Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Mageia 8: 2021-0239 Critical: cgal Out-Of-Bounds Read Security Update

mageia
Calendar Grey June 8, 2021
Dist Mageia Esm H88
Recent cgal updates in Mageia address critical out-of-bounds read issues. Essential for maintaining system security on vulnerable editions.
Updated cgal packages fix security vulnerabilities: An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser::read_vertex() Face_of[] OOB read

Summary

Updated cgal packages fix security vulnerabilities:
An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser::read_vertex() Face_of[] OOB read. An attacker can provide malicious input to trigger this vulnerability (CVE-2020-28601).
An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->twin() An attacker can provide malicious input to trigger this vulnerability (CVE-2020-28636).
An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->incident_sface. An attacker can provide malicious input to trigger this vulnerability (CVE-2020-35628).
An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() sfh->volume(). An attacker can provide malicious input to trigger this vulnerability (CVE-2020-35636).
The cgal package has been updated to version 5.2.1, fixing the issues and other bugs. The openfoam and openscad packages have been rebuilt against the updated cgal library.

References

- https://bugs.mageia.org/show_bug.cgi?id=28881

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/E4J344OKKDLPRN422OYRR46HDEN6MM6P/

- https://www.cve.org/CVERecord?id=CVE-2020-28601

- https://www.cve.org/CVERecord?id=CVE-2020-28636

- https://www.cve.org/CVERecord?id=CVE-2020-35628

- https://www.cve.org/CVERecord?id=CVE-2020-35636

Topics%20covered

Topics Covered

security advisory critical issue software fix cgal update oob read Mageia 8

Resolution

SRPMS

- 8/core/cgal-5.2.1-1.mga8

- 8/core/openfoam-7-17.1.mga8

- 8/core/openscad-2021.01-1.1.mga8

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 08 Jun 2021
URL: https://advisories.mageia.org/MGASA-2021-0239.html
Type: security
CVE: CVE-2020-28601, CVE-2020-28636, CVE-2020-35628, CVE-2020-35636

Topics%20covered

Topics Covered

security advisory critical issue software fix cgal update oob read Mageia 8

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here