| Summary: | directfb new security issues CVE-2014-2977 and CVE-2014-2978 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | critical | ||
| Priority: | Normal | CC: | rverschelde, sysadmin-bugs |
| Version: | 4 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | i586 | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/642649/ | ||
| Whiteboard: | has_procedure advisory mga4-64-ok | ||
| Source RPM: | directfb-1.7.4-1.mga5.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2014-05-16 16:51:25 CEST
David Walser
2014-05-16 16:51:31 CEST
Whiteboard:
(none) =>
MGA4TOO, MGA3TOO Fedora bug: https://bugzilla.redhat.com/show_bug.cgi?id=1098528 No progress on this upstream AFAICT. CC:
(none) =>
remi Still no reaction from upstream. Whiteboard:
MGA4TOO, MGA3TOO =>
MGA4TOO OpenSuSE has issued an advisory for this today (April 30): http://lists.opensuse.org/opensuse-updates/2015-04/msg00060.html Patches checked into Mageia 4 and Cauldron SVN. Freeze push requested. URL:
(none) =>
http://lwn.net/Vulnerabilities/642649/ Patched packages uploaded for Mageia 4 and Cauldron. Advisory: ======================== Updated directfb packages fix security vulnerabilities: Multiple integer signedness errors in the Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers a stack-based buffer overflow (CVE-2014-2977). The Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers an out-of-bounds write (CVE-2014-2978). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2977 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2978 http://lists.opensuse.org/opensuse-updates/2015-04/msg00060.html ======================== Updated packages in core/updates_testing: ======================== libdirectfb1.7_0-1.7.0-2.1.mga4 libdirectfb-devel-1.7.0-2.1.mga4 directfb-doc-1.7.0-2.1.mga4 from directfb-1.7.0-2.1.mga4.src.rpm Version:
Cauldron =>
4 No PoC. From the website.. "DirectFB is a thin library that provides hardware graphics acceleration, input device handling and abstraction, integrated windowing system with support for translucent windows and multiple display layers, not only on top of the Linux Framebuffer Device. It is a complete hardware abstraction layer with software fallbacks for every graphics operation that is not supported by the underlying hardware. DirectFB adds graphical power to embedded systems and sets a new standard for graphics under Linux." Test with any of these.. $ urpmq --whatrequires lib64directfb1.7_0 | uniq gpac gstreamer0.10-directfb gstreamer1.0-directfb lib64SDL1.2_0 lib64cairo-devel lib64dfb++1.2_0 lib64directfb-devel lib64directfb1.7_0 lib64xine2 links-graphic links-hacked linkx mplayer vlc-plugin-common
claire robinson
2015-05-02 20:06:21 CEST
Whiteboard:
(none) =>
has_procedure Testing complete mga4 64
Using vlc under strace..
$ strace -o strace.txt vlc
$ grep directfb strace.txt
stat("/usr/lib64/vlc/plugins/video_output/libdirectfb_plugin.so", {st_mode=S_IFREG|0755, st_size=11192, ...}) = 0
open("/usr/lib64/vlc/plugins/video_output/libdirectfb_plugin.so", O_RDONLY|O_CLOEXEC) = 5
open("/lib64/libdirectfb-1.7.so.0", O_RDONLY|O_CLOEXEC) = 5
open("/usr/lib64/libdirectfb-1.7.so.0.0.0", O_RDONLY) = 6Whiteboard:
has_procedure =>
has_procedure mga4-64-ok Confirmed patches applied. Validating. Advisory uploaded. Please push to 4 updates Thanks Keywords:
(none) =>
validated_update An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0176.html Status:
NEW =>
RESOLVED |