Bug 26981 - cairo new security issue CVE-2017-7475
Summary: cairo new security issue CVE-2017-7475
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA7-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2020-07-21 18:23 CEST by David Walser
Modified: 2020-09-02 23:49 CEST (History)
4 users (show)

See Also:
Source RPM: cairo-1.16.0-2.mga7.src.rpm
CVE: CVE-2017-7475
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2020-07-21 18:23:55 CEST 
openSUSE has issued an advisory on July 19:
https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00042.html

Mageia 7 is also affected.
David Walser 2020-07-21 18:24:04 CEST

Whiteboard: (none) => MGA7TOO

Comment 1 Lewis Smith 2020-07-21 20:53:02 CEST 
Different maintainers, assigning globally, CC'ing Shlomi & wally.

CC: (none) => jani.valimaa, shlomif
Assignee: bugsquad => pkg-bugs

Comment 2 Nicolas Salguero 2020-07-23 10:09:03 CEST 
There is also CVE-2017-7475 (see bug 23143).

CC: (none) => nicolas.salguero

Comment 3 Nicolas Salguero 2020-09-02 11:41:15 CEST 
According to Gentoo, CVE-2017-9814 does not affect 1.16.0 and above. OpenSuse seems to confirm because they remove the patch when updating their package to version 1.16.0.

Suggested advisory:
========================

The updated packages fix a security vulnerability:

Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash. (CVE-2017-7475)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7475
https://lists.opensuse.org/opensuse-updates/2018-05/msg00036.html
http://lists.suse.com/pipermail/sle-security-updates/2018-May/004095.html
https://lists.opensuse.org/opensuse-updates/2018-07/msg00002.html
https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00042.html
========================

Updated packages in core/updates_testing:
========================
lib64cairo2-1.16.0-2.1.mga7
lib(64)cairo-devel-1.16.0-2.1.mga7
lib(64)cairo-static-devel-1.16.0-2.1.mga7

from SRPM:
cairo-1.16.0-2.1.mga7.src.rpm

Summary: cairo new security issue CVE-2017-9814 => cairo new security issue CVE-2017-7475
CVE: (none) => CVE-2017-7475
Assignee: pkg-bugs => qa-bugs
Version: Cauldron => 7
Source RPM: cairo-1.16.0-3.mga8.src.rpm => cairo-1.16.0-2.mga7.src.rpm
Whiteboard: MGA7TOO => (none)
Status: NEW => ASSIGNED

Comment 4 David Walser 2020-09-02 22:13:51 CEST 
PoC:
https://bugzilla.suse.com/show_bug.cgi?id=1036789#c7

Before update:
$ hb-view 1.ttf hello
Segmentation fault (core dumped)

After update:
$ hb-view 1.ttf hello
$ 

Very good.

Keywords: (none) => validated_update
Whiteboard: (none) => MGA7-64-OK
CC: (none) => sysadmin-bugs

Aurelien Oudelet 2020-09-02 22:30:10 CEST

Keywords: (none) => advisory

Comment 5 Mageia Robot 2020-09-02 23:49:14 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2020-0359.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED
Note You need to log in before you can comment on or make changes to this bug.