Bug 23134

Patched package uploaded by Shlomi.

Advisory:
========================

Updated gifsicle package fixes security vulnerability:

A double-free bug in the read_gif function in gifread.c in gifsicle 1.90 allows
a remote attacker to cause a denial-of-service attack or unspecified other
impact via a maliciously crafted file, because last_name is mishandled
(CVE-2017-18120).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18120
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/BGGLSEKCDM2OZ67XRI7KOASI4G7PRUX2/
========================

Updated packages in core/updates_testing:
========================
gifsicle-1.88-1.2.mga6

from gifsicle-1.88-1.2.mga6.src.rpm

Assignee: shlomif => qa-bugs
CC: (none) => shlomif

Mageia 6, x86_64

Before update:

Only one of the PoC links led to anything useful.

CVE-2017-18120
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881120
$ gifsicle poc poc -o output
gifsicle:poc:#0: read error: unknown block type 49 at file offset 13
gifsicle:poc: read error: image position and/or dimensions out of range
gifsicle:poc:#0: read error: unknown block type 49 at file offset 13
gifsicle:poc: read error: image position and/or dimensions out of range
*** Error in `gifsicle': double free or corruption (fasttop): 0x0000000000885d20 ***
[.....]
Aborted (core dumped)

$ gifdiff poc poc
gifdiff: While reading ‘poc’ frame #0:
gifdiff:   error: unknown block type 49 at file offset 13
gifdiff: While reading ‘poc’ frame #0:
gifdiff:   error: image position and/or dimensions out of range
gifdiff: While reading ‘poc’ frame #0:
gifdiff:   error: unknown block type 49 at file offset 13
gifdiff: While reading ‘poc’ frame #0:
gifdiff:   error: image position and/or dimensions out of range
Segmentation fault (core dumped)

After the update:

gifdiff still segfaults but;
$ gifsicle poc poc -o output
gifsicle:poc:#0: read error: unknown block type 49 at file offset 13
gifsicle:poc: read error: image position and/or dimensions out of range
gifsicle:poc:#0: read error: unknown block type 49 at file offset 13
gifsicle:poc: read error: image position and/or dimensions out of range

which looks like a good result.

gifsicle supplies many options for splitting, modifying and combining GIF file
animations.  Tried a few.
$ gifsicle -e any.gif
splits the input file into individual files named any.gif.000, any.gif.001, and so on.  Each frame is viewable using eom or gifview.  The whole set can be viewed as an overlaid stack using
$ gifview sample.gif.*

Used gifview to step through an animation frame by frame (slideshow mode) and in animation mode.  These modes are controlled from the keyboard by 's' and 'a'.
$ gifview --min-delay 100 sample.gif
Press 's' and slideshow mode starts at 1 frame per second.

gifsicle successfully recombined the extracted frames into a new animated gif.
$ gifsicle -m any.gif.* -o new.gif

$ gifsicle --color-info new.gif
* new.gif 32 images
  logical screen 438x236
  global color table [256]
  |   0: #080809      64: #CE9C8C     128: #E9DEE2     192: #FA7884
  |   1: #B86A65      65: #D65456     129: #D7BCC7     193: #A11F22
[.....]
  + image #30 438x236 transparent 18
    disposal asis delay 0.10s
  + image #31 438x236 transparent 55
    disposal asis delay 0.10s

No luck with setting properties of GIF files.  Tried 'gifsicle --gamma 2.2 ....' for instance and it had no visible effect.  That probably indicates ignorance on the part of the user.  Otherwise it all looks good.

Whiteboard: (none) => MGA6-64-OK
CC: (none) => tarazed25

Good testing. Validating.

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Advisoried

Keywords: (none) => advisory

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0280.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED