Updated ming packages fix security vulnerability
Publication date: 10 Apr 2019Modification date: 10 Apr 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-6358 , CVE-2018-7867 , CVE-2018-7868 , CVE-2018-7870 , CVE-2018-7871 , CVE-2018-7872 , CVE-2018-7875 , CVE-2018-9165
Description
The printDefineFont2 function (util/listfdb.c) in libming through 0.4.8 is vulnerable to a heap-based buffer overflow, which may allow attackers to cause a denial of service or unspecified other impact via a crafted FDB file. (CVE-2018-6358) There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8 during a RegisterNumber sprintf. A Crafted input will lead to a denial of service attack. (CVE-2018-7867) There is a heap-based buffer over-read in the getName function of util/decompile.c in libming 0.4.8 for CONSTANT8 data. A Crafted input will lead to a denial of service attack. (CVE-2018-7868) An invalid memory address dereference was discovered in getString in util/decompile.c in libming 0.4.8 for CONSTANT16 data. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. (CVE-2018-7870) There is a heap-based buffer over-read in the getName function of util/decompile.c in libming 0.4.8 for CONSTANT16 data. A crafted input will lead to a denial of service or possibly unspecified other impact. (CVE-2018-7871) An invalid memory address dereference was discovered in the function getName in libming 0.4.8 for CONSTANT16 data. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. (CVE-2018-7872) There is a heap-based buffer over-read in the getString function of util/decompile.c in libming 0.4.8 for CONSTANT8 data. A Crafted input will lead to a denial of service attack. (CVE-2018-7875) The pushdup function in util/decompile.c in libming through 0.4.8 does not recognize the need for ActionPushDuplicate to perform a deep copy when a String is at the top of the stack, making the library vulnerable to a util/decompile.c getName NULL pointer dereference, which may allow attackers to cause a denial of service via a crafted SWF file. (CVE-2018-9165)
References
- https://bugs.mageia.org/show_bug.cgi?id=24505
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DCVKRTMEAJTXCYXNA53WZFPDF67TN7NC/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6358
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7867
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7868
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7870
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7871
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7872
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7875
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9165
SRPMS
6/core
- ming-0.4.9-0.git20181112.1.mga6