| Summary: | gegl new security issue CVE-2012-4433 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | major | ||
| Priority: | Normal | CC: | fundawang, sysadmin-bugs, tmb |
| Version: | 2 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | i586 | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/524704/ | ||
| Whiteboard: | MGA1TOO, MGA2-64-OK, MGA1-32-OK, MGA1-64-OK, MGA1-32-OK | ||
| Source RPM: | gegl-0.2.0-6.mga3.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2012-11-14 00:25:56 CET
David Walser
2012-11-14 00:26:04 CET
Whiteboard:
(none) =>
MGA2TOO, MGA1TOO All three versions are affected. I have checked the patches into SVN to fix this. It builds fine locally on Mageia 1 and Mageia 2. It does not build in Cauldron, with this seeming to be the problem: "unknown type name 'luaL_reg' from: http://pkgsubmit.mageia.org/uploads/failure/cauldron/core/release/20121116215912.luigiwalser.valstar.23507/log/gegl-0.2.0-7.mga3/build.0.20121116220006.log Funda, could you please look into this? Priority:
Normal =>
High Thanks for fixing the Cauldron package Funda. Priority:
High =>
Normal Patched package uploaded for Mageia 1 and Mageia 2. Advisory: ======================== Updated gegl packages fix security vulnerability: An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the gegl utility processed .ppm (Portable Pixel Map) image files. An attacker could create a specially-crafted .ppm file that, when opened in gegl, would cause gegl to crash or, potentially, execute arbitrary code (CVE-2012-4433). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4433 https://rhn.redhat.com/errata/RHSA-2012-1455.html ======================== Updated packages in core/updates_testing: ======================== gegl-0.1.2-3.1.mga1 libgegl0.1_0-0.1.2-3.1.mga1 libgegl0.1-devel-0.1.2-3.1.mga1 gegl-0.2.0-2.1.mga2 libgegl0.2_0-0.2.0-2.1.mga2 libgegl-devel-0.2.0-2.1.mga2 from SRPMS: gegl-0.1.2-3.1.mga1.src.rpm gegl-0.2.0-2.1.mga2.src.rpm CC:
(none) =>
fundawang no public PoC found and I have no really clue how to test? tested on cli and convert pictures from png to ppm and ppm to png (e.g. # gegl gegl.png -o gegl.ppm) and played around with gegl plugin in gimp. Everything works fine. Are there any more specific tests needed or known? CC:
(none) =>
marc.lattemann If you could reverse your command line test and make it use a PPM file as input, that will hit the affected code, so that would be good. did both ways, but do not have a prepared ppm file for testing the overflow. So tested successfully on mga2 64bit. Will proceed testing the other versions. Whiteboard:
MGA1TOO =>
MGA1TOO, MGA2-64-OK same tests performed for mga2 i586 and mga1 x86_64. But no gegl package found in Core_Update_testing for mga1 i586? [root@localhost urpmi]# LC_ALL=C urpmi gegl Package gegl-0.1.2-3.mga1.i586 is already installed [root@localhost urpmi]# LC_ALL=C urpmi --media 'Core Updates Testing (distrib5)' gegl No package named gegl according to Sophie the package is there. [20:05] <Latte> :v gegl -r 1 [20:05] <Sophie> Latte: 0.1.2-3.1.mga1 // core-updates_testing (Mga, 1, i586) [20:05] <Sophie> Latte: 0.1.2-3.mga1 // core-release (Mga, 1, i586) What am I doing wrong? Whiteboard:
MGA1TOO, MGA2-64-OK =>
MGA1TOO, MGA2-64-OK, MGA1-32-OK, MGA1-64-OK I don't know, but I see it here: http://mageia.c3sl.ufpr.br/distrib/1/i586/media/core/updates_testing/gegl-0.1.2-3.1.mga1.i586.rpm maybe you forgot to update media hdlists... urpmi.update "core updates testing" CC:
(none) =>
tmb I don't know (I always using 'urpmi.update -a' after activating testing repos) - some server don't seem to be up-to-date. However using server David mentioned I could install gegl from updates_testing and everything is working on mga1 i586 as well. Validating update: please use advisory from Comment 3 Can sysadmin push package to updates? Thanks. Keywords:
(none) =>
validated_update Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0335 Status:
NEW =>
RESOLVED |