RedHat has issued an advisory on March 4:
Mageia 7 is also affected.
No registered or obvious packager visible, so assigning globally.
Done! you can test the upcoming arp-scan-1.9.6-1.mga7 in Core/Updates_testing repo.
OOppss! wrong bug, sorry :)
RedHat notes that this package was dropped in RHEL8. Maybe we don't need it?
Patch available from RedHat
Fixed in cauldron,
and in mga7 with the rpm: xerces-c-3.2.2-2.1.mga7
Patch available from RedHat =>
Updated xerces-c packages fix security vulnerability:
A use-after-free vulnerability was found in xerces-c in the way an XML document
is processed via the SAX API. Applications that process XML documents with an
external Document Type Definition (DTD) may be vulnerable to this flaw. A
remote attacker could exploit this flaw by creating a specially crafted XML
file that would crash the application or potentially lead to arbitrary code
Updated packages in core/updates_testing:
MGA7-64 Plasma on Lenovo B50
No installation issues.
Ref bug 18421 for test.
Used strace on enigma, and found ref:
openat(AT_FDCWD, "/lib64/libxerces-c-3.2.so", O_RDONLY|O_CLOEXEC) = 3.
I could play two levels, but the thing started flashing and sounding when I tried to close it.
Leaving for more experienced people.
That's OK Herman. Having encountered this before I shall follow up when I have time (been sent to Hell and back by the latest version of tbird - grrrrh!!).
Created attachment 11673 [details]
Code for simple XML parser based on xerces-c API.
This command works but may not be the best way to do it.
$ g++ -g -Wall -pedantic $(pkg-config --libs xerces-c) parser.c++ -DMAIN_TEST -o parser
Created attachment 11674 [details]
Include file needed by parser.c++
Updated the packages in the absence of a PoC.
Referred to https://bugs.mageia.org/show_bug.cgi?id=18421 to see how things were tackled before. The first problem was the lack of source for the parser test program. Downloaded that from http://www.yolinux.com/TUTORIALS/XML-Xerces-C.html and hacked it enough to allow it to be compiled. Ran the result against the trivial XML file attached and all was well. The parser is not a general utility. It seems to work for only that target.
Followed Herman's lead and tried out enigma.
Tried to enlarge the board but there seemed to be no way to do it. Changed video mode resolution upward and set fullscreen - no effect. Unable to start a game, but it used to work. Eventually the flashing started, as in comment 7 and the game crashed.
Moved to ~/.enigma.
Could not see any errors in state.xml.
So maybe there is a regression here.
Referring to comment 11, the enigma program was run from the system menus. Running it from the command line was a little more successful. It generated the board at very low resolution fullscreen - i.e. it looked very fuzzy. Played a couple of levels then tried to quit from the main menu. That froze the whole machine - needed a hard reset to get back to the desktop.
We have no idea if the fault here lies with enigma or xerces-c. It might be possible to catch a trace.
Did you try enigma before the xerces-c update?
I am not sure now - too far back. Need to try it on another partition.
On another machine.
Installed xerces-c and enigma.
$ rpm -q xerces-c
$ rpm -qa | grep xerces
$ rpm -q enigma
Started enigma successfully from the cli. Played tutorial level game for a while but could find no way to quit. Not clear exactly what happened. Repeated Esc's and tried to kill it via the window decorations. Lost control of the mouse and the game window started flashing.
$ urpmi.update -a
Updated the four xerces-c packages.
The game played, shifted from level 0 to level 1 and then the trouble started. After only a few moves the level went back to the "abort/restart level" screen. On clicking resume the window started to flash. Could not kill the window or control the mouse but mouse events were being echoed in the terminal. Tried several keyboard combinations like CtrlAltF2, CtrlC, AltX and others and eventually the game window vanished.
The journal reports nothing relevant around that time. Nor was anything recorded in .xsession-errors.
So the update probably did not introduce the faulty behaviour in enigma.
There is a .enigma directory.
$ ll .enigma
drwxr-xr-x 2 lcl lcl 4096 Jun 21 14:15 backup/
-rw-r--r-- 1 lcl lcl 524 Jun 21 14:37 enigma_nodat.score
-rw-r--r-- 1 lcl lcl 524 Jun 21 14:37 enigma.score
drwxr-xr-x 6 lcl lcl 4096 Jun 21 14:15 levels/
-rw-r--r-- 1 lcl lcl 5168 Jun 21 14:37 state.xml
drwxr-xr-x 3 lcl lcl 4096 Jun 21 14:15 thumbs-120x78/
14:37 may have been the time when enigma was first played, before updating xerces-c. There may be an error log somewhere - which might not be any use if it were not closed properly.