Bug 22241

Summary: wayland new heap overflow security issue (CVE-2017-16612)
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: davidwhodgins, marja11, sysadmin-bugs
Version: 6Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA5TOO MGA6-64-OK MGA5-64-OK
Source RPM: wayland-1.14.0-1.mga7.src.rpm CVE:
Status comment:

Description David Walser 2017-12-20 00:22:57 CET 
Fedora has issued an advisory today (December 19):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/IXMOIFOO2UOSQM24VCICNJ4KXHAPBQ4D/

It references this upstream post:
https://lists.freedesktop.org/archives/wayland-devel/2017-November/035979.html

Mageia 5 and Mageia 6 are also affected.
David Walser 2017-12-20 00:23:12 CET

Whiteboard: (none) => MGA6TOO, MGA5TOO

Comment 1 Marja Van Waes 2017-12-20 07:17:21 CET 
Assigning to the registered maintainer.

CC: (none) => marja11
Assignee: bugsquad => mageia

Comment 2 David Walser 2017-12-29 01:23:02 CET 
Advisory:
========================

Updated wayland packages fix security vulnerability:

It is possible to trigger heap overflows due to an integer overflow while
parsing images. The integer overflow occurs because the chosen limit 0x10000
for dimensions is too large for 32 bit systems, because each pixel takes 4
bytes. Properly chosen values allow an overflow which in turn will lead to
less allocated memory than needed for subsequent reads (rhbz#1522638).

References:
https://lists.freedesktop.org/archives/wayland-devel/2017-November/035979.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/IXMOIFOO2UOSQM24VCICNJ4KXHAPBQ4D/
========================

Updated packages in core/updates_testing:
========================
libwayland-devel-1.6.0-2.1.mga5
libwayland-client0-1.6.0-2.1.mga5
libwayland-server0-1.6.0-2.1.mga5
libwayland-cursor0-1.6.0-2.1.mga5
wayland-tools-1.6.0-2.1.mga5
libwayland-devel-1.11.0-1.1.mga6
libwayland-client0-1.11.0-1.1.mga6
libwayland-server0-1.11.0-1.1.mga6
libwayland-cursor0-1.11.0-1.1.mga6
wayland-tools-1.11.0-1.1.mga6
wayland-doc-1.11.0-1.1.mga6

from SRPMS:
wayland-1.6.0-2.1.mga5.src.rpm
wayland-1.11.0-1.1.mga6.src.rpm

Whiteboard: MGA6TOO, MGA5TOO => MGA5TOO
Assignee: mageia => qa-bugs
Version: Cauldron => 6

Dave Hodgins 2018-01-01 08:10:59 CET

CC: (none) => davidwhodgins
Keywords: (none) => advisory

Comment 3 Dave Hodgins 2018-01-03 14:34:40 CET 
Validating based on update installing cleanly and wayland-scanner --help working.

Keywords: (none) => validated_update
Whiteboard: MGA5TOO => MGA5TOO MGA6-64-OK MGA5-64-OK
CC: (none) => sysadmin-bugs

Comment 4 Mageia Robot 2018-01-03 15:23:42 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0044.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Comment 5 David Walser 2019-01-01 21:28:06 CET 
This is CVE-2017-16612:
https://usn.ubuntu.com/3622-1/

The CVE was originally for libXcursor, which was fixed in Bug 22102.

Summary: wayland new heap overflow security issue => wayland new heap overflow security issue (CVE-2017-16612)

Comment 6 David Walser 2019-01-01 21:28:37 CET 
*** Bug 22887 has been marked as a duplicate of this bug. ***