Mageia alert MGASA-2018-0212 (ming)
| From: | Mageia Updates <buildsystem-daemon@mageia.org> | |
| To: | updates-announce@ml.mageia.org | |
| Subject: | [updates-announce] MGASA-2018-0212: Updated ming packages fix security vulnerabilities | |
| Date: | Mon, 30 Apr 2018 21:08:46 +0200 | |
| Message-ID: | <20180430190846.3C689A0060@duvel.mageia.org> |
MGASA-2018-0212 - Updated ming packages fix security vulnerabilities Publication date: 30 Apr 2018 URL: https://advisories.mageia.org/MGASA-2018-0212.html Type: security Affected Mageia releases: 6 CVE: CVE-2017-8782, CVE-2017-9988, CVE-2017-9989, CVE-2017-11704, CVE-2017-11728, CVE-2017-11729, CVE-2017-11730, CVE-2017-11731, CVE-2017-11732, CVE-2017-11733, CVE-2017-11734, CVE-2017-16883, CVE-2017-16898, CVE-2018-5251, CVE-2018-5294, CVE-2018-6315, CVE-2018-6359 Description: The readString function in util/read.c and util/old/read.c in libming 0.4.8 allows remote attackers to cause a denial of service via a large file that is mishandled by listswf, listaction, etc. This occurs because of an integer overflow that leads to a memory allocation error. (CVE-2017-8782) The readEncUInt30 function in util/read.c in libming 0.4.8 mishandles memory allocation. A crafted input will lead to a remote denial of service (NULL pointer dereference) attack against parser.c. (CVE-2017-9988) util/outputtxt.c in libming 0.4.8 mishandles memory allocation. A crafted input will lead to a remote denial of service (NULL pointer dereference) attack. (CVE-2017-9989) A heap-based buffer over-read was found in the function decompileIF in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. (CVE-2017-11704) A heap-based buffer over-read was found in the function OpCode (called from decompileSETMEMBER) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. (CVE-2017-11728) A heap-based buffer over-read was found in the function OpCode (called from decompileINCR_DECR line 1440) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. (CVE-2017-11729) A heap-based buffer over-read was found in the function OpCode (called from decompileINCR_DECR line 1474) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. (CVE-2017-11730) An invalid memory read vulnerability was found in the function OpCode (called from isLogicalOp and decompileIF) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. (CVE-2017-11731) A heap-based buffer overflow vulnerability was found in the function dcputs (called from decompileIMPLEMENTS) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. (CVE-2017-11732) A null pointer dereference vulnerability was found in the function stackswap (called from decompileSTACKSWAP) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. (CVE-2017-11733) A heap-based buffer over-read was found in the function decompileCALLFUNCTION in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. (CVE-2017-11734) The outputSWF_TEXT_RECORD function in util/outputscript.c in libming <= 0.4.8 is vulnerable to a NULL pointer dereference, which may allow attackers to cause a denial of service via a crafted swf file. (CVE-2017-16883) The printMP3Headers function in util/listmp3.c in libming v0.4.8 or earlier is vulnerable to a global buffer overflow, which may allow attackers to cause a denial of service via a crafted file, a different vulnerability than CVE-2016-9264. (CVE-2017-16898) In libming 0.4.8, there is an integer signedness error vulnerability (left shift of a negative value) in the readSBits function (util/read.c). Remote attackers can leverage this vulnerability to cause a denial of service via a crafted swf file. (CVE-2018-5251) In libming 0.4.8, there is an integer overflow (caused by an out-of-range left shift) in the readUInt32 function (util/read.c). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted swf file. (CVE-2018-5294) The outputSWF_TEXT_RECORD function (util/outputscript.c) in libming through 0.4.8 is vulnerable to an integer overflow and resultant out-of-bounds read, which may allow attackers to cause a denial of service or unspecified other impact via a crafted SWF file. (CVE-2018-6315) The decompileIF function (util/decompile.c) in libming through 0.4.8 is vulnerable to a use-after-free, which may allow attackers to cause a denial of service or unspecified other impact via a crafted SWF file. (CVE-2018-6359) References: - https://bugs.mageia.org/show_bug.cgi?id=22815 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8782 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9988 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9989 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5251 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5294 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6315 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6359 SRPMS: - 6/core/ming-0.4.5-14.1.mga6