Bug 15658

Patched packages uploaded for Mageia 4 and Cauldron.

Advisory:
========================

Updated potrace packages fix security vulnerability:

Multiple integer overflows in potrace 1.11 allow remote attackers to cause a
denial of service (crash) via large dimensions in a BMP image, which triggers
a buffer overflow (CVE-2013-7437).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7437
http://lists.opensuse.org/opensuse-updates/2015-04/msg00016.html
========================

Updated packages in core/updates_testing:
========================
potrace-1.11-3.1.mga4
libpotrace0-1.11-3.1.mga4
libpotrace-devel-1.11-3.1.mga4

from potrace-1.11-3.1.mga4.src.rpm

Version: Cauldron => 4
Assignee: bugsquad => qa-bugs
Whiteboard: MGA5TOO, MGA4TOO => (none)

PoC info here:
https://bugzilla.redhat.com/show_bug.cgi?id=955808

Tested with the 3 PoC's on the RedHat bug, just running "potrace n.bmp" where n was 1, 2, or 3.

Before the update 1 said premature end of file, 2 segfaulted, and 3 aborted with a stack trace with an error with free().

After the update, 1 says invalid bmp file, and 2 and 3 say cannot allocate memory.

Whiteboard: (none) => has_procedure MGA4-32-OK

In VirtualBox, M4, KDE, 32-bit

Download bmp files from:

https://bugzilla.redhat.com/show_bug.cgi?id=955808

Package(s) under test:
potrace libpotrace0 libpotrace-devel

default install of potrace libpotrace0 libpotrace-devel

[root@localhost wilcal]# urpmi potrace
Package potrace-1.11-3.mga4.i586 is already installed
[root@localhost wilcal]# urpmi libpotrace0
Package lib64potrace0-1.11-3.mga4.i586 is already installed
[root@localhost wilcal]# urpmi libpotrace-devel
Package lib64potrace-devel-1.11-3.mga4.i586 is already installed

[wilcal@localhost Pictures]$ potrace -n 1.bmp
potrace: warning: 1.bmp: premature end of file
Generates eps files
[wilcal@localhost Pictures]$ potrace -n 2.bmp
potrace: warning: 2.bmp: premature end of file
Segmentation fault
[wilcal@localhost Pictures]$ potrace -n 3.bmp
*** Error in `potrace': free(): invalid next size (fast): 0x085c4330 ***
======= Backtrace: =========..........


install potrace libpotrace0 libpotrace-devel from updates_testing

[root@localhost Pictures]# urpmi potrace
Package potrace-1.11-3.1.mga4.i586 is already installed
[root@localhost Pictures]# urpmi libpotrace0
Package libpotrace0-1.11-3.1.mga4.i586 is already installed
[root@localhost Pictures]# urpmi libpotrace-devel
Package libpotrace-devel-1.11-3.1.mga4.i586 is already installed

[wilcal@localhost Pictures]$ potrace -n 1.bmp
potrace: 1.bmp: file format error: invalid bmp file
[wilcal@localhost Pictures]$ potrace -n 2.bmp
potrace: 2.bmp: Cannot allocate memory
[wilcal@localhost Pictures]$ potrace -n 3.bmp
potrace: 3.bmp: Cannot allocate memory

Test platform:
Intel Core i7-2600K Sandy Bridge 3.4GHz
GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo
GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB
RTL8111/8168B PCI Express 1Gbit Ethernet
DRAM 16GB (4 x 4GB)
Mageia 4 64-bit, Nvidia driver
virtualbox-4.3.26-1.mga4.x86_64
virtualbox-guest-additions-4.3.26-1.mga4.x86_64

CC: (none) => wilcal.int

In VirtualBox, M4, KDE, 64-bit

Download bmp files from:

https://bugzilla.redhat.com/show_bug.cgi?id=955808

Package(s) under test:
potrace lib64potrace0 lib64potrace-devel

default install of potrace lib64potrace0 lib64potrace-devel

[root@localhost wilcal]# urpmi potrace
Package potrace-1.11-3.mga4.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64potrace0
Package lib64potrace0-1.11-3.mga4.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64potrace-devel
Package lib64potrace-devel-1.11-3.mga4.x86_64 is already installed

[wilcal@localhost Pictures]$ potrace -n 1.bmp
potrace: warning: 1.bmp: premature end of file
*** Error in `potrace': free(): invalid next size (fast): 0x0000000001d18580 ***
======= Backtrace: =========....
[wilcal@localhost Pictures]$ potrace -n 2.bmp
potrace: warning: 2.bmp: premature end of file
Segmentation fault
[wilcal@localhost Pictures]$ potrace -n 3.bmp
potrace: 3.bmp: Cannot allocate memory


install potrace lib64potrace0 lib64potrace-devel from updates_testing

[root@localhost wilcal]# urpmi potrace
Package potrace-1.11-3.1.mga4.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64potrace0
Package lib64potrace0-1.11-3.1.mga4.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64potrace-devel
Package lib64potrace-devel-1.11-3.1.mga4.x86_64 is already installed

[wilcal@localhost Pictures]$ potrace 1.bmp
potrace: 1.bmp: file format error: invalid bmp file
[wilcal@localhost Pictures]$ potrace -n 2.bmp
potrace: 2.bmp: Cannot allocate memory
[wilcal@localhost Pictures]$ potrace 3.bmp
potrace: 3.bmp: Cannot allocate memory

Test platform:
Intel Core i7-2600K Sandy Bridge 3.4GHz
GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo
GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB
RTL8111/8168B PCI Express 1Gbit Ethernet
DRAM 16GB (4 x 4GB)
Mageia 4 64-bit, Nvidia driver
virtualbox-4.3.26-1.mga4.x86_64
virtualbox-guest-additions-4.3.26-1.mga4.x86_64

Looks fixed to me. What you say David?

Yes, please validate this.  Thanks.

This update works fine.
Testing complete for mga4 32-bit & 64-bit
Validating the update.
Could someone from the sysadmin team push this to updates.
Thanks

Whiteboard: has_procedure MGA4-32-OK => has_procedure MGA4-32-OK MGA4-64-OK

Advisory uploaded.

Whiteboard: has_procedure MGA4-32-OK MGA4-64-OK => has_procedure MGA4-32-OK MGA4-64-OK advisory

An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2015-0161.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED