Fedora has issued an advisory on December 8: https://lists.fedoraproject.org/pipermail/package-announce/2015-December/173441.html The issues are fixed in version 1.13: http://potrace.sourceforge.net/NEWS Updated packages uploaded for Mageia 5 and Cauldron. Advisory: ======================== Updated potrace packages fix security vulnerabilities: Potrace before 1.13 has some critical bugs in the processing of BMP files. These bugs allowed the program to be crashed, or potentially to be abused in other ways, by feeding it specially crafted BMP files, due to heap overflow, null pointer dereference, and divide by zero issues. References: http://potrace.sourceforge.net/NEWS https://lists.fedoraproject.org/pipermail/package-announce/2015-December/173441.html ======================== Updated packages in core/updates_testing: ======================== potrace-1.13-1.mga5 libpotrace0-1.13-1.mga5 libpotrace-devel-1.13-1.mga5 from potrace-1.13-1.mga5.src.rpm Reproducible: Steps to Reproduce:
I don't know of PoC's for this one, but we had some when we tested a previous fix in Bug 15658. That might help for testing this time.
URL: (none) => http://lwn.net/Vulnerabilities/667321/
Whiteboard: (none) => has_procedure
Testing complete mga5 32 Used reproducers from previous update in bug 15658 and also converted a bmp to eps $ potrace -n 1.bmp potrace: 1.bmp: file format error: invalid bmp file $ potrace -n 2.bmp potrace: 2.bmp: Cannot allocate memory $ potrace -n 3.bmp potrace: 3.bmp: Cannot allocate memory $ potrace LOGO.bmp Outputs LOGO.eps which could be opened in inkscape.
Whiteboard: has_procedure => has_procedure mga5-32-ok
Whiteboard: has_procedure mga5-32-ok => has_procedure mga5-32-ok advisory
Validating. Please push to 5 updates Thanks
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0474.html
Status: NEW => RESOLVEDResolution: (none) => FIXED