Bug 17317 - potrace new security issues fixed upstream in 1.13
Summary: potrace new security issues fixed upstream in 1.13
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 5
Hardware: i586 Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL: http://lwn.net/Vulnerabilities/667321/
Whiteboard: has_procedure mga5-32-ok advisory
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2015-12-09 16:47 CET by David Walser
Modified: 2015-12-16 22:01 CET (History)
1 user (show)

See Also:
Source RPM: potrace-1.11-7.mga5.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2015-12-09 16:47:13 CET
Fedora has issued an advisory on December 8:
https://lists.fedoraproject.org/pipermail/package-announce/2015-December/173441.html

The issues are fixed in version 1.13:
http://potrace.sourceforge.net/NEWS

Updated packages uploaded for Mageia 5 and Cauldron.

Advisory:
========================

Updated potrace packages fix security vulnerabilities:

Potrace before 1.13 has some critical bugs in the processing of BMP files.
These bugs allowed the program to be crashed, or potentially to be abused in
other ways, by feeding it specially crafted BMP files, due to heap overflow,
null pointer dereference, and divide by zero issues.

References:
http://potrace.sourceforge.net/NEWS
https://lists.fedoraproject.org/pipermail/package-announce/2015-December/173441.html
========================

Updated packages in core/updates_testing:
========================
potrace-1.13-1.mga5
libpotrace0-1.13-1.mga5
libpotrace-devel-1.13-1.mga5

from potrace-1.13-1.mga5.src.rpm

Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2015-12-09 16:48:03 CET
I don't know of PoC's for this one, but we had some when we tested a previous fix in Bug 15658.  That might help for testing this time.
David Walser 2015-12-09 18:42:09 CET

URL: (none) => http://lwn.net/Vulnerabilities/667321/

claire robinson 2015-12-10 22:33:16 CET

Whiteboard: (none) => has_procedure

Comment 2 claire robinson 2015-12-14 18:26:14 CET
Testing complete mga5 32

Used reproducers from previous update in bug 15658 and also converted a bmp to eps

$ potrace -n 1.bmp 
potrace: 1.bmp: file format error: invalid bmp file
$ potrace -n 2.bmp 
potrace: 2.bmp: Cannot allocate memory
$ potrace -n 3.bmp 
potrace: 3.bmp: Cannot allocate memory

$ potrace LOGO.bmp

Outputs LOGO.eps which could be opened in inkscape.

Whiteboard: has_procedure => has_procedure mga5-32-ok

Rémi Verschelde 2015-12-15 07:34:19 CET

Whiteboard: has_procedure mga5-32-ok => has_procedure mga5-32-ok advisory

Comment 3 claire robinson 2015-12-16 16:10:00 CET
Validating.

Please push to 5 updates

Thanks

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 4 Mageia Robot 2015-12-16 22:01:58 CET
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2015-0474.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.