Bug 17317

Summary: potrace new security issues fixed upstream in 1.13
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: sysadmin-bugs
Version: 5Keywords: validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/667321/
Whiteboard: has_procedure mga5-32-ok advisory
Source RPM: potrace-1.11-7.mga5.src.rpm CVE:
Status comment:

Description David Walser 2015-12-09 16:47:13 CET 
Fedora has issued an advisory on December 8:
https://lists.fedoraproject.org/pipermail/package-announce/2015-December/173441.html

The issues are fixed in version 1.13:
http://potrace.sourceforge.net/NEWS

Updated packages uploaded for Mageia 5 and Cauldron.

Advisory:
========================

Updated potrace packages fix security vulnerabilities:

Potrace before 1.13 has some critical bugs in the processing of BMP files.
These bugs allowed the program to be crashed, or potentially to be abused in
other ways, by feeding it specially crafted BMP files, due to heap overflow,
null pointer dereference, and divide by zero issues.

References:
http://potrace.sourceforge.net/NEWS
https://lists.fedoraproject.org/pipermail/package-announce/2015-December/173441.html
========================

Updated packages in core/updates_testing:
========================
potrace-1.13-1.mga5
libpotrace0-1.13-1.mga5
libpotrace-devel-1.13-1.mga5

from potrace-1.13-1.mga5.src.rpm

Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2015-12-09 16:48:03 CET 
I don't know of PoC's for this one, but we had some when we tested a previous fix in Bug 15658.  That might help for testing this time.
David Walser 2015-12-09 18:42:09 CET

URL: (none) => http://lwn.net/Vulnerabilities/667321/

claire robinson 2015-12-10 22:33:16 CET

Whiteboard: (none) => has_procedure

Comment 2 claire robinson 2015-12-14 18:26:14 CET 
Testing complete mga5 32

Used reproducers from previous update in bug 15658 and also converted a bmp to eps

$ potrace -n 1.bmp 
potrace: 1.bmp: file format error: invalid bmp file
$ potrace -n 2.bmp 
potrace: 2.bmp: Cannot allocate memory
$ potrace -n 3.bmp 
potrace: 3.bmp: Cannot allocate memory

$ potrace LOGO.bmp

Outputs LOGO.eps which could be opened in inkscape.

Whiteboard: has_procedure => has_procedure mga5-32-ok

RĂ©mi Verschelde 2015-12-15 07:34:19 CET

Whiteboard: has_procedure mga5-32-ok => has_procedure mga5-32-ok advisory

Comment 3 claire robinson 2015-12-16 16:10:00 CET 
Validating.

Please push to 5 updates

Thanks

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 4 Mageia Robot 2015-12-16 22:01:58 CET 
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2015-0474.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED