Bug 2660

Summary: Updated librsvg package to fix CVE-2011-3146
Product: Mageia Reporter: Funda Wang <fundawang>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: Normal CC: davidwhodgins, eeeemail, geiger.david68210, misc, stormi-mageia, sysadmin-bugs
Version: 1Keywords: Security, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3146
Whiteboard:
Source RPM: librsvg-2.32.1-1.1.mga1.src.rpm CVE:
Status comment:

Description Funda Wang 2011-09-07 19:54:04 CEST 
http://git.gnome.org/browse/librsvg/commit/?id=34c95743ca692ea0e44778e41a7c0a129363de84:

Store node type separately in RsvgNode
The node name (formerly RsvgNode:type) cannot be used to infer
the sub-type of RsvgNode that we're dealing with, since for unknown
elements we put type = node-name. This lead to a (potentially exploitable)
crash e.g. when the element name started with "fe" which tricked
the old code into considering it as a RsvgFilterPrimitive.

CVE-2011-3146

https://bugzilla.gnome.org/show_bug.cgi?id=658014

The updated packages have been patched to fix CVE-2011-3146.
Manuel Hiebel 2011-09-07 19:56:21 CEST

Assignee: bugsquad => qa-bugs

Comment 1 Dave Hodgins 2011-09-08 00:22:28 CEST 
Is there a poc to demonstrated the crash?

I've confirmed that librsvg-2.32.1-1.1.mga1.src.rpm
works with eog viewing .svg images on i586.

CC: (none) => davidwhodgins

Comment 2 Dave Hodgins 2011-09-09 23:29:31 CEST 
Still need an x86-64 test for this security update.

No poc, so just confirm it that svg images can be viewed, in for example eog.
Comment 3 claire robinson 2011-09-10 12:50:46 CEST 
Tested OK x86_64 with rsvg-view & eog

Update validated.



Advisory:
------------

This update has been issued to patch CVE-2011-3146

------------

Source RPM: librsvg-2.32.1-1.1.mga1.src.rpm

Could somebody from sysadmin please push from core/updates_testing to core/updates.


Thankyou!

Keywords: (none) => validated_update
CC: (none) => eeeemail, sysadmin-bugs

Samuel Verschelde 2011-09-12 14:33:06 CEST

Keywords: (none) => Security
CC: (none) => stormi

Comment 4 Michael Scherer 2011-09-12 17:16:58 CEST 
Done. But the changelog was a little bit too terse :/ 
( on the other hand, the gnome bug was not really clear ).

CC: (none) => misc

Comment 5 Michael Scherer 2011-09-12 17:17:14 CEST 
Of course, i forgot to close it .

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Comment 6 David GEIGER 2011-09-12 19:07:33 CEST 
Hello,

Tested on Mageia release 1 (Official) for x86_64 with rsvg-view,it's OK for me too.

CC: (none) => geiger.david68210