11874 – pixman new security issue CVE-2013-6425

Bug 11874 - pixman new security issue CVE-2013-6425

Summary: pixman new security issue CVE-2013-6425

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	3
Hardware:	i586 Linux

Priority:	Normal Severity: major
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:	http://lwn.net/Vulnerabilities/575643/
Whiteboard:	advisory MGA3-64-OK MGA3-32-OK
Keywords:	validated_update

Depends on:
Blocks:

Reported:	2013-12-04 19:38 CET by David Walser
Modified:	2013-12-10 00:45 CET (History)
CC List:	4 users (show)

See Also:
Source RPM:	pixman-0.28.2-2.mga3.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2013-12-04 19:38:19 CET

Ubuntu has issued an advisory on December 3:
http://www.ubuntu.com/usn/usn-2047-1/

A CVE was requested and granted for this issue:
http://openwall.com/lists/oss-security/2013/12/04/8

The issue is already fixed upstream in the pixman version in Cauldron.

Note to QA: there's a PoC in the launchpad bug.  Beware, it crashes the X server.

Advisory:
========================

Updated pixman packages fix security vulnerability:

Bryan Quigley discovered an integer underflow in pixman. If a user were
tricked into opening a specially crafted file, an attacker could cause a
denial of service via application crash (CVE-2013-6425).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6425
http://openwall.com/lists/oss-security/2013/12/04/8
http://www.ubuntu.com/usn/usn-2047-1/
========================

Updated packages in core/updates_testing:
========================
libpixman1_0-0.28.2-2.1.mga3
libpixman-devel-0.28.2-2.1.mga3

from pixman-0.28.2-2.1.mga3.src.rpm

Reproducible: 

Steps to Reproduce:

Comment 1 David Walser 2013-12-04 19:40:13 CET

CC'ing Thierry.  Thierry, please have a look at this also, since there's also CVE-2013-6424 for Xorg and patches for that.  Here's the oss-sec thread:
http://openwall.com/lists/oss-security/2013/12/04/8

The Launchpad bug has more info which may be of interest as well:
https://launchpad.net/bugs/1197921

CC: (none) => thierry.vignaud
Version: Cauldron => 3

Comment 2 Dave Hodgins 2013-12-05 18:03:55 CET

Poc file available at
https://bugs.launchpad.net/ubuntu/+source/xorg-server/+bug/1197921/+attachment/3748789/+files/plantage-mai-only-empty.ods

Advisory 11874.adv committed to svn.

CC: (none) => davidwhodgins
Whiteboard: (none) => advisory

Comment 3 Dave Hodgins 2013-12-05 19:38:39 CET

Testing complete on Mageia 3 i586 and x86_64. Validating the update.

Someone from the sysadmin team please push 11874.adv to updates.

Keywords: (none) => validated_update
Whiteboard: advisory => advisory MGA3-64-OK MGA3-32-OK
CC: (none) => sysadmin-bugs

Comment 4 Thomas Backlund 2013-12-06 23:05:23 CET

Update pushed:
http://advisories.mageia.org/MGASA-2013-0366.html

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED

Comment 5 David Walser 2013-12-10 00:45:14 CET

LWN has posted the reference for this, with a new page since the Ubuntu one didn't list a CVE.  I let them know and imagine they'll combine them soon:
http://lwn.net/Vulnerabilities/576267/

Note You need to log in before you can comment on or make changes to this bug.