advisories/24505.adv

type: security
subject: Updated ming packages fix security vulnerability
CVE:
 - CVE-2018-6358
 - CVE-2018-7867
 - CVE-2018-7868
 - CVE-2018-7870
 - CVE-2018-7871
 - CVE-2018-7872
 - CVE-2018-7875
 - CVE-2018-9165
src:
  6:
   core:
     - ming-0.4.9-0.git20181112.1.mga6
description: |
  The printDefineFont2 function (util/listfdb.c) in libming through 0.4.8 is
  vulnerable to a heap-based buffer overflow, which may allow attackers to
  cause a denial of service or unspecified other impact via a crafted FDB
  file. (CVE-2018-6358)

  There is a heap-based buffer overflow in the getString function of
  util/decompile.c in libming 0.4.8 during a RegisterNumber sprintf. A
  Crafted input will lead to a denial of service attack. (CVE-2018-7867)

  There is a heap-based buffer over-read in the getName function of
  util/decompile.c in libming 0.4.8 for CONSTANT8 data. A Crafted input will
  lead to a denial of service attack. (CVE-2018-7868)

  An invalid memory address dereference was discovered in getString in
  util/decompile.c in libming 0.4.8 for CONSTANT16 data. The vulnerability
  causes a segmentation fault and application crash, which leads to denial
  of service. (CVE-2018-7870)

  There is a heap-based buffer over-read in the getName function of
  util/decompile.c in libming 0.4.8 for CONSTANT16 data. A crafted input
  will lead to a denial of service or possibly unspecified other impact.
  (CVE-2018-7871)

  An invalid memory address dereference was discovered in the function
  getName in libming 0.4.8 for CONSTANT16 data. The vulnerability causes a
  segmentation fault and application crash, which leads to denial of
  service. (CVE-2018-7872)

  There is a heap-based buffer over-read in the getString function of
  util/decompile.c in libming 0.4.8 for CONSTANT8 data. A Crafted input
  will lead to a denial of service attack. (CVE-2018-7875)

  The pushdup function in util/decompile.c in libming through 0.4.8 does
  not recognize the need for ActionPushDuplicate to perform a deep copy
  when a String is at the top of the stack, making the library vulnerable
  to a util/decompile.c getName NULL pointer dereference, which may allow
  attackers to cause a denial of service via a crafted SWF file.
  (CVE-2018-9165)
references:
 - https://bugs.mageia.org/show_bug.cgi?id=24505
 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DCVKRTMEAJTXCYXNA53WZFPDF67TN7NC/
ID: MGASA-2019-0137
1	type: security
2	subject: Updated ming packages fix security vulnerability
3	CVE:
4	- CVE-2018-6358
5	- CVE-2018-7867
6	- CVE-2018-7868
7	- CVE-2018-7870
8	- CVE-2018-7871
9	- CVE-2018-7872
10	- CVE-2018-7875
11	- CVE-2018-9165
12	src:
13	6:
14	core:
15	- ming-0.4.9-0.git20181112.1.mga6
16	description: \|
17	The printDefineFont2 function (util/listfdb.c) in libming through 0.4.8 is
18	vulnerable to a heap-based buffer overflow, which may allow attackers to
19	cause a denial of service or unspecified other impact via a crafted FDB
20	file. (CVE-2018-6358)
21
22	There is a heap-based buffer overflow in the getString function of
23	util/decompile.c in libming 0.4.8 during a RegisterNumber sprintf. A
24	Crafted input will lead to a denial of service attack. (CVE-2018-7867)
25
26	There is a heap-based buffer over-read in the getName function of
27	util/decompile.c in libming 0.4.8 for CONSTANT8 data. A Crafted input will
28	lead to a denial of service attack. (CVE-2018-7868)
29
30	An invalid memory address dereference was discovered in getString in
31	util/decompile.c in libming 0.4.8 for CONSTANT16 data. The vulnerability
32	causes a segmentation fault and application crash, which leads to denial
33	of service. (CVE-2018-7870)
34
35	There is a heap-based buffer over-read in the getName function of
36	util/decompile.c in libming 0.4.8 for CONSTANT16 data. A crafted input
37	will lead to a denial of service or possibly unspecified other impact.
38	(CVE-2018-7871)
39
40	An invalid memory address dereference was discovered in the function
41	getName in libming 0.4.8 for CONSTANT16 data. The vulnerability causes a
42	segmentation fault and application crash, which leads to denial of
43	service. (CVE-2018-7872)
44
45	There is a heap-based buffer over-read in the getString function of
46	util/decompile.c in libming 0.4.8 for CONSTANT8 data. A Crafted input
47	will lead to a denial of service attack. (CVE-2018-7875)
48
49	The pushdup function in util/decompile.c in libming through 0.4.8 does
50	not recognize the need for ActionPushDuplicate to perform a deep copy
51	when a String is at the top of the stack, making the library vulnerable
52	to a util/decompile.c getName NULL pointer dereference, which may allow
53	attackers to cause a denial of service via a crafted SWF file.
54	(CVE-2018-9165)
55	references:
56	- https://bugs.mageia.org/show_bug.cgi?id=24505
57	- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DCVKRTMEAJTXCYXNA53WZFPDF67TN7NC/
58	ID: MGASA-2019-0137