SUSE has issued an advisory today (December 23): https://lists.suse.com/pipermail/sle-security-updates/2021-December/009935.html The issue is fixed upstream in 1.9.12. Mageia 8 is also affected.
Whiteboard: (none) => MGA8TOOStatus comment: (none) => Fixed upstream in 1.9.12CC: (none) => nicolas.salguero
This SRPM has had various packagers, of whom NicolasS has done several recent CVEs, so assigning to you.
Assignee: bugsquad => nicolas.salguero
Nicolas patched it again: htmldoc-nogui-1.9.8-1.3.mga8 htmldoc-1.9.8-1.3.mga8 from htmldoc-1.9.8-1.3.mga8.src.rpm We really should at least update Cauldron to 1.9.12.
Status comment: Fixed upstream in 1.9.12 => (none)Whiteboard: MGA8TOO => (none)Version: Cauldron => 8Assignee: nicolas.salguero => qa-bugs
Suggested advisory: ======================== The updated packages fix a security vulnerability: Buffer overflow vulnerability in htmldoc before 1.9.12, allows attackers to cause a denial of service via a crafted BMP image to image_load_bmp. (CVE-2021-40985) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40985 https://lists.suse.com/pipermail/sle-security-updates/2021-December/009935.html ======================== Updated packages in core/updates_testing: ======================== htmldoc-nogui-1.9.8-1.3.mga8 htmldoc-1.9.8-1.3.mga8 from SRPM: htmldoc-1.9.8-1.3.mga8.src.rpm
Status: NEW => ASSIGNED
CVE: (none) => CVE-2021-40985
Source RPM: htmldoc-1.9.8-3.mga9.src.rpm => htmldoc-1.9.8-1.2.mga8.src.rpm
Mageia 8 X64 Gnome Installed without any problem. I tried to generate a pdf file with GUI HTMLDOC but I've got always this error: Segmentation Error (core dumped) Maybe I don't use the good options. No problem with cli. I generate a pdf and a epub files from a complex html page.
CC: (none) => hdetavernier
MGA8-64 Plasma on Lenovo B50 in Dutch No installation issues I can confirm the issue Hugues reported above with GUI: I launched the htmldoc from the CLI and I can define all settings in the different tabs of the interface, but as I click "Generate" the program s aborted and the Segmentation error is on the feedbackin the CLI.
CC: (none) => herman.viaene
Hugues, Herman, did either of you try the htmldoc gui BEFORE installing the update? Installed htmldoc and dependency: The following 3 packages are going to be installed: - htmldoc-1.9.8-1.2.mga8.x86_64 - htmldoc-nogui-1.9.8-1.2.mga8.x86_64 - lib64fltk1.3-1.3.5-2.mga8.x86_64 After installation, I tried converting a simple html file into a pdf, but when I hit the "Generate" button I get the same segmentation error you guys are reporting with the update. Last update was in late June/early July, bug 29101 and bug 29161. Nobody reported anything like that at that time. Am I doing something wrong? Could someone try a new install of the current version and confirm what I'm seeing?
CC: (none) => andrewsfarm
@TJ, referring to comment 6 Yes, before updating htmldoc segfaults with the same test.
CC: (none) => tarazed25
Continuing from comment 7: The updated version behaves in the same way - segfault -> gui vanishes.
Sending it back to Nicolas because of the segfault when the "Generate" button is pressed in the gui. Since this problem exists in the current version and the proposed update for Mageia 8, I believe Cauldron should be examined, too.
Assignee: qa-bugs => nicolas.salguero
Just tried the same test on htmldoc in Cauldron and it failed with a segfault on Generate. For the record: Add a user HTML file Select it Open it Check pdf No compression Generate Back in mga8 repeated the test under strace. $ tail htmldoc.trace read(4, "d0 Macron\nf6d1 cyrBreve\nf6d2 cyr"..., 4096) = 2668 read(4, "", 4096) = 0 close(4) = 0 openat(AT_FDCWD, "/usr/share/htmldoc/data/iso-8859-1", O_RDONLY) = 4 fstat(4, {st_mode=S_IFREG|0444, st_size=2292, ...}) = 0 read(4, "0x20 0x0020\n0x21 0x0021\n0x22 0x0"..., 4096) = 2292 read(4, "", 4096) = 0 close(4) = 0 --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x78} --- +++ killed by SIGSEGV (core dumped) +++
if the segfault exists even before the patch maybe this should not block the update but in parallel we should open a new bugreport.
CC: (none) => mageia
Agreed.
Assignee: nicolas.salguero => qa-bugs
(In reply to Nicolas Lécureuil from comment #11) > if the segfault exists even before the patch maybe this should not block the > update but in parallel we should open a new bugreport. Giving this bug an OK then, and validating. Advisory in Comment 3. I suppose the new bug report should probably be opened against Cauldron, with an MGA8TOO in the whiteboard. I would do that, but I don't presently have a Cauldron install so I have not personally observed the problem there. Would one of you care to take care of it?
Whiteboard: (none) => MGA8-64-OKKeywords: (none) => validated_updateCC: (none) => sysadmin-bugs
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0014.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED