| Summary: | giflib new security issues fixed upstream in 5.1.6 (including CVE-2018-11490) | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | davidwhodgins, marja11, nicolas.salguero, sysadmin-bugs, tarazed25 |
| Version: | 6 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA6-64-OK | ||
| Source RPM: | giflib-5.1.4-1.mga6.src.rpm | CVE: | CVE-2018-11490 |
| Status comment: | |||
|
Description
David Walser
2019-02-17 17:11:17 CET
Assigning to all packagers collectively, since there is no registered maintainer for this package. Assignee:
bugsquad =>
pkg-bugs Suggested advisory: ======================== The updated packages fix security vulnerabilities: Null dereferences in main() of gifclrmp. Heap Buffer Overflow-2 in function DGifDecompressLine() in cgif.c. (CVE-2018-11490) Segmentation fault in PrintCodeBlock. Segmentation fault of giftool reading a crafted file. Floating point exception in giftext utility. Heap buffer overflow in DumpScreen2RGB in gif2rgb.c:317. Ineffective bounds check in DGifSlurp. GIFLIB 5.1.4: DGifSlurp fails on empty comment. References: https://sourceforge.net/p/giflib/code/ci/master/tree/NEWS https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11490 ======================== Updated packages in core/updates_testing: ======================== giflib-progs-5.1.6-1.mga6 lib(64)gif7-5.1.6-1.mga6 lib(64)gif-devel-5.1.6-1.mga6 from SRPMS: giflib-5.1.6-1.mga6.src.rpm CVE:
(none) =>
CVE-2018-11490 mga6, x86_64
No reproducer for CVE-2018-11490.
Straight to updates.
- giflib-progs-5.1.6-1.mga6.x86_64
- lib64gif-devel-5.1.6-1.mga6.x86_64
- lib64gif7-5.1.6-1.mga6.x86_64
The NEWS link points out that the names of the giftools have been rationalized:
gifsponge
giftext
giftool
giffilter
giffix
gifinto
gifbuild
gifclrmp
gifecho
gif2rgb
giftogd2
gif2png
giftrans
giftopnm
Not sure if all these are part of the giflib package, particularly the image conversion tools.
Several image manipulation tools have gone because other commonly available packages perform the tasks as well or better. gifinfo is supposed to be replaced by 'giftool -f', e.g.
$ giftool -f "%v\n%w x %h\n" < Tatiana.gif
GIF89a
1080 x 761
Did not make much headway with other options of the giftool filter.
Extract the colour map from an image:
$ giftext -c < Tatiana.gif
Stdin:
Screen Size - Width = 1080, Height = 761.
ColorResolution = 8, BitsPerPixel = 8, BackGround = 255, Aspect = 0.
Has Global Color Map.
Global Color Map:
Sort Flag: off
0: 04h 04h 04h 1: 05h 06h 0ah 2: 06h 09h 0ch 3: 0bh 05h 02h
4: 09h 07h 0ah 5: 0bh 0ah 06h 6: 0bh 0bh 0bh 7: 06h 08h 05h
8: 06h 0bh 11h 9: 0bh 0dh 12h 10: 0bh 0dh 17h 11: 0fh 10h 0bh
[...]
248: f5h d6h cbh 249: feh e6h d7h 250: fch e4h ceh 251: feh f4h e8h
252: f3h efh edh 253: deh e1h e7h 254: b6h c3h bfh 255: 79h 81h 7fh
GIF89 graphics control (Ext Code = 249 [ ]):
Disposal Mode: 0
User Input Flag: 0
Transparency on: no
DelayTime: 0
Transparent Index: -1
Image #1:
Image Size - Left = 0, Top = 0, Width = 1080, Height = 761.
Image is Non Interlaced.
No Image Color Map.
GIF file terminated normally.
That looks pretty comprehensive.
No man page for gifsponge, or usage information or help option. The same applies to giffilter.
Experimented with giffix by editing a gif image in emacs, inserting garbage at a couple of places but running
$ giffix < bad.gif > repaired.gif
caused a segfault. The documentation says that the utility will attempt to repair a damaged gif. It gave up in this case.
"Following error occurred (and ignored):GIF-LIB error: Image is defective, decoding aborted.
Following unrecoverable error occured:GIF-LIB error: Failed to read from given file.
GIF-LIB undefined error 0.
Segmentation fault (core dumped)"
That is acceptable.
Could not figure out how to drive gifinto, which copies files above a specified size.
gifbuild is too complicated for a newbie. Quoting the documentation:
<quote>
If the data types of the “screen height”, “screen width”, “screen
background”, “image top”, and “image left” declarations aren't obvious
to you, what are you doing with this software?
</quote>
$ gifclrmp -s < Tatiana.gif > colourmap.txt
$ cat colourmap.txt
0 4 4 4
1 5 6 10
2 6 9 12
[...]
253 222 225 231
254 182 195 191
255 121 129 127
$ gifclrmp -g 2.2 < Tatiana.gif > colourmap
This produced a GIF image copy of the original with a gamma correction of 2.2, which made the image much brighter.
$ file colourmap
colourmap: GIF image data, version 87a, 1080 x 761
Note the switch from GIF89a to GIF87a.
$ gifecho -c 244 161 174 -t "Good morning QA" > greeting.gif
This generated an image containing the string, coloured pink on a black background.
$ gif2rgb -c 8 -o rgbtest Tatiana.gif
generated three files rgbtest.{R,G,B} containing binary data. Quite how they are to be used is not clear.
That is enough testing. OK for 64-bits.Whiteboard:
(none) =>
MGA6-64-OK
Dave Hodgins
2019-02-20 22:04:18 CET
Keywords:
(none) =>
advisory, validated_update An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0096.html Resolution:
(none) =>
FIXED |