Mageia alert MGASA-2021-0332 (htmldoc)
| From: | Mageia Updates <buildsystem-daemon@mageia.org> | |
| To: | updates-announce@ml.mageia.org | |
| Subject: | [updates-announce] MGASA-2021-0332: Updated htmldoc packages fix security vulnerabilities | |
| Date: | Sat, 10 Jul 2021 14:58:07 +0200 | |
| Message-ID: | <20210710125807.98D20A0ECA@duvel.mageia.org> | |
| Archive-link: | Article |
MGASA-2021-0332 - Updated htmldoc packages fix security vulnerabilities Publication date: 10 Jul 2021 URL: https://advisories.mageia.org/MGASA-2021-0332.html Type: security Affected Mageia releases: 7, 8 CVE: CVE-2021-20308, CVE-2021-23158, CVE-2021-23165, CVE-2021-23180, CVE-2021-23191, CVE-2021-23206, CVE-2021-26252, CVE-2021-26259, CVE-2021-26948 Description: Updated htmldoc packages fix security vulnerabilities: Integer overflow in the htmldoc 1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service that is similar to CVE-2017-9181 (CVE-2021-20308). AddressSanitizer: double-free in function pspdf_export ps-pdf.cxx (CVE-2021-23158). AddressSanitizer: heap-buffer-overflow in pspdf_prepare_outpages() in ps-pdf.cxx (CVE-2021-23165). AddressSanitizer: SEGV in file_extension file.c (CVE-2021-23180). AddressSanitizer: SEGV on unknown address 0x000000000014 (CVE-2021-23191). AddressSanitizer: stack-buffer-overflow in parse_table ps-pdf.cxx (CVE-2021-23206). AddressSanitizer: heap-buffer-overflow in pspdf_prepare_page(int) ps-pdf.cxx (CVE-2021-26252). AddressSanitizer: heap-buffer-overflow on render_table_row() ps-pdf.cxx (CVE-2021-26259). SEGV on unknown address 0x000000000000 (CVE-2021-26948). References: - https://bugs.mageia.org/show_bug.cgi?id=29161 - https://bugs.mageia.org/show_bug.cgi?id=29101 - https://www.debian.org/security/2021/dsa-4928 - https://lists.opensuse.org/archives/list/security-announc... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2... SRPMS: - 8/core/htmldoc-1.9.8-1.2.mga8 - 7/core/htmldoc-1.9.3-2.3.mga7