I have uploaded a patched eom package for Mageia 5. You can test this by: 1. Install gtk+2.0-2.24.26-3.mga5 from core/updates_testing which is also fixed to be ensure that it is not a gtk+2.0 issue. 2. Insall eom if it isn't installed. 2. Download the archive which contains a large image file from: https://bugs.launchpad.net/ubuntu/+source/gtk+2.0/+bug/1540811/+attachment/4561945/+files/image.tar 3. Unpack it and open the unpacked image (27000_27000_1437947845.png) in eom. 5. eom hangs and crashes. After installing patched eom package this error should not occur. Suggested advisory: ======================== Updated eom packages fix security vulnerability: Due to a logic error, an attempt to allocate a large block of memory fails in gdk_cairo_set_source_pixbuf, leading to a crash of eom (CVE-2013-7447). References: https://github.com/mate-desktop/eom/issues/93 https://bugs.launchpad.net/ubuntu/+source/gtk+2.0/+bug/1540811 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799275 https://bugzilla.gnome.org/show_bug.cgi?id=703220 https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6 http://openwall.com/lists/oss-security/2016/02/10/2 https://bugs.mageia.org/show_bug.cgi?id=17731 ======================== Updated packages in core/updates_testing: ======================== eom-1.8.1-2.1.mga5 eom-devel-1.8.1-2.1.mga5 Source RPMs: ======================== eom-1.8.1-2.1.mga5.src.rpm Reproducible: Steps to Reproduce:
Blocks: (none) => 17731Source RPM: eom-1.8.1-2.mat6 => eom-1.8.1-2.mga5
Severity: critical => major
mga5 x86_64 Mate Installed eom-1.8.1-2.1 after the gtk2 update in bug #17738. Ran eom on the same files as used in the bug #17738 test and all displayed correctly, including the 27000x27000 PNG image. Installed eom-devel-1.8.1-2.1 after the fact because i had forgotten install it beforehand. # urpmi --search-media "Updates Testing" eom-devel
CC: (none) => tarazed25
Whiteboard: (none) => has_procedure MGA5-64-OK
mga5 i586 in virtualbox Mate eom had already been tested against the updated gtk+2.0. Updated eom to eom-1.8.1-2.1 and repeated the image display tests. The very large PNG image displayed at 4%x4% of its actual size. Displayed several images of different sizes; PNG, JPEG and SVG.
Switched to KDE4 to make sure that as a Mate tool the update is Desktop agnostic. The tests all ran fine but eom picked out a corrupt JPEG in my icons folder. It objected to AngryGuyInABunnySuit.jpg because the header starts with four zero bytes. identify also reports this but gqview ignores the problem and displays the icon anyway. $ file AngryGuyInBunnySuit.jpg AngryGuyInBunnySuit.jpg: MS Windows icon resource - 1 icon, 32x32 eog also traps this as well. This update can be pushed to Mageia 5 Updates.
Keywords: (none) => validated_updateWhiteboard: has_procedure MGA5-64-OK => has_procedure MGA5-64-OK MGA5-32-OKCC: (none) => sysadmin-bugs
Advisory uploaded.
Whiteboard: has_procedure MGA5-64-OK MGA5-32-OK => has_procedure advisory MGA5-64-OK MGA5-32-OK
URL: (none) => http://lwn.net/Vulnerabilities/675834/
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0070.html
Status: NEW => RESOLVEDResolution: (none) => FIXED