Bug 22241 - wayland new heap overflow security issue (CVE-2017-16612)
Summary: wayland new heap overflow security issue (CVE-2017-16612)
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 6
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA5TOO MGA6-64-OK MGA5-64-OK
Keywords: advisory, validated_update
: 22887 (view as bug list)
Depends on:
Blocks:
 
Reported: 2017-12-20 00:22 CET by David Walser
Modified: 2019-01-01 21:28 CET (History)
3 users (show)

See Also:
Source RPM: wayland-1.14.0-1.mga7.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2017-12-20 00:22:57 CET 
Fedora has issued an advisory today (December 19):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/IXMOIFOO2UOSQM24VCICNJ4KXHAPBQ4D/

It references this upstream post:
https://lists.freedesktop.org/archives/wayland-devel/2017-November/035979.html

Mageia 5 and Mageia 6 are also affected.
David Walser 2017-12-20 00:23:12 CET

Whiteboard: (none) => MGA6TOO, MGA5TOO

Comment 1 Marja Van Waes 2017-12-20 07:17:21 CET 
Assigning to the registered maintainer.

CC: (none) => marja11
Assignee: bugsquad => mageia

Comment 2 David Walser 2017-12-29 01:23:02 CET 
Advisory:
========================

Updated wayland packages fix security vulnerability:

It is possible to trigger heap overflows due to an integer overflow while
parsing images. The integer overflow occurs because the chosen limit 0x10000
for dimensions is too large for 32 bit systems, because each pixel takes 4
bytes. Properly chosen values allow an overflow which in turn will lead to
less allocated memory than needed for subsequent reads (rhbz#1522638).

References:
https://lists.freedesktop.org/archives/wayland-devel/2017-November/035979.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/IXMOIFOO2UOSQM24VCICNJ4KXHAPBQ4D/
========================

Updated packages in core/updates_testing:
========================
libwayland-devel-1.6.0-2.1.mga5
libwayland-client0-1.6.0-2.1.mga5
libwayland-server0-1.6.0-2.1.mga5
libwayland-cursor0-1.6.0-2.1.mga5
wayland-tools-1.6.0-2.1.mga5
libwayland-devel-1.11.0-1.1.mga6
libwayland-client0-1.11.0-1.1.mga6
libwayland-server0-1.11.0-1.1.mga6
libwayland-cursor0-1.11.0-1.1.mga6
wayland-tools-1.11.0-1.1.mga6
wayland-doc-1.11.0-1.1.mga6

from SRPMS:
wayland-1.6.0-2.1.mga5.src.rpm
wayland-1.11.0-1.1.mga6.src.rpm

Whiteboard: MGA6TOO, MGA5TOO => MGA5TOO
Assignee: mageia => qa-bugs
Version: Cauldron => 6

Dave Hodgins 2018-01-01 08:10:59 CET

CC: (none) => davidwhodgins
Keywords: (none) => advisory

Comment 3 Dave Hodgins 2018-01-03 14:34:40 CET 
Validating based on update installing cleanly and wayland-scanner --help working.

Keywords: (none) => validated_update
Whiteboard: MGA5TOO => MGA5TOO MGA6-64-OK MGA5-64-OK
CC: (none) => sysadmin-bugs

Comment 4 Mageia Robot 2018-01-03 15:23:42 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0044.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Comment 5 David Walser 2019-01-01 21:28:06 CET 
This is CVE-2017-16612:
https://usn.ubuntu.com/3622-1/

The CVE was originally for libXcursor, which was fixed in Bug 22102.

Summary: wayland new heap overflow security issue => wayland new heap overflow security issue (CVE-2017-16612)

Comment 6 David Walser 2019-01-01 21:28:37 CET 
*** Bug 22887 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.