A memory leak was discovered in Mat_VarCalloc in mat.c in matio 1.5.17 because SafeMulDims does not consider the rank==0 case.
CVE: (none) => CVE-2019-20052
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20052 Fix is here: https://github.com/tbeu/matio/commit/a47b7cd3aca70e9a0bddf8146eb4ab0cbd19c2c3 It's not clear what versions (if any) are actually affected.
Whiteboard: (none) => MGA7TOOSummary: matio security flaw CVE-2019-20052 => matio possible new security issue CVE-2019-20052Status comment: (none) => Patch available from upstreamAssignee: bugsquad => geiger.david68210Severity: normal => majorCC: (none) => nicolas.salguero
Fixed in cauldron. Package pushed in mga7: src: matio-1.5.16-1.2.mga7
Whiteboard: MGA7TOO => (none)Assignee: geiger.david68210 => qa-bugsVersion: Cauldron => 7CC: (none) => mageia
Advisory: ======================== Updated matio packages fix security vulnerability: A memory leak was discovered in Mat_VarCalloc in mat.c in matio 1.5.17 because SafeMulDims does not consider the rank==0 case (CVE-2019-20052). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20052 ======================== Updated packages in core/updates_testing: ======================== matio-1.5.16-1.2.mga7 libmatio9-1.5.16-1.2.mga7 libmatio-devel-1.5.16-1.2.mga7 from matio-1.5.16-1.2.mga7.src.rpm
Status comment: Patch available from upstream => (none)
mga7, x86_64 CVE-2019-20052 https://github.com/tbeu/matio/issues/131 $ matdump 006-memleak InflateRankDims: inflate returned data error InflateVarNameTag: inflate returned data error Empty InflateRankDims: Reading dimensions expected type MAT_T_INT32 InflateRankDims: Reading dimensions expected type MAT_T_INT32 Name: Rank: 0 InflateRankDims: inflate returned data error Segmentation fault (core dumped) Updated packages. $ rpm -q matio matio-1.5.16-1.2.mga7 $ matdump 006-memleak InflateRankDims: inflate returned data error InflateVarNameTag: inflate returned data error Empty InflateRankDims: Reading dimensions expected type MAT_T_INT32 Name: Rank: 0 InflateRankDims: inflate returned data error Segmentation fault (core dumped) There is only a minor difference which gives the impression that the patch does not work. Upstream had difficulty verifying the fix or even the issue. So, what do we do in a case like this - just carry on regardless? I probably shall anyway.
CC: (none) => tarazed25
Someone needs to tell upstream that it's not fixed.
Whiteboard: (none) => feedback
Keywords: (none) => feedbackWhiteboard: feedback => (none)
Upstream BR is closed since dec. 2019!
CC: (none) => ouaurelienSource RPM: matio-1.5.17-3.mga8.src.rpm => matio-1.5.16-1.1.mga7.src.rpm
Re ping. We should fix this. @Packager can you take a look?
Status: NEW => NEEDINFO
Status: NEEDINFO => NEW
Depends on: (none) => 29164
Incomplete fix bug filed as Bug 29164. Let's push this update.
Keywords: feedback => (none)
(In reply to David Walser from comment #8) > Incomplete fix bug filed as Bug 29164. Let's push this update. Validating.
CC: (none) => sysadmin-bugsKeywords: (none) => advisory, validated_updateWhiteboard: (none) => MGA7-64-OK
what's the plan here... it stated it needs to be pushed, but bug 29164 got added as blocker, so this one wont be pushed then..
This one should be pushed. The other bug isn't assigned to QA.
ok, dropping the dep
Depends on: 29164 => (none)
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0285.html
Status: NEW => RESOLVEDResolution: (none) => FIXED