GifLib 5.1.6 has been released on February 12, fixing security issues: https://sourceforge.net/p/giflib/code/ci/master/tree/NEWS I've updated Cauldron. We should update Mageia 6 too. To quote NEWS: * Fix SF bug #114: Null dereferences in main() of gifclrmp * Fix SF bug #113: Heap Buffer Overflow-2 in function DGifDecompressLine() in cgif.c. This had been assigned CVE-2018-11490. # Fix SF bug #111: segmentation fault in PrintCodeBlock * Fix SF bug #109: Segmentation fault of giftool reading a crafted file * Fix SF bug #107: Floating point exception in giftext utility * Fix SF bug: #105 heap buffer overflow in DumpScreen2RGB in gif2rgb.c:317 * Fix SF bug #104: Ineffective bounds check in DGifSlurp ^ Fix SF bug #103: GIFLIB 5.1.4: DGifSlurp fails on empty comment * Fix SF bug #87 Heap buffer overflow in 5.1.2 (gif2rgb). Possibly every one of those is a security issue (the last one is CVE-2016-3977, which we've previously added a patch for).
Assigning to all packagers collectively, since there is no registered maintainer for this package.
Assignee: bugsquad => pkg-bugsCC: (none) => marja11
Suggested advisory: ======================== The updated packages fix security vulnerabilities: Null dereferences in main() of gifclrmp. Heap Buffer Overflow-2 in function DGifDecompressLine() in cgif.c. (CVE-2018-11490) Segmentation fault in PrintCodeBlock. Segmentation fault of giftool reading a crafted file. Floating point exception in giftext utility. Heap buffer overflow in DumpScreen2RGB in gif2rgb.c:317. Ineffective bounds check in DGifSlurp. GIFLIB 5.1.4: DGifSlurp fails on empty comment. References: https://sourceforge.net/p/giflib/code/ci/master/tree/NEWS https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11490 ======================== Updated packages in core/updates_testing: ======================== giflib-progs-5.1.6-1.mga6 lib(64)gif7-5.1.6-1.mga6 lib(64)gif-devel-5.1.6-1.mga6 from SRPMS: giflib-5.1.6-1.mga6.src.rpm
CVE: (none) => CVE-2018-11490CC: (none) => nicolas.salgueroStatus: NEW => ASSIGNEDAssignee: pkg-bugs => qa-bugs
mga6, x86_64 No reproducer for CVE-2018-11490. Straight to updates. - giflib-progs-5.1.6-1.mga6.x86_64 - lib64gif-devel-5.1.6-1.mga6.x86_64 - lib64gif7-5.1.6-1.mga6.x86_64 The NEWS link points out that the names of the giftools have been rationalized: gifsponge giftext giftool giffilter giffix gifinto gifbuild gifclrmp gifecho gif2rgb giftogd2 gif2png giftrans giftopnm Not sure if all these are part of the giflib package, particularly the image conversion tools. Several image manipulation tools have gone because other commonly available packages perform the tasks as well or better. gifinfo is supposed to be replaced by 'giftool -f', e.g. $ giftool -f "%v\n%w x %h\n" < Tatiana.gif GIF89a 1080 x 761 Did not make much headway with other options of the giftool filter. Extract the colour map from an image: $ giftext -c < Tatiana.gif Stdin: Screen Size - Width = 1080, Height = 761. ColorResolution = 8, BitsPerPixel = 8, BackGround = 255, Aspect = 0. Has Global Color Map. Global Color Map: Sort Flag: off 0: 04h 04h 04h 1: 05h 06h 0ah 2: 06h 09h 0ch 3: 0bh 05h 02h 4: 09h 07h 0ah 5: 0bh 0ah 06h 6: 0bh 0bh 0bh 7: 06h 08h 05h 8: 06h 0bh 11h 9: 0bh 0dh 12h 10: 0bh 0dh 17h 11: 0fh 10h 0bh [...] 248: f5h d6h cbh 249: feh e6h d7h 250: fch e4h ceh 251: feh f4h e8h 252: f3h efh edh 253: deh e1h e7h 254: b6h c3h bfh 255: 79h 81h 7fh GIF89 graphics control (Ext Code = 249 [ ]): Disposal Mode: 0 User Input Flag: 0 Transparency on: no DelayTime: 0 Transparent Index: -1 Image #1: Image Size - Left = 0, Top = 0, Width = 1080, Height = 761. Image is Non Interlaced. No Image Color Map. GIF file terminated normally. That looks pretty comprehensive. No man page for gifsponge, or usage information or help option. The same applies to giffilter. Experimented with giffix by editing a gif image in emacs, inserting garbage at a couple of places but running $ giffix < bad.gif > repaired.gif caused a segfault. The documentation says that the utility will attempt to repair a damaged gif. It gave up in this case. "Following error occurred (and ignored):GIF-LIB error: Image is defective, decoding aborted. Following unrecoverable error occured:GIF-LIB error: Failed to read from given file. GIF-LIB undefined error 0. Segmentation fault (core dumped)" That is acceptable. Could not figure out how to drive gifinto, which copies files above a specified size. gifbuild is too complicated for a newbie. Quoting the documentation: <quote> If the data types of the “screen height”, “screen width”, “screen background”, “image top”, and “image left” declarations aren't obvious to you, what are you doing with this software? </quote> $ gifclrmp -s < Tatiana.gif > colourmap.txt $ cat colourmap.txt 0 4 4 4 1 5 6 10 2 6 9 12 [...] 253 222 225 231 254 182 195 191 255 121 129 127 $ gifclrmp -g 2.2 < Tatiana.gif > colourmap This produced a GIF image copy of the original with a gamma correction of 2.2, which made the image much brighter. $ file colourmap colourmap: GIF image data, version 87a, 1080 x 761 Note the switch from GIF89a to GIF87a. $ gifecho -c 244 161 174 -t "Good morning QA" > greeting.gif This generated an image containing the string, coloured pink on a black background. $ gif2rgb -c 8 -o rgbtest Tatiana.gif generated three files rgbtest.{R,G,B} containing binary data. Quite how they are to be used is not clear. That is enough testing. OK for 64-bits.
Whiteboard: (none) => MGA6-64-OKCC: (none) => tarazed25
Keywords: (none) => advisory, validated_updateCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0096.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED