CVEs were requested for two more heap overflow issues in gdk-pixbuf2.0: http://openwall.com/lists/oss-security/2015/10/01/3 http://openwall.com/lists/oss-security/2015/10/01/4 However, I'm not sure that two requests were appropriate, because they may be the same issue. The only commit between 2.32.0 and 2.32.1 (where they say the issues were fixed) that could be relevant is this one: https://git.gnome.org/browse/gdk-pixbuf/commit/?h=gdk-pixbuf-2-32&id=e9a5704edaa9aee9498f1fbf6e1b70fcce2e55aa The other commits are translation and build system updates, as well as dropping support for a few image formats. Anyway, 2.31.x was the development branch that led up to the stable 2.32 branch, so I've updated both Mageia 5 and Cauldron to 2.32.1. Advisory to come later pending the results of the CVE requests. Something's wrong with the build system right now too, so I'll assign this to QA after it actually builds. Reproducible: Steps to Reproduce:
The requests were clarified. The commit I identified fixes the second issue with gif files. The first issue with tga files was actually fixed in 2.32.0 with a few commits, so this update was necessary to pull those fixes in: http://openwall.com/lists/oss-security/2015/10/01/6 http://openwall.com/lists/oss-security/2015/10/01/7 Advisory pending CVE requests. Advisory: ======================== Updated gdk-pixbuf packages fix security vulnerabilities: Security researcher Gustavo Grieco reported a heap overflow in gdk-pixbuf before 2.32.0. This issue is triggered by the scaling of a malformed tga format image and results in a potentially exploitable crash. Security researcher Gustavo Grieco reported a heap overflow in gdk-pixbuf before 2.32.1. This issue is triggered by the scaling of a malformed gif format image. References: http://openwall.com/lists/oss-security/2015/10/01/3 http://openwall.com/lists/oss-security/2015/10/01/4 ======================== Updated packages in core/updates_testing: ======================== gdk-pixbuf2.0-2.32.1-1.mga5 libgdk_pixbuf2.0_0-2.32.1-1.mga5 libgdk_pixbuf2.0-devel-2.32.1-1.mga5 libgdk_pixbuf-gir2.0-2.32.1-1.mga5 from gdk-pixbuf2.0-2.32.1-1.mga5.src.rpm
Assignee: bugsquad => qa-bugs
Working fine Mageia 5 i586. Searched for bunnies in Google Image Search :o)
Whiteboard: (none) => has_procedure MGA5-32-OK
CVE assignments: http://openwall.com/lists/oss-security/2015/10/02/9 http://openwall.com/lists/oss-security/2015/10/02/10 Advisory: ======================== Updated gdk-pixbuf packages fix security vulnerabilities: Security researcher Gustavo Grieco reported a heap overflow in gdk-pixbuf before 2.32.0. This issue is triggered by the scaling of a malformed tga format image and results in a potentially exploitable crash (CVE-2015-7673). Security researcher Gustavo Grieco reported a heap overflow in gdk-pixbuf before 2.32.1. This issue is triggered by the scaling of a malformed gif format image (CVE-2015-7674). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7673 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7674 http://openwall.com/lists/oss-security/2015/10/02/9 http://openwall.com/lists/oss-security/2015/10/02/10
Summary: gdk-pixbuf2.0 more heap overflow issues => gdk-pixbuf2.0 more heap overflow issues (CVE-2015-7673, CVE-2015-7674)
mga5 x86_64 Installed packages : lib64gdk_pixbuf-gir2.0-2.32.1-1.mga5.x86_64.rpm lib64gdk_pixbuf2.0_0-2.32.1-1.mga5.x86_64.rpm lib64gdk_pixbuf2.0-devel-2.32.1-1.mga5.x86_64.rpm gdk-pixbuf2.0-2.32.1-1.mga5.x86_64.rpm Bunnies looks fine. Update OK.
Whiteboard: has_procedure MGA5-32-OK => has_procedure MGA5-32-OK MGA5-64-OKCC: (none) => yann.cantin
Bunnies ftw \o/ Validating. Advisory uploaded. Please push to 5 updates Thanks
Keywords: (none) => validated_updateWhiteboard: has_procedure MGA5-32-OK MGA5-64-OK => has_procedure advisory MGA5-32-OK MGA5-64-OKCC: (none) => sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0388.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED
FYI, we have some actual PoCs now: http://seclists.org/oss-sec/2015/q4/31 http://seclists.org/oss-sec/2015/q4/32
URL: (none) => http://lwn.net/Vulnerabilities/659284/