Bug 25762 - libmirage new security issues CVE-2019-15540 and CVE-2019-15757
Summary: libmirage new security issues CVE-2019-15540 and CVE-2019-15757
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA7-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2019-11-26 21:24 CET by David Walser
Modified: 2019-12-24 13:25 CET (History)
5 users (show)

See Also:
Source RPM: libmirage-3.2.2-2.mga7.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2019-11-26 21:24:34 CET
openSUSE has issued an advisory on August 31:
https://lists.opensuse.org/opensuse-updates/2019-08/msg00217.html

The issue was fixed upstream, probably in 3.2.3.
David Walser 2019-11-26 21:31:28 CET

QA Contact: (none) => security
Component: RPM Packages => Security

Comment 1 David Walser 2019-11-26 22:21:25 CET
openSUSE has issued an advisory on September 9:
https://lists.opensuse.org/opensuse-updates/2019-09/msg00053.html

It fixes another issue, also probably fixed upstream in 3.2.3.

Summary: libmirage new security issue CVE-2019-15540 => libmirage new security issues CVE-2019-15540 and CVE-2019-15757

Comment 2 David GEIGER 2019-11-27 07:07:49 CET
Done!
Comment 3 David Walser 2019-11-27 18:32:24 CET
Advisory:
========================

Updated libmirage packages fix security vulnerabilities:

The CSO filter in libMirage in CDemu did not validate the part size, triggering
a heap-based buffer overflow that could lead to root access by a local user
(CVE-2019-15540).

NULL pointer dereference in the NRG parser (CVE-2019-15757).

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15540
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15757
https://lists.opensuse.org/opensuse-updates/2019-08/msg00217.html
https://lists.opensuse.org/opensuse-updates/2019-09/msg00053.html
========================

Updated packages in core/updates_testing:
========================
libmirage-common-3.2.3-1.mga7
libmirage11-3.2.3-1.mga7
libmirage-devel-3.2.3-1.mga7
libmirage-gir3.2-3.2.3-1.mga7

from libmirage-3.2.3-1.mga7.src.rpm

CC: (none) => geiger.david68210
Assignee: geiger.david68210 => qa-bugs

Comment 4 Herman Viaene 2019-11-30 21:09:47 CET
MGA7-64 Plasma on Lenovo B50
No installation issues.
Running the daemon
# cdemu-daemon
Starting CDEmu daemon with following parameters:
 - num devices: 1
 - control device: /dev/vhba_ctl
 - audio driver: null
 - bus type: session

posix_spawn avoided (fd close requested) posix_spawn avoided (fd close requested) cdemu0: Mapping: device mapping (SCSI generic) for device #0 could not be determined; device mapping info for this device will not be available
Inserting or ejecting a CD does not provoke any feedback.
Googling leads me to installing cdemu-client and from https://wiki.archlinux.org/index.php/CDemu
picking a few commands
$ cdemu status
Devices' status:
DEV   LOADED     FILENAME
0     False      
Strange to me as there is a CD loaded.

$ cdemu device-mapping
Device mapping:
DEV   SCSI CD-ROM     SCSI generic   
0     /dev/sr2                   
That seems OK.
Not sure whet to do with it.

CC: (none) => herman.viaene

Comment 5 Thomas Andrews 2019-12-22 04:15:32 CET
Mga7-64 Plasma system.

Installed kde-cdemu-manager, which pulled in cdemu-daemon, cdemu-client, several libmirage packages, and a couple of others.

Read /usr/share/doc/cdemu-client/README, which gave several helpful hints about usage. CDemu creates virtual optical drives, and loads/unloads them with image files of various types. It can be run from the command line, and there are gui managers available for Gtk+ or Plasma.

The update packages installed cleanly. Using the kde gui, I was able to add and remove virtual drives, and load them with various isos. Tried some of the simpler command line commands, and all worked.

Looks OK for 64-bit.

Validating. Advisory in Comment 3.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs
Whiteboard: (none) => MGA7-64-OK

Thomas Backlund 2019-12-24 12:23:34 CET

Keywords: (none) => advisory
CC: (none) => tmb

Comment 6 Mageia Robot 2019-12-24 13:25:45 CET
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2019-0404.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED


Note You need to log in before you can comment on or make changes to this bug.