt OK a63bdf66a070493d7ce15d2ff09877dc All done, no errors. $ cabextract -l ruby.cab Viewing cabinet: ruby.cab File size | Date Time | Name -----------+---------------------+------------- 2 | 15.04.2012 10:14:26 | data/ruby/ascii_chart 0 | 30.06.2014 22:49:06 | data/ruby/backup 0 | 24.05.2015 11:04:46 | data/ruby/books 0 | 17.11.2015 07:18:44 | data/ruby/calco [...] 6059 | 10.07.2014 23:51:02 | data/ruby/xmlviewer.rb 0 | 23.08.2010 11:16:54 | data/ruby/xosd All done, no errors. $ mkdir ruby $ cabextract -d ruby ruby.cab Extracting cabinet: ruby.cab extracting ruby/data/ruby/ascii_chart extracting ruby/data/ruby/backup [...] $ ls ruby/data/ruby | wc -l 103 <The destination does not have to exist already> $ cabextract -d tmp ruby.cab Extracting cabinet: ruby.cab extracting tmp/data/ruby/ascii_chart extracting tmp/data/ruby/backup [...] $ ls tmp data/ This is as far as we need take this.
Whiteboard: (none) => MGA6-64-OKCC: (none) => tarazed25
Validating. Advisory in Comment 4.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
CC: (none) => tmbKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0248.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED