OpenSuSE has issued an advisory today (April 8): http://lists.opensuse.org/opensuse-updates/2015-04/msg00016.html Patch committed in Mageia 4 and Cauldron SVN. Freeze push requested for Cauldron. Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA5TOO, MGA4TOO
Patched packages uploaded for Mageia 4 and Cauldron. Advisory: ======================== Updated potrace packages fix security vulnerability: Multiple integer overflows in potrace 1.11 allow remote attackers to cause a denial of service (crash) via large dimensions in a BMP image, which triggers a buffer overflow (CVE-2013-7437). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7437 http://lists.opensuse.org/opensuse-updates/2015-04/msg00016.html ======================== Updated packages in core/updates_testing: ======================== potrace-1.11-3.1.mga4 libpotrace0-1.11-3.1.mga4 libpotrace-devel-1.11-3.1.mga4 from potrace-1.11-3.1.mga4.src.rpm
Version: Cauldron => 4Assignee: bugsquad => qa-bugsWhiteboard: MGA5TOO, MGA4TOO => (none)
PoC info here: https://bugzilla.redhat.com/show_bug.cgi?id=955808
Tested with the 3 PoC's on the RedHat bug, just running "potrace n.bmp" where n was 1, 2, or 3. Before the update 1 said premature end of file, 2 segfaulted, and 3 aborted with a stack trace with an error with free(). After the update, 1 says invalid bmp file, and 2 and 3 say cannot allocate memory.
Whiteboard: (none) => has_procedure MGA4-32-OK
In VirtualBox, M4, KDE, 32-bit Download bmp files from: https://bugzilla.redhat.com/show_bug.cgi?id=955808 Package(s) under test: potrace libpotrace0 libpotrace-devel default install of potrace libpotrace0 libpotrace-devel [root@localhost wilcal]# urpmi potrace Package potrace-1.11-3.mga4.i586 is already installed [root@localhost wilcal]# urpmi libpotrace0 Package lib64potrace0-1.11-3.mga4.i586 is already installed [root@localhost wilcal]# urpmi libpotrace-devel Package lib64potrace-devel-1.11-3.mga4.i586 is already installed [wilcal@localhost Pictures]$ potrace -n 1.bmp potrace: warning: 1.bmp: premature end of file Generates eps files [wilcal@localhost Pictures]$ potrace -n 2.bmp potrace: warning: 2.bmp: premature end of file Segmentation fault [wilcal@localhost Pictures]$ potrace -n 3.bmp *** Error in `potrace': free(): invalid next size (fast): 0x085c4330 *** ======= Backtrace: =========.......... install potrace libpotrace0 libpotrace-devel from updates_testing [root@localhost Pictures]# urpmi potrace Package potrace-1.11-3.1.mga4.i586 is already installed [root@localhost Pictures]# urpmi libpotrace0 Package libpotrace0-1.11-3.1.mga4.i586 is already installed [root@localhost Pictures]# urpmi libpotrace-devel Package libpotrace-devel-1.11-3.1.mga4.i586 is already installed [wilcal@localhost Pictures]$ potrace -n 1.bmp potrace: 1.bmp: file format error: invalid bmp file [wilcal@localhost Pictures]$ potrace -n 2.bmp potrace: 2.bmp: Cannot allocate memory [wilcal@localhost Pictures]$ potrace -n 3.bmp potrace: 3.bmp: Cannot allocate memory Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver virtualbox-4.3.26-1.mga4.x86_64 virtualbox-guest-additions-4.3.26-1.mga4.x86_64
CC: (none) => wilcal.int
In VirtualBox, M4, KDE, 64-bit Download bmp files from: https://bugzilla.redhat.com/show_bug.cgi?id=955808 Package(s) under test: potrace lib64potrace0 lib64potrace-devel default install of potrace lib64potrace0 lib64potrace-devel [root@localhost wilcal]# urpmi potrace Package potrace-1.11-3.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi lib64potrace0 Package lib64potrace0-1.11-3.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi lib64potrace-devel Package lib64potrace-devel-1.11-3.mga4.x86_64 is already installed [wilcal@localhost Pictures]$ potrace -n 1.bmp potrace: warning: 1.bmp: premature end of file *** Error in `potrace': free(): invalid next size (fast): 0x0000000001d18580 *** ======= Backtrace: =========.... [wilcal@localhost Pictures]$ potrace -n 2.bmp potrace: warning: 2.bmp: premature end of file Segmentation fault [wilcal@localhost Pictures]$ potrace -n 3.bmp potrace: 3.bmp: Cannot allocate memory install potrace lib64potrace0 lib64potrace-devel from updates_testing [root@localhost wilcal]# urpmi potrace Package potrace-1.11-3.1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi lib64potrace0 Package lib64potrace0-1.11-3.1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi lib64potrace-devel Package lib64potrace-devel-1.11-3.1.mga4.x86_64 is already installed [wilcal@localhost Pictures]$ potrace 1.bmp potrace: 1.bmp: file format error: invalid bmp file [wilcal@localhost Pictures]$ potrace -n 2.bmp potrace: 2.bmp: Cannot allocate memory [wilcal@localhost Pictures]$ potrace 3.bmp potrace: 3.bmp: Cannot allocate memory Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver virtualbox-4.3.26-1.mga4.x86_64 virtualbox-guest-additions-4.3.26-1.mga4.x86_64
Looks fixed to me. What you say David?
Yes, please validate this. Thanks.
This update works fine. Testing complete for mga4 32-bit & 64-bit Validating the update. Could someone from the sysadmin team push this to updates. Thanks
Whiteboard: has_procedure MGA4-32-OK => has_procedure MGA4-32-OK MGA4-64-OK
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Advisory uploaded.
Whiteboard: has_procedure MGA4-32-OK MGA4-64-OK => has_procedure MGA4-32-OK MGA4-64-OK advisory
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0161.html
Status: NEW => RESOLVEDResolution: (none) => FIXED