Bug 19666 - cairo new security issue CVE-2016-9082
Summary: cairo new security issue CVE-2016-9082
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 5
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL: http://lwn.net/Vulnerabilities/705119/
Whiteboard: advisory MGA5-64-OK MGA5-32-OK
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2016-10-27 14:12 CEST by David Walser
Modified: 2017-07-13 11:24 CEST (History)
5 users (show)

See Also:
Source RPM: cairo-1.14.6-3.mga6.src.rpm
CVE: CVE-2016-9082
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2016-10-27 14:12:53 CEST 
A CVE has been assigned for a security issue in cairo:
http://openwall.com/lists/oss-security/2016/10/27/2

A patch has been proposed upstream and is linked from the message above.
David Walser 2016-10-27 14:13:33 CEST

Whiteboard: (none) => MGA5TOO

Comment 1 Marja Van Waes 2016-10-27 18:39:28 CEST 
Assigning to the registered maintainer.

CC: (none) => marja11
Assignee: bugsquad => shlomif

Comment 2 David Walser 2016-10-31 20:17:09 CET 
Debian-LTS has issued an advisory for this on October 28:
http://lwn.net/Alerts/705059/

URL: (none) => http://lwn.net/Vulnerabilities/705119/

Nicolas Lécureuil 2017-04-27 13:35:42 CEST

CVE: (none) => CVE-2016-9082
CC: (none) => mageia

Nicolas Lécureuil 2017-04-27 13:54:05 CEST

Whiteboard: MGA5TOO => (none)
Version: Cauldron => 5

Comment 3 Nicolas Lécureuil 2017-04-27 13:54:15 CEST 
fixed in cauldron
Comment 4 David Walser 2017-07-09 02:45:48 CEST 
Patched package uploaded for Mageia 5.

Advisory:
========================

Updated cairo packages fix security vulnerability:

It was discovered that there was a possible DoS attack in Cairo. An SVG could
generate invalid pointers from a _cairo_image_surface in write_png
(CVE-2016-9082).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9082
https://lwn.net/Alerts/705059/
========================

Updated packages in core/updates_testing:
========================
libcairo2-1.14.0-1.1.mga5
libcairo-devel-1.14.0-1.1.mga5
libcairo-static-devel-1.14.0-1.1.mga5

from cairo-1.14.0-1.1.mga5.src.rpm

Assignee: shlomif => qa-bugs

Comment 5 Brian Rockwell 2017-07-10 01:09:33 CEST 
$ uname -a
Linux localhost.localdomain 4.4.74-desktop-1.mga5 #1 SMP Mon Jun 26 08:33:18 UTC 2017 i686 i686 i686 GNU/Linux


I installed the library plus inkscape.  Inkscape seems to be working as designed.
Comment 6 Brian Rockwell 2017-07-10 01:09:33 CEST 
$ uname -a
Linux localhost.localdomain 4.4.74-desktop-1.mga5 #1 SMP Mon Jun 26 08:33:18 UTC 2017 i686 i686 i686 GNU/Linux


I installed the library plus inkscape.  Inkscape seems to be working as designed.

CC: (none) => brtians1

Comment 7 Brian Rockwell 2017-07-10 01:09:56 CEST 
$ uname -a
Linux localhost.localdomain 4.4.74-desktop-1.mga5 #1 SMP Mon Jun 26 08:33:18 UTC 2017 i686 i686 i686 GNU/Linux


I installed the library plus inkscape.  Inkscape seems to be working as designed.
Comment 8 Dave Hodgins 2017-07-13 04:49:40 CEST 
[dave@i5v ~]$ strace -f -ostrace.txt gpaint-2 /var/lib/mageia/kde4-profiles/Default/share/icons/oxygen/128x128/places/mgabutton.png
[dave@i5v ~]$ grep cairo.so strace.txt 
5342  open("/lib/libcairo.so.2", O_RDONLY|O_CLOEXEC) = 3

[dave@x5v ~]$ strace -f -ostrace.txt gpaint-2 /var/lib/mageia/kde4-profiles/Default/share/icons/oxygen/128x128/places/mgabutton.png
[dave@x5v ~]$ grep cairo.so strace.txt 
5246  open("/lib64/libcairo.so.2", O_RDONLY|O_CLOEXEC) = 3

Validating the update.

Keywords: (none) => validated_update
Whiteboard: (none) => advisory MGA5-64-OK MGA5-32-OK
CC: (none) => davidwhodgins, sysadmin-bugs

Comment 9 Mageia Robot 2017-07-13 11:24:15 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2017-0205.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED
Note You need to log in before you can comment on or make changes to this bug.