Bug 11874

Summary: pixman new security issue CVE-2013-6425
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: davidwhodgins, sysadmin-bugs, thierry.vignaud, tmb
Version: 3Keywords: validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/575643/
Whiteboard: advisory MGA3-64-OK MGA3-32-OK
Source RPM: pixman-0.28.2-2.mga3.src.rpm CVE:
Status comment:

Description David Walser 2013-12-04 19:38:19 CET 
Ubuntu has issued an advisory on December 3:
http://www.ubuntu.com/usn/usn-2047-1/

A CVE was requested and granted for this issue:
http://openwall.com/lists/oss-security/2013/12/04/8

The issue is already fixed upstream in the pixman version in Cauldron.

Note to QA: there's a PoC in the launchpad bug.  Beware, it crashes the X server.

Advisory:
========================

Updated pixman packages fix security vulnerability:

Bryan Quigley discovered an integer underflow in pixman. If a user were
tricked into opening a specially crafted file, an attacker could cause a
denial of service via application crash (CVE-2013-6425).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6425
http://openwall.com/lists/oss-security/2013/12/04/8
http://www.ubuntu.com/usn/usn-2047-1/
========================

Updated packages in core/updates_testing:
========================
libpixman1_0-0.28.2-2.1.mga3
libpixman-devel-0.28.2-2.1.mga3

from pixman-0.28.2-2.1.mga3.src.rpm

Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2013-12-04 19:40:13 CET 
CC'ing Thierry.  Thierry, please have a look at this also, since there's also CVE-2013-6424 for Xorg and patches for that.  Here's the oss-sec thread:
http://openwall.com/lists/oss-security/2013/12/04/8

The Launchpad bug has more info which may be of interest as well:
https://launchpad.net/bugs/1197921

CC: (none) => thierry.vignaud
Version: Cauldron => 3

Comment 2 Dave Hodgins 2013-12-05 18:03:55 CET 
Poc file available at
https://bugs.launchpad.net/ubuntu/+source/xorg-server/+bug/1197921/+attachment/3748789/+files/plantage-mai-only-empty.ods

Advisory 11874.adv committed to svn.

CC: (none) => davidwhodgins
Whiteboard: (none) => advisory

Comment 3 Dave Hodgins 2013-12-05 19:38:39 CET 
Testing complete on Mageia 3 i586 and x86_64. Validating the update.

Someone from the sysadmin team please push 11874.adv to updates.

Keywords: (none) => validated_update
Whiteboard: advisory => advisory MGA3-64-OK MGA3-32-OK
CC: (none) => sysadmin-bugs

Comment 4 Thomas Backlund 2013-12-06 23:05:23 CET 
Update pushed:
http://advisories.mageia.org/MGASA-2013-0366.html

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED

Comment 5 David Walser 2013-12-10 00:45:14 CET 
LWN has posted the reference for this, with a new page since the Ubuntu one didn't list a CVE.  I let them know and imagine they'll combine them soon:
http://lwn.net/Vulnerabilities/576267/