29914 – htmldoc new security issue CVE-2021-43579

Bug 29914 - htmldoc new security issue CVE-2021-43579

Summary: htmldoc new security issue CVE-2021-43579

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	8
Hardware:	All Linux

Priority:	Normal Severity: major
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA8-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2022-01-20 19:46 CET by David Walser
Modified:	2022-01-25 13:14 CET (History)
CC List:	4 users (show)

See Also:
Source RPM:	htmldoc-1.9.8-1.3.mga8.src.rpm
CVE:	CVE-2021-43579
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2022-01-20 19:46:39 CET

SUSE has issued an advisory on January 19:
https://lists.suse.com/pipermail/sle-security-updates/2022-January/010028.html

The issue is fixed upstream in 1.9.14.

Mageia 8 is also affected.

David Walser 2022-01-20 19:47:20 CET

Whiteboard: (none) => MGA8TOO
Status comment: (none) => Fixed upstream in 1.9.14
CC: (none) => nicolas.salguero

Comment 1 Lewis Smith 2022-01-20 20:01:51 CET

Do you mind doing this, NicolasS? You have done quite a number of CVEs for this SRPM.

CC: nicolas.salguero => (none)
Assignee: bugsquad => nicolas.salguero

Comment 2 Nicolas Salguero 2022-01-21 10:31:07 CET

Suggested advisory:
========================

The updated packages fix a crash when clicking the button "Generate" and a security vulnerability:

A stack-based buffer overflow in image_load_bmp() in HTMLDOC <= 1.9.13 results in remote code execution if the victim converts an HTML document linking to a crafted BMP file. (CVE-2021-43579)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43579
https://lists.suse.com/pipermail/sle-security-updates/2022-January/010028.html
========================

Updated packages in core/updates_testing:
========================
htmldoc-nogui-1.9.14-1.mga8
htmldoc-1.9.14-1.mga8

from SRPM:
htmldoc-1.9.14-1.mga8.src.rpm

Source RPM: htmldoc-1.9.8-4.mga9.src.rpm => htmldoc-1.9.8-1.3.mga8.src.rpm
CC: (none) => nicolas.salguero
Whiteboard: MGA8TOO => (none)
Version: Cauldron => 8
Status: NEW => ASSIGNED
CVE: (none) => CVE-2021-43579
Status comment: Fixed upstream in 1.9.14 => (none)
Assignee: nicolas.salguero => qa-bugs

Comment 3 Thomas Andrews 2022-01-22 16:02:54 CET

Updated the packages using qarepo, with no installation issues.

Tested using some html files of "Grokking the Gimp" that were downloaded so long ago that I don't remember doing it.

Tried the gui first, launched from the Plasma Tools menu. The crash from the "generate" button, which I had observed before, is fixed.

Tried the "nogui" next, on another html page, and produced a pdf of that page that looks just like the html page when viewed in Firefox.

It all looks good to me. Validating. Advisory in Comment 2.

Keywords: (none) => validated_update
Whiteboard: (none) => MGA8-64-OK
CC: (none) => andrewsfarm, sysadmin-bugs

Dave Hodgins 2022-01-24 22:57:33 CET

Keywords: (none) => advisory
CC: (none) => davidwhodgins

Comment 4 Mageia Robot 2022-01-25 13:14:31 CET

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0033.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED

Note You need to log in before you can comment on or make changes to this bug.