Bug 9198

Summary: pixman new security issue CVE-2013-1591
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: davidwhodgins, sysadmin-bugs, tmb
Version: 2Keywords: validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/540269/
Whiteboard: MGA2-64-OK MGA2-32-OK
Source RPM: pixman-0.24.4-1.mga2.src.rpm CVE:
Status comment:

Description David Walser 2013-02-27 19:20:00 CET 
Fedora has issued an advisory on February 14:
http://lists.fedoraproject.org/pipermail/package-announce/2013-February/099334.html

Cauldron is not affected as it was fixed upstream.

Patched package uploaded for Mageia 2.

Advisory:
========================

Updated pixman packages fix security vulnerability:

Stack-based buffer overflow in libpixman has unspecified impact and attack vectors (CVE-2013-1591).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1591
http://lists.fedoraproject.org/pipermail/package-announce/2013-February/099334.html
========================

Updated packages in core/updates_testing:
========================
libpixman1_0-0.24.4-1.1.mga2
libpixman-devel-0.24.4-1.1.mga2

from pixman-0.24.4-1.1.mga2.src.rpm

Reproducible: 

Steps to Reproduce:
Comment 1 Dave Hodgins 2013-02-28 05:12:04 CET 
Testing complete on Mageia 2 i586 and x86_64.

No poc, so just testing that firefox is working ok, with strace
confirming the library is being used.

Could someone from the sysadmin team push the srpm
pixman-0.24.4-1.1.mga2.src.rpm
from Mageia 2 Core Updates Testing to Core Updates.

Advisory: Updated pixman packages fix security vulnerability:

Stack-based buffer overflow in libpixman has unspecified impact and attack vectors (CVE-2013-1591).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1591
http://lists.fedoraproject.org/pipermail/package-announce/2013-February/099334.html

https://bugs.mageia.org/show_bug.cgi?id=9198

Keywords: (none) => validated_update
CC: (none) => davidwhodgins, sysadmin-bugs
Whiteboard: (none) => MGA2-64-OK MGA2-32-OK

Comment 2 Thomas Backlund 2013-03-01 22:25:27 CET 
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0077

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED