openSUSE has issued an advisory on June 17: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RXMQHLXPNKTCGM4HNTMLHF7NWL3ZXKIO/ The issue is fixed upstream in 1.9.12. Mageia 7 and Mageia 8 are also affected.
CC: (none) => nicolas.salgueroStatus comment: (none) => Fixed upstream in 1.9.12Blocks: (none) => 29101Whiteboard: (none) => MGA8TOO, MGA7TOO
Changing NicolasS from CC to assignee; you very recently did loads of CVE updates to htmldoc - but not this one!
Assignee: bugsquad => nicolas.salgueroCC: nicolas.salguero => (none)
Suggested advisory: ======================== The updated packages fix a security vulnerability: Integer overflow in the htmldoc 1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service that is similar to CVE-2017-9181. (CVE-2021-20308) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20308 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RXMQHLXPNKTCGM4HNTMLHF7NWL3ZXKIO/ ======================== Updated packages in 7/core/updates_testing: ======================== htmldoc-1.9.3-2.3.mga7 htmldoc-nogui-1.9.3-2.3.mga7 from SRPM: htmldoc-1.9.3-2.3.mga7.src.rpm Updated packages in 8/core/updates_testing: ======================== htmldoc-1.9.8-1.2.mga8 htmldoc-nogui-1.9.8-1.2.mga8 from SRPM: htmldoc-1.9.8-1.2.mga8.src.rpm
Assignee: nicolas.salguero => qa-bugsWhiteboard: MGA8TOO, MGA7TOO => MGA7TOOStatus: NEW => ASSIGNEDStatus comment: Fixed upstream in 1.9.12 => (none)Version: Cauldron => 8CVE: (none) => CVE-2021-20308
Advisory from Bug 29101 needs to be combined into this one.
MGA7-64 Plasma on Lenovo B50 No installation issues. tried htmldoc from menu with gui, converted html file to pdf OK. At CLI: $ htmldoc-nogui -f donderdag2.pdf --webpage donderdag.html PAGES: 18 BYTES: 320364 fpdf file OK. Good enoughfor me.
CC: (none) => herman.viaeneWhiteboard: MGA7TOO => MGA7TOO MGA7-64-OK
PoC is here: https://github.com/michaelrsweet/htmldoc/issues/423
Debian-LTS has issued an advisory for this today (July 1): https://www.debian.org/lts/security/2021/dla-2700 It has all of the CVEs.
Tested PoC from Comment 5. Before: $ htmldoc --webpage -f out.pdf htmldoc-poc.html PAGES: 2 Segmentation fault (core dumped) After: $ htmldoc --webpage -f out.pdf htmldoc-poc.html ERR011: Unable to load image file "htmldoc-poc.gif"! PAGES: 1 BYTES: 38849 Looks good on Mageia 8 x86_64.
Whiteboard: MGA7TOO MGA7-64-OK => MGA7TOO MGA7-64-OK MGA8-64-OK
Validating. Advisory in Comment 2, with an important note in Comment 3.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
Good PoC tests for the other CVEs in: https://bugs.mageia.org/show_bug.cgi?id=29101#c6 Advisory should combine: https://bugs.mageia.org/show_bug.cgi?id=29101#c2 https://bugs.mageia.org/show_bug.cgi?id=29161#c2
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0332.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED