Bug 29126 - transfig new security issue CVE-2021-3561
Summary: transfig new security issue CVE-2021-3561
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
Whiteboard: MGA8-64-OK
Keywords: advisory, validated_update
Depends on:
Reported: 2021-06-13 23:51 CEST by David Walser
Modified: 2021-10-30 20:01 CEST (History)
4 users (show)

See Also:
Source RPM: transfig-3.2.7b-3.mga8.src.rpm
CVE: CVE-2021-3561
Status comment:


Description David Walser 2021-06-13 23:51:33 CEST
Fedora has issued an advisory on June 7:

The issue is fixed upstream in 3.2.8a.

Mageia 7 and Mageia 8 are also affected.
David Walser 2021-06-13 23:51:48 CEST

Status comment: (none) => Fixed upstream in 3.2.8a
Whiteboard: (none) => MGA8TOO, MGA7TOO

Comment 1 Lewis Smith 2021-06-14 21:15:15 CEST
Assigning to you, David, as having done the most recent updates to this parentless SRPM.

Assignee: bugsquad => geiger.david68210

Comment 2 David Walser 2021-07-01 18:57:31 CEST
Removing Mageia 7 from whiteboard due to EOL:

Whiteboard: MGA8TOO, MGA7TOO => MGA8TOO

Comment 3 David Walser 2021-07-23 22:04:45 CEST
openSUSE has issued an advisory for this on July 22:
Comment 4 Nicolas Lécureuil 2021-07-26 11:13:55 CEST
fixed in cauldron

CC: (none) => mageia
Version: Cauldron => 8

Comment 5 Nicolas Lécureuil 2021-07-26 11:17:40 CEST
fixed in mga8

    - transfig-3.2.8a-1.mga8

Assignee: geiger.david68210 => qa-bugs
Whiteboard: MGA8TOO => (none)
Status comment: Fixed upstream in 3.2.8a => (none)

Comment 6 Herman Viaene 2021-07-27 14:51:57 CEST
MGA8-64 Plasmaon Lenovo B50
No installation issues.
Installed xfig to make a vector graphic, with a circle, rectangle, hexagon and a broken line. 
Ref bug 26146 Comment 6 for testing.
$ fig2dev -L png testtransfig.fig testtransfig.png

$ file testtransfig.png 
testtransfig.png: PNG image data, 781 x 626, 1-bit colormap, non-interlaced

$ fig2dev -L eps testtransfig.fig testtransfig.ps
$ fig2dev -L pdf testtransfig.fig testtransfig.pdf
$ fig2dev -L gif testtransfig.fig testtransfig.gif
$  fig2dev -L latex testtransfig.fig testtransfig.tex
Not a LaTeX slope (3300, -600), deviation 56.8 pixels
Not a LaTeX slope (-525, -3375), deviation 42.6 pixels
Not a LaTeX slope (-6825, 525), deviation 525.0 pixels
Not a LaTeX slope (-750, 1050), deviation 42.0 pixels
Not a LaTeX slope (-1260, -832), deviation 9.2 pixels
Not a LaTeX slope (1260, 832), deviation 9.2 pixels

$ cat testtransfig.tex 
{\color[rgb]{0,0,0}\put(1726,-4186){\line( 6, 1){7200}}
\put(8926,-2986){\line( 6,-1){3308.108}}
\put(12226,-3586){\line( 1,-4){525}}
\put(12226,-9061){\line(-1, 0){6825}}
\put(5401,-8536){\line(-3, 4){774}}
{\color[rgb]{0,0,0}\put(8326,-2086){\line( 0, 1){1507}}
\put(8236,-579){\line(-2, 1){1350}}
\put(6886, 96){\line(-3,-2){1256.308}}
\put(5626,-736){\line( 0,-1){1507}}
\put(5716,-2243){\line( 2,-1){1350}}
\put(7066,-2918){\line( 3, 2){1256.308}}

The picture files all display OK either in gwenview or in okular. 
So OK for me

Whiteboard: (none) => MGA8-64-OK
CC: (none) => herman.viaene

Comment 7 Aurelien Oudelet 2021-07-27 20:58:44 CEST
type: security
subject: Updated transfig package fixes a security vulnerability
 - CVE-2021-3561
     - transfig-3.2.8a-1.mga8
description: |
  An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check
  in read_objects() could allow an attacker to provide a crafted malicious input
  causing the application to either crash or in some cases cause memory
  corruption. The highest threat from this vulnerability is to integrity as well
  as system availability (CVE-2021-3561).
 - https://bugs.mageia.org/show_bug.cgi?id=29126
 - https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RK4BRVCUPZKN5VS2JGWBPYITONWJCIZJ/
 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/C44WSY5KAQXC3Y2NMSVXXZS3M5U5U2E6/

Keywords: (none) => advisory, validated_update
CVE: (none) => CVE-2021-3561
CC: (none) => ouaurelien, sysadmin-bugs

Comment 8 Mageia Robot 2021-07-27 22:23:32 CEST
An update for this issue has been pushed to the Mageia Updates repository.


Resolution: (none) => FIXED

Comment 10 David Walser 2021-10-30 20:01:43 CEST
This update also fixed CVE-2020-21529 CVE-2020-2153[0-5] CVE-2021-32280:

Note You need to log in before you can comment on or make changes to this bug.