http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4259 Stack-based buffer overflow in FontForge 20100501 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long CHARSET_REGISTRY header in a BDF font file. exploit : http://www.securityfocus.com/bid/45162/exploit Patch from redhat bugzilla : https://bugzilla.redhat.com/attachment.cgi?id=464658 https://bugzilla.redhat.com/show_bug.cgi?id=659359
CC: (none) => boklm, jani.valimaa, pterjan, thomas
Taking this one.
CC: (none) => doktor5000Assignee: bugsquad => doktor5000
Status: NEW => ASSIGNED
Should be fixed. Also needed to fix compilation with python-2.7. Please tell me how to proceed, as this is my first security update. I think the only thing missing from the commit is subrel. I've tested that the old fontforge package was affected by that CVE, it crashed when opening the exploit: http://www.securityfocus.com/data/vulnerabilities/exploits/45162.poc After applying the patch, it does not crash anymore but displays the font table, this is on x86_64. Advisory: This security update fixes CVE-2010-4259: "Stack-based buffer overflow in FontForge 20100501 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long CHARSET_REGISTRY header in a BDF font file."
CC: (none) => qa-bugs
This is not on the testing repo's to test yet Florian, can you check please.
CC: (none) => eeeemail
Confirmed POC crash in existing version but need the update candidate to test the fix. Thanks.
Yes, i know it is not in updates_testing as this was not submitted yet, as i'm waiting for my mentor to review this security fix. I would have assigned it to QA if it would be ready for testing. Sorry for the delay, but can't do anything about that.
Ahh that'll be why then :o) QA was added to CC so it came through for testing. Ready when you are.
fontforge is now in updates_testing
Assignee: doktor5000 => qa-bugs
Damn you're fast, you posted before i could, i even had the bug already open :)
Also, can somebody please check if the cauldron fontforge packages are also affected?
Crash reproduced and fix tested x86_64. I don't have a cauldron setup to check that Florian, sorry.
i586 tested Ok Update Validated Advisory: ---------- This security update fixes CVE-2010-4259: "Stack-based buffer overflow in FontForge 20100501 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long CHARSET_REGISTRY header in a BDF font file." ---------- Source RPM: fontforge-1.0-0.20090923.5.1.mga1.src.rpm Could somebody from sysadmin please push this from core/updates_testing to core/updates. Thankyou!
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
update pushed.
Status: ASSIGNED => RESOLVEDCC: (none) => dmorganecResolution: (none) => FIXED
Can somebody please check if Cauldron is affected?
Status: RESOLVED => REOPENEDResolution: FIXED => (none)
i look now
OK in cauldron.
Status: REOPENED => RESOLVEDResolution: (none) => FIXED
CC: boklm => (none)