Bug 25762 - libmirage new security issues CVE-2019-15540 and CVE-2019-15757
Summary: libmirage new security issues CVE-2019-15540 and CVE-2019-15757
Status: NEW
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-11-26 21:24 CET by David Walser
Modified: 2019-11-30 21:09 CET (History)
2 users (show)

See Also:
Source RPM: libmirage-3.2.2-2.mga7.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2019-11-26 21:24:34 CET
openSUSE has issued an advisory on August 31:
https://lists.opensuse.org/opensuse-updates/2019-08/msg00217.html

The issue was fixed upstream, probably in 3.2.3.
David Walser 2019-11-26 21:31:28 CET

Component: RPM Packages => Security
QA Contact: (none) => security

Comment 1 David Walser 2019-11-26 22:21:25 CET
openSUSE has issued an advisory on September 9:
https://lists.opensuse.org/opensuse-updates/2019-09/msg00053.html

It fixes another issue, also probably fixed upstream in 3.2.3.

Summary: libmirage new security issue CVE-2019-15540 => libmirage new security issues CVE-2019-15540 and CVE-2019-15757

Comment 2 David GEIGER 2019-11-27 07:07:49 CET
Done!
Comment 3 David Walser 2019-11-27 18:32:24 CET
Advisory:
========================

Updated libmirage packages fix security vulnerabilities:

The CSO filter in libMirage in CDemu did not validate the part size, triggering
a heap-based buffer overflow that could lead to root access by a local user
(CVE-2019-15540).

NULL pointer dereference in the NRG parser (CVE-2019-15757).

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15540
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15757
https://lists.opensuse.org/opensuse-updates/2019-08/msg00217.html
https://lists.opensuse.org/opensuse-updates/2019-09/msg00053.html
========================

Updated packages in core/updates_testing:
========================
libmirage-common-3.2.3-1.mga7
libmirage11-3.2.3-1.mga7
libmirage-devel-3.2.3-1.mga7
libmirage-gir3.2-3.2.3-1.mga7

from libmirage-3.2.3-1.mga7.src.rpm

Assignee: geiger.david68210 => qa-bugs
CC: (none) => geiger.david68210

Comment 4 Herman Viaene 2019-11-30 21:09:47 CET
MGA7-64 Plasma on Lenovo B50
No installation issues.
Running the daemon
# cdemu-daemon
Starting CDEmu daemon with following parameters:
 - num devices: 1
 - control device: /dev/vhba_ctl
 - audio driver: null
 - bus type: session

posix_spawn avoided (fd close requested) posix_spawn avoided (fd close requested) cdemu0: Mapping: device mapping (SCSI generic) for device #0 could not be determined; device mapping info for this device will not be available
Inserting or ejecting a CD does not provoke any feedback.
Googling leads me to installing cdemu-client and from https://wiki.archlinux.org/index.php/CDemu
picking a few commands
$ cdemu status
Devices' status:
DEV   LOADED     FILENAME
0     False      
Strange to me as there is a CD loaded.

$ cdemu device-mapping
Device mapping:
DEV   SCSI CD-ROM     SCSI generic   
0     /dev/sr2                   
That seems OK.
Not sure whet to do with it.

CC: (none) => herman.viaene


Note You need to log in before you can comment on or make changes to this bug.