Bug 11874 - pixman new security issue CVE-2013-6425
Summary: pixman new security issue CVE-2013-6425
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 3
Hardware: i586 Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL: http://lwn.net/Vulnerabilities/575643/
Whiteboard: advisory MGA3-64-OK MGA3-32-OK
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2013-12-04 19:38 CET by David Walser
Modified: 2013-12-10 00:45 CET (History)
4 users (show)

See Also:
Source RPM: pixman-0.28.2-2.mga3.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2013-12-04 19:38:19 CET
Ubuntu has issued an advisory on December 3:
http://www.ubuntu.com/usn/usn-2047-1/

A CVE was requested and granted for this issue:
http://openwall.com/lists/oss-security/2013/12/04/8

The issue is already fixed upstream in the pixman version in Cauldron.

Note to QA: there's a PoC in the launchpad bug.  Beware, it crashes the X server.

Advisory:
========================

Updated pixman packages fix security vulnerability:

Bryan Quigley discovered an integer underflow in pixman. If a user were
tricked into opening a specially crafted file, an attacker could cause a
denial of service via application crash (CVE-2013-6425).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6425
http://openwall.com/lists/oss-security/2013/12/04/8
http://www.ubuntu.com/usn/usn-2047-1/
========================

Updated packages in core/updates_testing:
========================
libpixman1_0-0.28.2-2.1.mga3
libpixman-devel-0.28.2-2.1.mga3

from pixman-0.28.2-2.1.mga3.src.rpm

Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2013-12-04 19:40:13 CET
CC'ing Thierry.  Thierry, please have a look at this also, since there's also CVE-2013-6424 for Xorg and patches for that.  Here's the oss-sec thread:
http://openwall.com/lists/oss-security/2013/12/04/8

The Launchpad bug has more info which may be of interest as well:
https://launchpad.net/bugs/1197921

CC: (none) => thierry.vignaud
Version: Cauldron => 3

Comment 2 Dave Hodgins 2013-12-05 18:03:55 CET
Poc file available at
https://bugs.launchpad.net/ubuntu/+source/xorg-server/+bug/1197921/+attachment/3748789/+files/plantage-mai-only-empty.ods

Advisory 11874.adv committed to svn.

CC: (none) => davidwhodgins
Whiteboard: (none) => advisory

Comment 3 Dave Hodgins 2013-12-05 19:38:39 CET
Testing complete on Mageia 3 i586 and x86_64. Validating the update.

Someone from the sysadmin team please push 11874.adv to updates.

Keywords: (none) => validated_update
Whiteboard: advisory => advisory MGA3-64-OK MGA3-32-OK
CC: (none) => sysadmin-bugs

Comment 4 Thomas Backlund 2013-12-06 23:05:23 CET
Update pushed:
http://advisories.mageia.org/MGASA-2013-0366.html

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED

Comment 5 David Walser 2013-12-10 00:45:14 CET
LWN has posted the reference for this, with a new page since the Ubuntu one didn't list a CVE.  I let them know and imagine they'll combine them soon:
http://lwn.net/Vulnerabilities/576267/

Note You need to log in before you can comment on or make changes to this bug.