| Summary: | t1lib new security issues CVE-2011-0433 and CVE-2011-155[2-4] | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | normal | ||
| Priority: | Normal | CC: | davidwhodgins, fundawang, geiger.david68210, sysadmin-bugs, tmb |
| Version: | 1 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Source RPM: | t1lib-5.1.2-9.2.mga1 | CVE: | |
| Status comment: | |||
|
Description
David Walser
2012-01-12 19:48:44 CET
David Walser
2012-01-12 19:51:49 CET
CC:
(none) =>
balcaen.john
Manuel Hiebel
2012-01-14 13:31:56 CET
CC:
(none) =>
fundawang Thanks funda so reassign to the QA CC:
balcaen.john =>
(none) The new version for the srpm is t1lib-5.1.2-9.3.mga1.src.rpm CC:
(none) =>
geiger.david68210 Testing complete on i586 for the srpm t1lib-5.1.2-9.3.mga1.src.rpm Testing using abiword to display a document. CC:
(none) =>
davidwhodgins (In reply to comment #3) > The new version for the srpm is t1lib-5.1.2-9.3.mga1.src.rpm David Geiger, did you test on x86_64? Advisory: ======================== Updated t1lib packages fix security vulnerabilities: A heap-based buffer overflow flaw was found in the way AFM font file parser, used for rendering of DVI files, in GNOME evince document viewer and other products, processed line tokens from the given input stream. A remote attacker could provide a DVI file, with embedded specially-crafted font file, and trick the local user to open it with an application using the AFM font parser, leading to that particular application crash or, potentially, arbitrary code execution with the privileges of the user running the application. Different vulnerability than CVE-2010-2642 (CVE-2011-0433). t1lib 5.1.2 and earlier reads from invalid memory locations, which allows remote attackers to cause a denial of service (application crash) via a crafted Type 1 font in a PDF document, a different vulnerability than CVE-2011-0764 (CVE-2011-1552). Use-after-free vulnerability in t1lib 5.1.2 and earlier allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory write, a different vulnerability than CVE-2011-0764 (CVE-2011-1553). Off-by-one error in t1lib 5.1.2 and earlier allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer overflow, and invalid pointer dereference, a different vulnerability than CVE-2011-0764 (CVE-2011-1554). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0433 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1552 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1553 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1554 https://bugzilla.redhat.com/show_bug.cgi?id=679732 http://www.toucan-system.com/advisories/tssa-2011-01.txt http://www.mandriva.com/en/support/security/advisories/?dis=2010.1&name=MDVSA-2012:004 ======================== Updated packages in core/updates_testing: ======================== libt1lib-devel-5.1.2-9.3.mga1.i586.rpm libt1lib-static-devel-5.1.2-9.3.mga1.i586.rpm libt1lib5-5.1.2-9.3.mga1.i586.rpm t1lib-config-5.1.2-9.3.mga1.i586.rpm t1lib-progs-5.1.2-9.3.mga1.i586.rpm from t1lib-5.1.2-9.3.mga1.src.rpm Testing complete for the srpm t1lib-5.1.2-9.3.mga1.src.rpm on Mageia release 1 (Official) for x86_64 ,works for me. For test: Create a file with AbiWord and with several Type 1 fonts ,then I opened the document with Xpdf, Okular, and Adobe Reader 9 ,it's Ok. Validating. Advisory in Comment 6. Could sysadmin please push from core/updates_testing to core/updates Thank you! Keywords:
(none) =>
validated_update update pushed Status:
ASSIGNED =>
RESOLVED |