Fedora has issued an advisory on August 19: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/YH7KTF6IB4LZURQHCOICNVE6YDAIHV62/ Mageia 7 is also affected.
Whiteboard: (none) => MGA7TOO
Assigning this globally because the package has no registered nor obvious actual maintainer.
Assignee: bugsquad => pkg-bugs
Status comment: (none) => Fixed upstream in 1.2.1
Patched package uploaded for cauldron and Mageia 7. Advisory: ======================== Updated mgetty package fixes security vulnerability: mgetty prior to version 1.2.1 is affected by: Infinite Loop. The impact is: DoS, the program does never terminates. The component is: g3/g32pbm.c. The attack vector is: Local, the user should open a specially crafted file (CVE-2019-1010189). References: https://nvd.nist.gov/vuln/detail/CVE-2019-1010189 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/YH7KTF6IB4LZURQHCOICNVE6YDAIHV62 ======================== Updated packages in core/updates_testing: ======================== mgetty-1.2.1-1.mga7 mgetty-contrib-1.2.1-1.mga7 mgetty-sendfax-1.2.1-1.mga7 mgetty-viewfax-1.2.1-1.mga7 mgetty-voice-1.2.1-1.mga7 from mgetty-1.2.1-1.mga7.src.rpm Past test procedure was for clean install https://bugs.mageia.org/show_bug.cgi?id=23567#c6
Assignee: pkg-bugs => qa-bugsWhiteboard: MGA7TOO => (none)CC: (none) => mramboVersion: Cauldron => 7
MGA7-64 Plasma on Lenovo B50 No installation issues. Test as referred above # cd /etc/ # ls mgetty+sendfax dialin.config faxheader faxrunq.config faxspool.rules.sample login.config mgetty.config sendfax.config voice.conf tried to get some response from the command (no -h or --help or --version) # mgetty -x 5 (debug level) no feedback but some reaction in file /var/log/mgetty.log.unknown: 02/07 14:54:21 no line given: Success 02/07 14:54:21 Usage: mgetty [-x debug] [-s speed] [-r] line: Success So OK'ing for lack of other tests because of such device not in my possession.
Whiteboard: (none) => MGA7-64-OKCC: (none) => herman.viaene
Validating. Advisory in Comment 2.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => tmb
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0076.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED