Advisories » MGASA-2018-0212

Updated ming packages fix security vulnerabilities

Publication date: 30 Apr 2018
Modification date: 30 Apr 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-8782 , CVE-2017-9988 , CVE-2017-9989 , CVE-2017-11704 , CVE-2017-11728 , CVE-2017-11729 , CVE-2017-11730 , CVE-2017-11731 , CVE-2017-11732 , CVE-2017-11733 , CVE-2017-11734 , CVE-2017-16883 , CVE-2017-16898 , CVE-2018-5251 , CVE-2018-5294 , CVE-2018-6315 , CVE-2018-6359

Description

The readString function in util/read.c and util/old/read.c in libming
0.4.8 allows remote attackers to cause a denial of service via a large
file that is mishandled by listswf, listaction, etc. This occurs
because of an integer overflow that leads to a memory allocation error.
(CVE-2017-8782)

The readEncUInt30 function in util/read.c in libming 0.4.8 mishandles
memory allocation. A crafted input will lead to a remote denial of
service (NULL pointer dereference) attack against parser.c.
(CVE-2017-9988)

util/outputtxt.c in libming 0.4.8 mishandles memory allocation. A
crafted input will lead to a remote denial of service (NULL pointer
dereference) attack. (CVE-2017-9989)

A heap-based buffer over-read was found in the function decompileIF in
util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial
of service via a crafted file. (CVE-2017-11704)

A heap-based buffer over-read was found in the function OpCode (called
from decompileSETMEMBER) in util/decompile.c in Ming 0.4.8, which allows
attackers to cause a denial of service via a crafted file.
(CVE-2017-11728)

A heap-based buffer over-read was found in the function OpCode (called
from decompileINCR_DECR line 1440) in util/decompile.c in Ming 0.4.8,
which allows attackers to cause a denial of service via a crafted file.
(CVE-2017-11729)

A heap-based buffer over-read was found in the function OpCode (called
from decompileINCR_DECR line 1474) in util/decompile.c in Ming 0.4.8,
which allows attackers to cause a denial of service via a crafted file.
(CVE-2017-11730)

An invalid memory read vulnerability was found in the function OpCode
(called from isLogicalOp and decompileIF) in util/decompile.c in Ming
0.4.8, which allows attackers to cause a denial of service via a crafted
file. (CVE-2017-11731)

A heap-based buffer overflow vulnerability was found in the function
dcputs (called from decompileIMPLEMENTS) in util/decompile.c in Ming
0.4.8, which allows attackers to cause a denial of service via a
crafted file. (CVE-2017-11732)

A null pointer dereference vulnerability was found in the function
stackswap (called from decompileSTACKSWAP) in util/decompile.c in Ming
0.4.8, which allows attackers to cause a denial of service via a crafted
file. (CVE-2017-11733)

A heap-based buffer over-read was found in the function
decompileCALLFUNCTION in util/decompile.c in Ming 0.4.8, which allows
attackers to cause a denial of service via a crafted file.
(CVE-2017-11734)

The outputSWF_TEXT_RECORD function in util/outputscript.c in libming <=
0.4.8 is vulnerable to a NULL pointer dereference, which may allow
attackers to cause a denial of service via a crafted swf file.
(CVE-2017-16883)

The printMP3Headers function in util/listmp3.c in libming v0.4.8 or
earlier is vulnerable to a global buffer overflow, which may allow
attackers to cause a denial of service via a crafted file, a different
vulnerability than CVE-2016-9264. (CVE-2017-16898)

In libming 0.4.8, there is an integer signedness error vulnerability
(left shift of a negative value) in the readSBits function
(util/read.c). Remote attackers can leverage this vulnerability to
cause a denial of service via a crafted swf file. (CVE-2018-5251)

In libming 0.4.8, there is an integer overflow (caused by an
out-of-range left shift) in the readUInt32 function (util/read.c).
Remote attackers could leverage this vulnerability to cause a
denial-of-service via a crafted swf file. (CVE-2018-5294)

The outputSWF_TEXT_RECORD function (util/outputscript.c) in libming
through 0.4.8 is vulnerable to an integer overflow and resultant
out-of-bounds read, which may allow attackers to cause a denial of
service or unspecified other impact via a crafted SWF file.
(CVE-2018-6315)

The decompileIF function (util/decompile.c) in libming through 0.4.8
is vulnerable to a use-after-free, which may allow attackers to cause a
denial of service or unspecified other impact via a crafted SWF file.
(CVE-2018-6359)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=22815
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8782
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9988
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9989
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11704
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11728
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11729
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11730
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11731
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11732
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11733
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11734
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16883
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16898
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5251
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5294
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6315
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6359

SRPMS

6/core

• ming-0.4.5-14.1.mga6