| Summary: | libgd new security issues CVE-2016-6911 and CVE-2016-8670 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | brtians1, geiger.david68210, lewyssmith, marja11, sysadmin-bugs |
| Version: | 5 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/703979/ | ||
| Whiteboard: | mga5-32-ok mga5-64-ok advisory | ||
| Source RPM: | libgd-2.2.3-1.2.mga5.src.rpm | CVE: | |
| Status comment: | |||
| Attachments: | lib gd test php script | ||
|
Description
David Walser
2016-10-16 02:10:52 CEST
David Walser
2016-10-16 02:11:01 CEST
Whiteboard:
(none) =>
MGA5TOO Done for both Cauldron and mga5! CC:
(none) =>
geiger.david68210 (In reply to David GEIGER from comment #1) > Done for both Cauldron and mga5! Thanks David :-) Changing version to 5, since the package already landed in cauldron. Assigning to you, because I assume you need this report to add an advisory to and to assign to QA team for testing in Mga5. CC:
(none) =>
marja11 Debian has issued an advisory for this on October 14: https://www.debian.org/security/2016/dsa-3693 It also fixes CVE-2016-6911, which corresponds to the 0020-Fix-invalid-read-in-gdImageCreateFromTiffPtr.patch patch in http://security.debian.org/debian-security/pool/updates/main/libg/libgd2/libgd2_2.1.0-5+deb8u7.debian.tar.xz Our package doesn't yet have this patch. URL:
(none) =>
http://lwn.net/Vulnerabilities/703979/ This debian patch does not apply in current 2.2.3 release and I don't found any upstream fix about CVE-2016-6911. (In reply to David GEIGER from comment #4) > This debian patch does not apply in current 2.2.3 release and I don't found > any upstream fix about CVE-2016-6911. Maybe the patch Ubuntu used for 2.2.1 will help: http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6911.html So ok! patch based on ubuntu for CVE-2016-6911 applied now for both mga5 and cauldron! Thanks David. It appears that we are good to go with this one after all. Advisory: ======================== Updated libgd packages fix security vulnerabilities: Ibrahim El-Sayed discovered that the GD library incorrectly handled certain malformed Tiff images. If a user or automated system were tricked into processing a specially crafted Tiff image, an attacker could cause a denial of service (CVE-2016-6911). Emmanuel Law discovered that the GD library incorrectly handled certain strings when creating images. If a user or automated system were tricked into processing a specially crafted image, an attacker could cause a denial of service, or possibly execute arbitrary code (CVE-2016-8670). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6911 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8670 http://www.ubuntu.com/usn/usn-3117-1 ======================== Updated packages in core/updates_testing: ======================== libgd3-2.2.3-1.2.mga5 libgd-devel-2.2.3-1.2.mga5 libgd-static-devel-2.2.3-1.2.mga5 gd-utils-2.2.3-1.2.mga5 from libgd-2.2.3-1.2.mga5.src.rpm Version:
Cauldron =>
5 Fixing the subrel. Advisory: ======================== Updated libgd packages fix security vulnerabilities: Ibrahim El-Sayed discovered that the GD library incorrectly handled certain malformed Tiff images. If a user or automated system were tricked into processing a specially crafted Tiff image, an attacker could cause a denial of service (CVE-2016-6911). Emmanuel Law discovered that the GD library incorrectly handled certain strings when creating images. If a user or automated system were tricked into processing a specially crafted image, an attacker could cause a denial of service, or possibly execute arbitrary code (CVE-2016-8670). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6911 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8670 http://www.ubuntu.com/usn/usn-3117-1 ======================== Updated packages in core/updates_testing: ======================== libgd3-2.2.3-1.4.mga5 libgd-devel-2.2.3-1.4.mga5 libgd-static-devel-2.2.3-1.4.mga5 gd-utils-2.2.3-1.4.mga5 from libgd-2.2.3-1.4.mga5.src.rpm The following 7 packages are going to be installed: - gd-utils-2.2.3-1.4.mga5.x86_64 - lib64gd-devel-2.2.3-1.4.mga5.x86_64 - lib64gd-static-devel-2.2.3-1.4.mga5.x86_64 - lib64gd3-2.2.3-1.4.mga5.x86_64 - lib64jbig-devel-2.1-3.mga5.x86_64 - lib64tiff-devel-4.0.7-1.mga5.x86_64 - lib64xpm-devel-3.5.11-4.mga5.x86_64 3.4MB of additional disk space will be used. 1MB of packages will be retrieved. I did this in 32 bit with plain php command, but you cannot see the graphics, you need a browser. I'll attach php script. works as designed. CC:
(none) =>
brtians1 Created attachment 8813 [details]
lib gd test php script
This works best if from an apache web server executing php. Then you can see the pie chart.
Validated & advisoried. Keywords:
(none) =>
validated_update An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0421.html Status:
NEW =>
RESOLVED |