OpenSuSE has issued an advisory today (June 19): http://lists.opensuse.org/opensuse-updates/2013-06/msg00168.html Mageia 2 and Mageia 3 are also affected. Reproducible: Steps to Reproduce:
CC: (none) => fundawangWhiteboard: (none) => MGA3TOO, MGA2TOO
Patched packages uploaded for Mageia 2, Mageia 3, and Cauldron. Advisory: ======================== Updated autotrace packages fix security vulnerability: Stack-based buffer overflow in bmp parser (CVE-2013-1953). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1953 http://lists.opensuse.org/opensuse-updates/2013-06/msg00168.html ======================== Updated packages in core/updates_testing: ======================== autotrace-0.31.1-34.1.mga2 libautotrace3-0.31.1-34.1.mga2 libautotrace-devel-0.31.1-34.1.mga2 autotrace-0.31.1-37.1.mga3 libautotrace3-0.31.1-37.1.mga3 libautotrace-devel-0.31.1-37.1.mga3 from SRPMS: autotrace-0.31.1-34.1.mga2.src.rpm autotrace-0.31.1-37.1.mga3.src.rpm
CC: (none) => thomasVersion: Cauldron => 3Assignee: thomas => qa-bugsWhiteboard: MGA3TOO, MGA2TOO => MGA2TOO
Tested on MGA3 32 urpmi autotrace 0.31.1-37.mga3 Ran command autotrace autotrace -input-format BMP test5.bmp -output-file test5.svg Created new file test5.svg $MIRRORLIST: media/core/updates_testing/autotrace-0.31.1-37.1.mga3.i586.rpm installing autotrace-0.31.1-37.1.mga3.i586.rpm from /var/cache/urpmi/rpms Preparing... ############################################ 1/1: autotrace ############################################ 1/1: removing autotrace-0.31.1-37.mga3.i586 To satisfy dependencies, the following packages are going to be installed: Package Version Release Arch (medium "Core Updates Testing") autotrace 0.31.1 37.1.mga3 i586 libautotrace3 0.31.1 37.1.mga3 i586 "NOTE libautotrace-devel-0.31.1-37.1.mga3.i586 Had to be installed seperatly is this correct". sudo urpmi --media 'Core Updates Testing' libautotrace-devel-0.31.1-37.1.mga3 A requested package cannot be installed: libautotrace-devel-0.31.1-37.1.mga3.i586 (due to unsatisfied devel(libm)) Continue installation anyway? (Y/n) Rerun same test created test5.svg
CC: (none) => martynvidlerWhiteboard: MGA2TOO => MGA2TOO MGA3-32-ok
Tested MGA2 32 Completed as comment 2 Same results ok
Whiteboard: MGA2TOO MGA3-32-ok => MGA2TOO MGA3-32-ok MGA2-32-ok
MGA3 64 installed autotrace 0.31.1-37.mga3 Updated rsync://www.mirrorservice.org/mageia.org/pub/mageia/distrib/3/x86_64/media/core/updates_testing/autotrace-0.31.1-37.1.mga3.x86_64.rpm installing autotrace-0.31.1-37.1.mga3.x86_64.rpm from /var/cache/urpmi/rpms Preparing... ############################################# 1/1: autotrace ############################################# 1/1: removing autotrace-0.31.1-37.mga3.x86_64 sudo urpmi --media 'Core Updates Testing' libautotrace3-0.31.1.37.1.mga3 No package named libautotrace3-0.31.1.37.1.mga3 sudo urpmi --media 'Core Updates Testing' libautotrace-devel-0.31.1.37.mga3 No package named libautotrace-devel-0.31.1.37.mga3
The libs will be named lib64... rather than lib... on x86_64
Thks Claire Tested MGA3 64 and MGA2 64 Repeated above test Both 64 bit arch's passed Validating for update
Whiteboard: MGA2TOO MGA3-32-ok MGA2-32-ok => MGA2TOO MGA3-32-ok MGA2-32-ok MGA2-64-ok MGA3-64-ok
http://svnweb.mageia.org/advisories/10566.adv?view=markup&sortby=date has been uploaded. Could someone from the sysadmin team push 10566.adv
Keywords: (none) => validated_updateCC: (none) => davidwhodgins, sysadmin-bugs
http://advisories.mageia.org/MGASA-2013-0195.html
Status: NEW => RESOLVEDCC: (none) => boklmResolution: (none) => FIXED
CC: boklm => (none)