| Summary: | CVE-2010-4259 FontForge: Stack-based buffer overflow by processing specially-crafted CHARSET_REGISTRY font file header | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Nicolas Vigier <boklm> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | normal | ||
| Priority: | Normal | CC: | dmorganec, doktor5000, eeeemail, jani.valimaa, pterjan, qa-bugs, sysadmin-bugs, thomas |
| Version: | 1 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Source RPM: | fontforge-1.0-0.20090923.5.mga1.src.rpm | CVE: | |
| Status comment: | |||
|
Description
Nicolas Vigier
2011-06-30 23:51:47 CEST
Manuel Hiebel
2011-08-30 10:03:54 CEST
CC:
(none) =>
boklm, jani.valimaa, pterjan, thomas Taking this one. CC:
(none) =>
doktor5000
Florian Hubold
2011-09-03 18:39:26 CEST
Status:
NEW =>
ASSIGNED Should be fixed. Also needed to fix compilation with python-2.7. Please tell me how to proceed, as this is my first security update. I think the only thing missing from the commit is subrel. I've tested that the old fontforge package was affected by that CVE, it crashed when opening the exploit: http://www.securityfocus.com/data/vulnerabilities/exploits/45162.poc After applying the patch, it does not crash anymore but displays the font table, this is on x86_64. Advisory: This security update fixes CVE-2010-4259: "Stack-based buffer overflow in FontForge 20100501 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long CHARSET_REGISTRY header in a BDF font file."
Remco Rijnders
2011-09-05 07:57:44 CEST
CC:
(none) =>
qa-bugs This is not on the testing repo's to test yet Florian, can you check please. CC:
(none) =>
eeeemail Confirmed POC crash in existing version but need the update candidate to test the fix. Thanks. Yes, i know it is not in updates_testing as this was not submitted yet, as i'm waiting for my mentor to review this security fix. I would have assigned it to QA if it would be ready for testing. Sorry for the delay, but can't do anything about that. Ahh that'll be why then :o) QA was added to CC so it came through for testing. Ready when you are. fontforge is now in updates_testing
Manuel Hiebel
2011-09-05 21:30:47 CEST
Assignee:
doktor5000 =>
qa-bugs Damn you're fast, you posted before i could, i even had the bug already open :) Also, can somebody please check if the cauldron fontforge packages are also affected? Crash reproduced and fix tested x86_64. I don't have a cauldron setup to check that Florian, sorry. i586 tested Ok Update Validated Advisory: ---------- This security update fixes CVE-2010-4259: "Stack-based buffer overflow in FontForge 20100501 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long CHARSET_REGISTRY header in a BDF font file." ---------- Source RPM: fontforge-1.0-0.20090923.5.1.mga1.src.rpm Could somebody from sysadmin please push this from core/updates_testing to core/updates. Thankyou! Keywords:
(none) =>
validated_update update pushed. Status:
ASSIGNED =>
RESOLVED Can somebody please check if Cauldron is affected? Status:
RESOLVED =>
REOPENED i look now OK in cauldron. Status:
REOPENED =>
RESOLVED
Nicolas Vigier
2014-05-08 18:04:51 CEST
CC:
boklm =>
(none) |