Fedora has issued an advisory on May 30: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/BGGLSEKCDM2OZ67XRI7KOASI4G7PRUX2/ The issue is fixed upstream in 1.91. The upstream bug and commit are linked from the RedHat bug: https://bugzilla.redhat.com/show_bug.cgi?id=1542035
Status comment: (none) => Fixed upstream in 1.91
Patched package uploaded by Shlomi. Advisory: ======================== Updated gifsicle package fixes security vulnerability: A double-free bug in the read_gif function in gifread.c in gifsicle 1.90 allows a remote attacker to cause a denial-of-service attack or unspecified other impact via a maliciously crafted file, because last_name is mishandled (CVE-2017-18120). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18120 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/BGGLSEKCDM2OZ67XRI7KOASI4G7PRUX2/ ======================== Updated packages in core/updates_testing: ======================== gifsicle-1.88-1.2.mga6 from gifsicle-1.88-1.2.mga6.src.rpm
Assignee: shlomif => qa-bugsCC: (none) => shlomif
Mageia 6, x86_64 Before update: Only one of the PoC links led to anything useful. CVE-2017-18120 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881120 $ gifsicle poc poc -o output gifsicle:poc:#0: read error: unknown block type 49 at file offset 13 gifsicle:poc: read error: image position and/or dimensions out of range gifsicle:poc:#0: read error: unknown block type 49 at file offset 13 gifsicle:poc: read error: image position and/or dimensions out of range *** Error in `gifsicle': double free or corruption (fasttop): 0x0000000000885d20 *** [.....] Aborted (core dumped) $ gifdiff poc poc gifdiff: While reading ‘poc’ frame #0: gifdiff: error: unknown block type 49 at file offset 13 gifdiff: While reading ‘poc’ frame #0: gifdiff: error: image position and/or dimensions out of range gifdiff: While reading ‘poc’ frame #0: gifdiff: error: unknown block type 49 at file offset 13 gifdiff: While reading ‘poc’ frame #0: gifdiff: error: image position and/or dimensions out of range Segmentation fault (core dumped) After the update: gifdiff still segfaults but; $ gifsicle poc poc -o output gifsicle:poc:#0: read error: unknown block type 49 at file offset 13 gifsicle:poc: read error: image position and/or dimensions out of range gifsicle:poc:#0: read error: unknown block type 49 at file offset 13 gifsicle:poc: read error: image position and/or dimensions out of range which looks like a good result. gifsicle supplies many options for splitting, modifying and combining GIF file animations. Tried a few. $ gifsicle -e any.gif splits the input file into individual files named any.gif.000, any.gif.001, and so on. Each frame is viewable using eom or gifview. The whole set can be viewed as an overlaid stack using $ gifview sample.gif.* Used gifview to step through an animation frame by frame (slideshow mode) and in animation mode. These modes are controlled from the keyboard by 's' and 'a'. $ gifview --min-delay 100 sample.gif Press 's' and slideshow mode starts at 1 frame per second. gifsicle successfully recombined the extracted frames into a new animated gif. $ gifsicle -m any.gif.* -o new.gif $ gifsicle --color-info new.gif * new.gif 32 images logical screen 438x236 global color table [256] | 0: #080809 64: #CE9C8C 128: #E9DEE2 192: #FA7884 | 1: #B86A65 65: #D65456 129: #D7BCC7 193: #A11F22 [.....] + image #30 438x236 transparent 18 disposal asis delay 0.10s + image #31 438x236 transparent 55 disposal asis delay 0.10s No luck with setting properties of GIF files. Tried 'gifsicle --gamma 2.2 ....' for instance and it had no visible effect. That probably indicates ignorance on the part of the user. Otherwise it all looks good.
Whiteboard: (none) => MGA6-64-OKCC: (none) => tarazed25
Good testing. Validating.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Advisoried
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0280.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED