A memory leak was discovered in Mat_VarCalloc in mat.c in matio 1.5.17 because SafeMulDims does not consider the rank==0 case.
CVE: (none) => CVE-2019-20052
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20052 Fix is here: https://github.com/tbeu/matio/commit/a47b7cd3aca70e9a0bddf8146eb4ab0cbd19c2c3 It's not clear what versions (if any) are actually affected.
Whiteboard: (none) => MGA7TOOSummary: matio security flaw CVE-2019-20052 => matio possible new security issue CVE-2019-20052Status comment: (none) => Patch available from upstreamAssignee: bugsquad => geiger.david68210Severity: normal => majorCC: (none) => nicolas.salguero
Fixed in cauldron. Package pushed in mga7: src: matio-1.5.16-1.2.mga7
Whiteboard: MGA7TOO => (none)CC: (none) => mageiaVersion: Cauldron => 7Assignee: geiger.david68210 => qa-bugs
Advisory: ======================== Updated matio packages fix security vulnerability: A memory leak was discovered in Mat_VarCalloc in mat.c in matio 1.5.17 because SafeMulDims does not consider the rank==0 case (CVE-2019-20052). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20052 ======================== Updated packages in core/updates_testing: ======================== matio-1.5.16-1.2.mga7 libmatio9-1.5.16-1.2.mga7 libmatio-devel-1.5.16-1.2.mga7 from matio-1.5.16-1.2.mga7.src.rpm
Status comment: Patch available from upstream => (none)
mga7, x86_64 CVE-2019-20052 https://github.com/tbeu/matio/issues/131 $ matdump 006-memleak InflateRankDims: inflate returned data error InflateVarNameTag: inflate returned data error Empty InflateRankDims: Reading dimensions expected type MAT_T_INT32 InflateRankDims: Reading dimensions expected type MAT_T_INT32 Name: Rank: 0 InflateRankDims: inflate returned data error Segmentation fault (core dumped) Updated packages. $ rpm -q matio matio-1.5.16-1.2.mga7 $ matdump 006-memleak InflateRankDims: inflate returned data error InflateVarNameTag: inflate returned data error Empty InflateRankDims: Reading dimensions expected type MAT_T_INT32 Name: Rank: 0 InflateRankDims: inflate returned data error Segmentation fault (core dumped) There is only a minor difference which gives the impression that the patch does not work. Upstream had difficulty verifying the fix or even the issue. So, what do we do in a case like this - just carry on regardless? I probably shall anyway.
CC: (none) => tarazed25
Someone needs to tell upstream that it's not fixed.
Whiteboard: (none) => feedback
Whiteboard: feedback => (none)Keywords: (none) => feedback
Upstream BR is closed since dec. 2019!
Source RPM: matio-1.5.17-3.mga8.src.rpm => matio-1.5.16-1.1.mga7.src.rpmCC: (none) => ouaurelien
Re ping. We should fix this. @Packager can you take a look?
Status: NEW => NEEDINFO
Status: NEEDINFO => NEW