{"id":"MGASA-2021-0239","summary":"Updated cgal packages fix security vulnerabilities","details":"Updated cgal packages fix security vulnerabilities:\n\nAn oob read vulnerability exists in Nef_2/PM_io_parser.h\nPM_io_parser::read_vertex() Face_of[] OOB read. An attacker can provide\nmalicious input to trigger this vulnerability (CVE-2020-28601).\n\nAn oob read vulnerability exists in Nef_S2/SNC_io_parser.h\nSNC_io_parser::read_sloop() slh-\u003etwin() An attacker can provide malicious\ninput to trigger this vulnerability (CVE-2020-28636).\n\nAn oob read vulnerability exists in Nef_S2/SNC_io_parser.h\nSNC_io_parser::read_sloop() slh-\u003eincident_sface. An attacker can provide\nmalicious input to trigger this vulnerability (CVE-2020-35628).\n\nAn oob read vulnerability exists in Nef_S2/SNC_io_parser.h\nSNC_io_parser::read_sface() sfh-\u003evolume(). An attacker can provide malicious\ninput to trigger this vulnerability (CVE-2020-35636).\n\nThe cgal package has been updated to version 5.2.1, fixing the issues and other\nbugs.  The openfoam and openscad packages have been rebuilt against the updated\ncgal library.\n","modified":"2026-02-04T03:41:18.806493Z","published":"2021-06-08T16:46:03Z","related":["CVE-2020-28601","CVE-2020-28636","CVE-2020-35628","CVE-2020-35636"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0239.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=28881"},{"type":"REPORT","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/E4J344OKKDLPRN422OYRR46HDEN6MM6P/"}],"affected":[{"package":{"name":"cgal","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/cgal?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.2.1-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0239.json"}},{"package":{"name":"openfoam","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/openfoam?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7-17.1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0239.json"}},{"package":{"name":"openscad","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/openscad?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2021.01-1.1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0239.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}