Fedora has issued an advisory on October 12: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LBFCINUX3XXAPPH77OH6NKACBPFBQXXW/ Mageia 7 is also affected.
Whiteboard: (none) => MGA7TOO
Suggested advisory: ======================== The updated packages fix security vulnerabilities: A NULL pointer dereference was discovered in newVar3 in util/decompile.c in libming 0.4.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. (CVE-2018-7866) There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8 for INTEGER data. A Crafted input will lead to a denial of service attack. (CVE-2018-7873) In libming 0.4.8, a memory exhaustion vulnerability was found in the function parseSWF_ACTIONRECORD in util/parser.c, which allows remote attackers to cause a denial of service via a crafted file. (CVE-2018-7876) In libming 0.4.8, there is a use-after-free in the decompileJUMP function of the decompile.c file. (CVE-2018-9009) libming 0.4.8 has a NULL pointer dereference in the getInt function of the decompile.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file. (CVE-2018-9132) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7866 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7873 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7876 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9009 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9132 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LBFCINUX3XXAPPH77OH6NKACBPFBQXXW/ ======================== Updated packages in core/updates_testing: ======================== lib(64)ming1-0.4.9-0.git20181112.2.1.mga7 lib(64)ming-devel-0.4.9-0.git20181112.2.1.mga7 perl-SWF-0.4.9-0.git20181112.2.1.mga7 python-SWF-0.4.9-0.git20181112.2.1.mga7 ming-utils-0.4.9-0.git20181112.2.1.mga7 from SRPMS: ming-0.4.9-0.git20181112.2.1.mga7.src.rpm
CVE: (none) => CVE-2018-7866, CVE-2018-7873, CVE-2018-7876, CVE-2018-9009, CVE-2018-9132Assignee: nicolas.salguero => qa-bugsVersion: Cauldron => 7Whiteboard: MGA7TOO => (none)Status: NEW => ASSIGNED
MGA7-64 Plasma on Lenovo B50 No installation issues Ref to bug 24505 and 22815 for tests Having no swf files available, downloaded samples from https://blog.bannersnack.com/2-sample-swfs-available-for-download/ and from https://condor.depaul.edu/sjost/hci430/flash-examples.htm Files play OK with Adobe's Projector, found no other way of checking the files. Anyway: $ swftopython Car-speakers-590x90.swf > testming.py $ head testming.py #!/usr/bin/python from ming import * Ming_useSWFVersion(9); m = SWFMovie(); Ming_setScale(1.0); m.setRate(30.000000); m.setDimension(11800, 1800); $ swftophp Car-speakers-590x90.swf > testming.php $ head testming.php <?php $m = new SWFMovie(9); ming_setscale(1.0); $m->setRate(30.000000); $m->setDimension(11800, 1800); /*Unknown block type 69*/ /* SWF_METADATA */ $m->addMetadata("<rdf:RDF xmlns:rdf='http://www.w3.org/1999/02/22-rdf-syntax-ns#'><rdf:Description rdf:about='' xmlns:dc='http://purl.org/dc/elements/1.1'><dc:format>application/x-shockwave-flash</dc:format><dc:title>Adobe Flex 3 Application</dc:title><dc:description>http://www.adobe.com/products/flex</dc:description><dc:publisher>unknown</dc:publisher><dc:creator>unknown</dc:creator><dc:language>EN</dc:language><dc:date>Feb 26, 2009</dc:date></rdf:Description></rdf:RDF>"); $ swftoperl Car-speakers-590x90.swf > testming.pl $ head testming.pl #!/usr/bin/perl -w # Generated by swftoperl converter included with ming. Have fun. # Change this to your needs. If you installed perl-ming global you don't need this. #use lib("/home/peter/mystuff/lib/site_perl"); # We import all because our converter is not so clever to select only needed. ;-) use SWF qw(:ALL); # Just copy from a sample, needed to use Constants like SWFFILL_RADIAL_GRADIENT use SWF::Constants qw(:Text :Button :DisplayItem :Fill); but $ swftocxx Car-speakers-590x90.swf testming.c++ #include <mingpp.h> main(){ SWFMovie* m = new SWFMovie(9); Ming_setScale(1.0); m->setRate(30.000000); m->setDimension(11800, 1800); //Unknown block type 69 // SWF_METADATA m->addMetadata("<rdf:RDF xmlns:rdf='http://www.w3.org/1999/02/22-rdf-syntax-ns#'><rdf:Description rdf:about='' xmlns:dc='http://purl.org/dc/elements/1.1'><dc:format>application/x-shockwave-flash</dc:format><dc:title>Adobe Flex 3 Application</dc:title><dc:description>http://www.adobe.com/products/flex</dc:description><dc:publisher>unknown</dc:publisher><dc:creator>unknown</dc:creator><dc:language>EN</dc:language><dc:date>Feb 26, 2009</dc:date></rdf:Description></rdf:RDF>"); and loads of other feedback , and at the end: m->save("testming.c++"); but there is no such file saved Tried the same command with a bumblebee file, but get the same result. Not sure whetherit iust me . I will try the same files with th older versions.
CC: (none) => herman.viaene
Previous version gives the same result, so there is no regression here. OK unless better ideas prop up.
Whiteboard: (none) => MGA7-64-OK
CC: (none) => tmb, sysadmin-bugsKeywords: (none) => advisory, validated_update
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0032.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED