Debian-LTS has issued an advisory today (March 8): https://www.debian.org/lts/security/2021/dla-2584 Mageia 7 and Mageia 8 are also affected.
Whiteboard: (none) => MGA8TOO, MGA7TOOStatus comment: (none) => Patches available from upstream and Debian
This SRPM has various committers, so assigning this bug globally.
Assignee: bugsquad => pkg-bugs
Fixed in cauldron. Patch added in mga7/8: - mageia 7: - libcaca-0.99-0.beta19.3.1.mga7 - mageia 8: - libcaca-0.99-0.beta19.5.1.mga8
CC: (none) => mageiaAssignee: pkg-bugs => qa-bugsStatus comment: Patches available from upstream and Debian => (none)
Whiteboard: MGA8TOO, MGA7TOO => MGA7TOOVersion: Cauldron => 8
Advisory: ======================== Updated libcaca packages fix security vulnerability: A buffer overflow issue in caca_resize function in libcaca/caca/canvas.c may lead to local execution of arbitrary code in the user context (CVE-2021-3410). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3410 https://www.debian.org/lts/security/2021/dla-2584 ======================== Updated packages in core/updates_testing: ======================== libcaca0-0.99-0.beta19.3.1.mga7 libcaca-devel-0.99-0.beta19.3.1.mga7 caca-utils-0.99-0.beta19.3.1.mga7 ruby-caca-0.99-0.beta19.3.1.mga7 python-caca-0.99-0.beta19.3.1.mga7 libcaca0-0.99-0.beta19.5.1.mga8 libcaca-devel-0.99-0.beta19.5.1.mga8 caca-utils-0.99-0.beta19.5.1.mga8 python3-caca-0.99-0.beta19.5.1.mga8 ruby-caca-debuginfo-0.99-0.beta19.5.1.mga8 from SRPMS: libcaca-0.99-0.beta19.3.1.mga7.src.rpm libcaca-0.99-0.beta19.5.1.mga8.src.rpm
Tested in both releases in 64-bit Plasma installs on an AMD Phenom II 910, Radeon HD 8490 graphics. Both installs already had libcaca0 installed. Installed caca-utils and tried some of the demos suggested in https://bugs.mageia.org/show_bug.cgi?id=24208#c8 Updated packages, no installation issues in either install. Tried cacaview, cacafire, and cacademo, all worked. I believe that should be sufficient. OKing, and validating. Advisory in Comment 3.
CC: (none) => andrewsfarm, sysadmin-bugsWhiteboard: MGA7TOO => MGA7TOO MGA7-64-OK MGA8-64-OKKeywords: (none) => validated_update
Advisory committed to SVN.
CVE: (none) => CVE-2021-3410CC: (none) => ouaurelienKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0128.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED