openSUSE has issued an advisory on April 29: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PUXQNAUH2W6TRXYZGBDFHQTMXINVMOJB/ Mageia 8 is also affected.
Status comment: (none) => Patch available from openSUSEWhiteboard: (none) => MGA8TOO
This SRPM has been updated by different paople, so assigning this globally.
Assignee: bugsquad => pkg-bugs
Suggested advisory: ======================== The updated packages fix a security vulnerability: libcaca is affected by a Divide By Zero issue via img2txt, which allows a remote malicious user to cause a Denial of Service. (CVE-2022-0856) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0856 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PUXQNAUH2W6TRXYZGBDFHQTMXINVMOJB/ ======================== Updated packages in core/updates_testing: ======================== caca-utils-0.99-0.beta19.5.3.mga8 lib(64)caca0-0.99-0.beta19.5.3.mga8 lib(64)caca-devel-0.99-0.beta19.5.3.mga8 python3-caca-0.99-0.beta19.5.3.mga8 ruby-caca-0.99-0.beta19.5.3.mga8 from SRPM: libcaca-0.99-0.beta19.5.3.mga8.src.rpm
CVE: (none) => CVE-2022-0856Status comment: Patch available from openSUSE => (none)Assignee: pkg-bugs => qa-bugsVersion: Cauldron => 8CC: (none) => nicolas.salgueroWhiteboard: MGA8TOO => (none)Status: NEW => ASSIGNED
Tested in a VirtualBox MGA8 Plasma guest. No installation issues. Tried cacaview and cacafire, as outlined in Bug 24208 Comment 8. Both seemed to work. In Bug 29575, it was suggested that rather than its own built-in utilities, testers should try something that uses the library. After looking into it, I decided to try toilet. Toilet (“The Other Implementation’s letters”) is a fun yet mostly useless command that takes small text input and outputs it a large ASCII art text in the terminal: $ toilet Mageia m m " ## ## mmm mmmm mmm mmm mmm # ## # " # #" "# #" # # " # # "" # m"""# # # #"""" # m"""# # # "mm"# "#m"# "#mm" mm#mm "mm"# m # "" There are special color and rotating effects available, too. I tried them, and they work, but I'm not sure they would reproduce well here. (Probably just as well.) OKing this and validating. Advisory in Comment 2.
Whiteboard: (none) => MGA8-64-OKCC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0172.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED