29019 – libgd new potential integer overflow fixed upstream in 2.3.1

Bug 29019 - libgd new potential integer overflow fixed upstream in 2.3.1

Summary: libgd new potential integer overflow fixed upstream in 2.3.1

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	8
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA8-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2021-05-29 19:50 CEST by David Walser
Modified:	2021-06-16 22:24 CEST (History)
CC List:	4 users (show)

See Also:
Source RPM:	libgd-2.3.0-1.mga8.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2021-05-29 19:50:19 CEST

Fedora has issued an advisory on March 23:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/WICW2DNQLH3YU4LYNAZADUCBZYHJZRCQ/

2.3.1 fixes a potential integer overflow and 2.3.2 has another bug fix:
https://github.com/libgd/libgd/releases/tag/gd-2.3.1
https://github.com/libgd/libgd/releases/tag/gd-2.3.2

We should update Mageia 8 to at least 2.3.1.

David Walser 2021-05-29 19:50:31 CEST

Whiteboard: (none) => MGA8TOO

Comment 1 Lewis Smith 2021-05-29 21:56:52 CEST

Assigning this globally.

Assignee: bugsquad => pkg-bugs

Comment 2 Nicolas Salguero 2021-06-02 13:52:23 CEST

Suggested advisory:
========================

The updated packages fix a security vulnerability:

A potential integer overflow is fixed in version 2.3.1.

References:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/WICW2DNQLH3YU4LYNAZADUCBZYHJZRCQ/
https://github.com/libgd/libgd/releases/tag/gd-2.3.1
========================

Updated packages in core/updates_testing:
========================
gd-utils-2.3.1-1.mga8
lib(64)gd-devel-2.3.1-1.mga8
lib(64)gd3-2.3.1-1.mga8
lib(64)gd-static-devel-2.3.1-1.mga8

from SRPM:
libgd-2.3.1-1.mga8.src.rpm

Whiteboard: MGA8TOO => (none)
CC: (none) => nicolas.salguero
Version: Cauldron => 8
Status: NEW => ASSIGNED
Assignee: pkg-bugs => qa-bugs

Comment 3 Thomas Andrews 2021-06-16 01:40:40 CEST

Tested in a mga8-64 VirtualBox Plasma guest.

Installed gd-utils, then updated. No installation issues. Referred to Bug 26220 for some testing suggestions, exercised a few utilities on an image of some boats:

[tom@localhost ~]$ pngtogd Boats.png Boats.gd
[tom@localhost ~]$ file Boats.gd
Boats.gd: data
[tom@localhost ~]$ pngtogd2 Boats.png Boats.gd2
Usage: pngtogd2 filename.png filename.gd2 cs fmt
       where cs is the chunk size
       fmt is 1 for raw, 2 for compressed
[tom@localhost ~]$ pngtogd2 Boats.png Boats.gd2 2048 1
[tom@localhost ~]$ file Boats.gd2
Boats.gd2: data
[tom@localhost ~]$ gd2togif Boats.gd2 Boats.gif
[tom@localhost ~]$ gdtopng Boats.gd Boats2.png
[tom@localhost ~]$ file Boats2.png
Boats2.png: PNG image data, 764 x 488, 8-bit/color RGB, non-interlaced

The three image formats that are viewable in Gwenview appear identical.

This looks good to go. Validating. Advisory in Comment 2.

Whiteboard: (none) => MGA8-64-OK
CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

Aurelien Oudelet 2021-06-16 09:24:42 CEST

CC: (none) => ouaurelien
Keywords: (none) => advisory

Comment 4 Mageia Robot 2021-06-16 22:24:14 CEST

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0264.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED

Note You need to log in before you can comment on or make changes to this bug.