ESB-2018.1068 - [UNIX/Linux][Debian] ming: Denial of service - Remote with user interaction 2018-04-10

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.1068
                Multiple vulnerabilities discovered in Ming
                               10 April 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           ming
Publisher:         Debian
Operating System:  Debian GNU/Linux 7
                   UNIX variants (UNIX, Linux, OSX)
Impact/Access:     Denial of Service -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-9165 CVE-2018-7875 CVE-2018-7872
                   CVE-2018-7871 CVE-2018-7870 CVE-2018-7868
                   CVE-2018-7867 CVE-2018-6358 

Original Bulletin: 
   https://lists.debian.org/debian-lts-announce/2018/04/msg00008.html

Comment: This advisory references vulnerabilities in products which run on 
         platforms other than Debian. It is recommended that administrators 
         running ming check for an updated version of the software for their
         operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : ming
Version        : 0.4.4-1.1+deb7u8
CVE ID         : CVE-2018-6358 CVE-2018-7867 CVE-2018-7868 CVE-2018-7870 
                 CVE-2018-7871 CVE-2018-7872 CVE-2018-7875 CVE-2018-9165

Multiple vulnerabilities have been discovered in Ming:

CVE-2018-6358

    Heap-based buffer overflow vulnerability in the printDefineFont2 function
    (util/listfdb.c). Remote attackers might leverage this vulnerability to
    cause a denial of service via a crafted swf file.

CVE-2018-7867

    Heap-based buffer overflow vulnerability in the getString function
    (util/decompile.c) during a RegisterNumber sprintf. Remote attackers might
    leverage this vulnerability to cause a denial of service via a crafted swf
    file.

CVE-2018-7868

    Heap-based buffer over-read vulnerability in the getName function
    (util/decompile.c) for CONSTANT8 data. Remote attackers might leverage this
    vulnerability to cause a denial of service via a crafted swf file.

CVE-2018-7870

    Invalid memory address dereference in the getString function
    (util/decompile.c) for CONSTANT16 data. Remote attackers might leverage this
    vulnerability to cause a denial of service via a crafted swf file.

CVE-2018-7871

    Heap-based buffer over-read vulnerability in the getName function
    (util/decompile.c) for CONSTANT16 data. Remote attackers might leverage this
    vulnerability to cause a denial of service via a crafted swf file.

CVE-2018-7872

    Invalid memory address dereference in the getName function
    (util/decompile.c) for CONSTANT16 data. Remote attackers might leverage this
    vulnerability to cause a denial of service via a crafted swf file.

CVE-2018-7875

    Heap-based buffer over-read vulnerability in the getName function
    (util/decompile.c) for CONSTANT8 data. Remote attackers might leverage this
    vulnerability to cause a denial of service via a crafted swf file.

CVE-2018-9165

    The pushdup function (util/decompile.c) performs shallow copy of String
    elements (instead of deep copy), allowing simultaneous change of multiple
    elements of the stack, which indirectly makes the library vulnerable to a
    NULL pointer dereference in getName (util/decompile.c). Remote attackers
    might leverage this vulnerability to cause dos via a crafted swf file.

For Debian 7 "Wheezy", these problems have been fixed in version
0.4.4-1.1+deb7u8.

We recommend that you upgrade your ming packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEE5LpPtQuYJzvmooL3LVy48vb3khkFAlrLWxMACgkQLVy48vb3
khndugf9G1fRWhVJaXb1vOvfztyqweHyu1ppZeVhG7P9EdJcLM/jHPfRU6UZlmcj
/0WgxNoMxHmcnIv7f1c64gfWdqJfAkPXxjAyrjzDMam7LuJI7T25B4VGcXg4G4N0
+m4lWvZn+tBJzigDx1Fs9ZYE7bVTNJP+hApyNSDPuDTLlD0NOpTs4Lq0kM14wVIU
mJTloRIuHWLkfUiRu9v+c6i5aKoBuqY7XenzqxrEU515HmfOPnTejxlSzyAyH6or
yShz6eWExvBs7pXu9TB3cCirtP5gsqrANE/UxGSzPwlk//XtpojSMlysyRwEXxLX
Y30B4a+e1VkqDPNMUhtJ+fIOBZBq2Q==
=ZzkF
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWsxCgIx+lLeg9Ub1AQge8RAAhfJicWefDus5T8ORGBJZW3kCT39JiNS8
0lpgCESMOgUzFaJYRuk1HJ+XTVAqLOxJOgop9rHJKJDj9fsGJfJtBsqpkmnksH4B
y8vMbox575ecpKcyPb1E2kmrf/E8uU1d9reTOwpB6iWSYVa5syezw/Pwt6r0k8mJ
60m1oi7nx0fYmCjnEm5KCj0XooLf2eDSvFUNcAVmYLWLqYWrwj0B+7pmBkNLTBFi
UnRUCP8MlDDGUl7MZxHpQLukdDHjgF92XXAXAMPVeDOk+CgmWr2yORmlsedaFLnW
lqs6hDdLQ3UY7/4RVq2o17ZXzwyNgJ/8Ix+gN6j7wybuw4AGIddECMUQODK6joLN
ch9H2fmwGuH8LvKQsiZN5wx7B1UG3Zd7LtmH94qlYOCssPEbRpFqDJm5NAqZEvPy
QWJBmkQfquqWBOIQnolnDHIO0TuVhj3QtYyFjDq3KpYdauo0kIMACeOaU/VbmnXt
pv7rfivPZVJzHBTeIrmud1lAQ70x2b7s4xzq9s18I61oSVhiP1irH/jCVY7qz/xp
4ewZOYTQ9xdfO3Q5t8VGLxvbqh8PYl8LwszwRrKmRIiTBw3oLapIT7TEQx5zGsin
fkwRfUPQUFzLNWD0S0iLyhnlqTnVoSY9EWENaQ2+7L1rUcuK65z883FgHGTxnzTk
hwDptur6UDU=
=5kGW
-----END PGP SIGNATURE-----

« Back to bulletins