| Summary: | cairo new security issue CVE-2017-9814 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, davidwhodgins, nicolas.salguero, sysadmin-bugs, tarazed25 |
| Version: | 8 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA8-64-OK | ||
| Source RPM: | cairo-1.16.0-6.1.mga8.src.rpm | CVE: | CVE-2017-9814 |
| Status comment: | |||
|
Description
David Walser
2022-05-11 20:08:47 CEST
David Walser
2022-05-11 20:09:01 CEST
Whiteboard:
(none) =>
MGA8TOO This is maintained by different people, so assigning the update globally. Assignee:
bugsquad =>
pkg-bugs Hi, In fact, that CVE was already fixed in version 1.16.0. See: bug 26981, comment 3. Best regards, Nico. CC:
(none) =>
nicolas.salguero No, that's not true. See here: https://ubuntu.com/security/CVE-2017-9814 https://gitlab.freedesktop.org/cairo/cairo/-/issues/264 The issue wasn't fully fixed until the middle of last year. 1.16.0 was much longer ago. Suggested advisory: ======================== The updated packages fix a security vulnerability: cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call. (CVE-2017-9814) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9814 https://ubuntu.com/security/notices/USN-5407-1 ======================== Updated packages in core/updates_testing: ======================== lib(64)cairo2-1.16.0-6.2.mga8 lib(64)cairo-devel-1.16.0-6.2.mga8 lib(64)cairo-static-devel-1.16.0-6.2.mga8 from SRPM: cairo-1.16.0-6.2.mga8.src.rpm Status:
NEW =>
ASSIGNED mga8, x64 $ rpm -q lib64cairo2 lib64cairo2-1.16.0-6.1.mga8 PoC at https://bugs.freedesktop.org/show_bug.cgi?id=101547 but noting comments 2 and 3 no expectation of trouble. And there is not. $ hb-view 1.ttf "Sixteen tons and whadyaget?" $ $ strace -o atril.trace atril PoC.pdf <displays a page containing a meaningful string> $ grep cairo atril.trace openat(AT_FDCWD, "/lib64/libcairo.so.2", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/lib64/libpangocairo-1.0.so.0", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/lib64/libcairo-gobject.so.2", O_RDONLY|O_CLOEXEC) = 3 After updating: $ atril AN_2022_January.pdf Oops, secure memory pool already initialized ! SyncTeX Error : No file? Oops, secure memory pool already initialized <Browsed pages OK - images displayed fine> The "Oops" messages seem to be standard here. However, the command line reported a bug: *** BUG *** In pixman_region32_init_rect: Invalid rectangle passed Set a breakpoint on '_pixman_log_error' to debug $ atril BashPocketReference.pdf <Oops messages> Clean exit, which implies that the data may have been at fault in the first case. The main library is used by at least 478 applications (excluding libraries). No regressions apparent so this can go out. CC:
(none) =>
tarazed25
Len Lawrence
2022-05-13 19:20:21 CEST
Whiteboard:
(none) =>
MGA8-64-OK (In reply to Len Lawrence from comment #5) > $ hb-view 1.ttf "Sixteen tons and whadyaget?" Another day older and deeper in debt :D
Thomas Andrews
2022-05-14 04:46:55 CEST
CC:
(none) =>
sysadmin-bugs
Dave Hodgins
2022-05-15 00:45:32 CEST
Keywords:
(none) =>
advisory An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0186.html Status:
ASSIGNED =>
RESOLVED |