Ubuntu has issued an advisory on May 10: https://ubuntu.com/security/notices/USN-5407-1 The issue is fixed upstream in 1.17.6. Mageia 8 is also affected.
Whiteboard: (none) => MGA8TOOStatus comment: (none) => Fixed upstream in 1.17.6
This is maintained by different people, so assigning the update globally.
Assignee: bugsquad => pkg-bugs
Hi, In fact, that CVE was already fixed in version 1.16.0. See: bug 26981, comment 3. Best regards, Nico.
CC: (none) => nicolas.salguero
No, that's not true. See here: https://ubuntu.com/security/CVE-2017-9814 https://gitlab.freedesktop.org/cairo/cairo/-/issues/264 The issue wasn't fully fixed until the middle of last year. 1.16.0 was much longer ago.
Suggested advisory: ======================== The updated packages fix a security vulnerability: cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call. (CVE-2017-9814) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9814 https://ubuntu.com/security/notices/USN-5407-1 ======================== Updated packages in core/updates_testing: ======================== lib(64)cairo2-1.16.0-6.2.mga8 lib(64)cairo-devel-1.16.0-6.2.mga8 lib(64)cairo-static-devel-1.16.0-6.2.mga8 from SRPM: cairo-1.16.0-6.2.mga8.src.rpm
Status: NEW => ASSIGNEDStatus comment: Fixed upstream in 1.17.6 => (none)Assignee: pkg-bugs => qa-bugsCVE: (none) => CVE-2017-9814Version: Cauldron => 8Whiteboard: MGA8TOO => (none)
mga8, x64 $ rpm -q lib64cairo2 lib64cairo2-1.16.0-6.1.mga8 PoC at https://bugs.freedesktop.org/show_bug.cgi?id=101547 but noting comments 2 and 3 no expectation of trouble. And there is not. $ hb-view 1.ttf "Sixteen tons and whadyaget?" $ $ strace -o atril.trace atril PoC.pdf <displays a page containing a meaningful string> $ grep cairo atril.trace openat(AT_FDCWD, "/lib64/libcairo.so.2", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/lib64/libpangocairo-1.0.so.0", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/lib64/libcairo-gobject.so.2", O_RDONLY|O_CLOEXEC) = 3 After updating: $ atril AN_2022_January.pdf Oops, secure memory pool already initialized ! SyncTeX Error : No file? Oops, secure memory pool already initialized <Browsed pages OK - images displayed fine> The "Oops" messages seem to be standard here. However, the command line reported a bug: *** BUG *** In pixman_region32_init_rect: Invalid rectangle passed Set a breakpoint on '_pixman_log_error' to debug $ atril BashPocketReference.pdf <Oops messages> Clean exit, which implies that the data may have been at fault in the first case. The main library is used by at least 478 applications (excluding libraries). No regressions apparent so this can go out.
CC: (none) => tarazed25
Whiteboard: (none) => MGA8-64-OK
(In reply to Len Lawrence from comment #5) > $ hb-view 1.ttf "Sixteen tons and whadyaget?" Another day older and deeper in debt :D
I owe my soul to the Company Sto'... Validating. Advisory in Comment 4.
CC: (none) => andrewsfarm
CC: (none) => sysadmin-bugsKeywords: (none) => validated_update
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0186.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED