Bug 33620 - libgsf new security issues CVE-2024-36474 and CVE-2024-42415
Summary: libgsf new security issues CVE-2024-36474 and CVE-2024-42415
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 9
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA9-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2024-10-08 13:36 CEST by Nicolas Salguero
Modified: 2024-11-20 16:38 CET (History)
3 users (show)

See Also:
Source RPM: libgsf-1.14.50-1.mga9.src.rpm
CVE: CVE-2024-36474, CVE-2024-42415
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2024-10-08 13:36:44 CEST 
Debian has issued an advisory on October 5:
https://lwn.net/Articles/993121/
Nicolas Salguero 2024-10-08 13:37:15 CEST

CVE: (none) => CVE-2024-36474, CVE-2024-42415
Source RPM: (none) => libgsf-1.14.50-1.mga9.src.rpm
Status comment: (none) => Fixed upstream in 1.14.53 and patch available from Debian

Comment 1 Nicolas Salguero 2024-10-11 15:11:38 CEST 
Ubuntu has issued an advisory on October :
https://ubuntu.com/security/notices/USN-7062-1
Comment 2 Lewis Smith 2024-10-12 22:12:41 CEST 
Fixed upstream in 1.14.53 already in Cauldron. Remains M9.

https://security-tracker.debian.org/tracker/libgsf
https://security-tracker.debian.org/tracker/source-package/libgsf
 but I could not find the patch.

Different packagers have dealt with this pkg, so assigning bug globally.

Assignee: bugsquad => pkg-bugs

Comment 3 Nicolas Salguero 2024-10-23 16:25:42 CEST 
Suggested advisory:
========================

The updated packages fix security vulnerabilities:

An integer overflow vulnerability exists in the Compound Document Binary File format parser of the GNOME Project G Structured File Library (libgsf) version v1.14.52. A specially crafted file can result in an integer overflow when processing the directory from the file that allows for an out-of-bounds index to be used when reading and writing to an array. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. (CVE-2024-36474)

An integer overflow vulnerability exists in the Compound Document Binary File format parser of v1.14.52 of the GNOME Project G Structured File Library (libgsf). A specially crafted file can result in an integer overflow that allows for a heap-based buffer overflow when processing the sector allocation table. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. (CVE-2024-42415)

References:
https://lwn.net/Articles/993121/
https://ubuntu.com/security/notices/USN-7062-1
========================

Updated packages in core/updates_testing:
========================
lib(64)gsf1_114-1.14.50-1.1.mga9
lib(64)gsf-devel-1.14.50-1.1.mga9
lib(64)gsf-gir1-1.14.50-1.1.mga9
libgsf-1.14.50-1.1.mga9

from SRPM:
libgsf-1.14.50-1.1.mga9.src.rpm

Status comment: Fixed upstream in 1.14.53 and patch available from Debian => (none)
Status: NEW => ASSIGNED
Assignee: pkg-bugs => qa-bugs

katnatek 2024-10-23 20:02:50 CEST

Keywords: (none) => advisory

Comment 4 Herman Viaene 2024-10-25 16:05:38 CEST 
MGA9-64 MATE on HP-Pavillion
No installation issues.
Ref bug 19932 for test: gchemtable works OK.
Good enough.

Whiteboard: (none) => MGA9-64-OK
CC: (none) => herman.viaene

Comment 5 Thomas Andrews 2024-10-27 01:01:30 CEST 
Validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Comment 6 Mageia Robot 2024-10-27 03:37:57 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2024-0337.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED

Comment 7 dorian elise 2024-11-20 08:33:38 CET Comment hidden (spam)

CC: (none) => dorianelise345

katnatek 2024-11-20 16:38:46 CET

CC: dorianelise345 => (none)
Note You need to log in before you can comment on or make changes to this bug.