Bug 141684 - media-gfx/fbida: typo prevents filtering (CVE-2006-3119)
Bug#: 141684 Product:  Gentoo Security Version: unspecified Platform: All
OS/Version: Linux Status: RESOLVED Severity: normal Priority: P2
Resolution: FIXED Assigned To: security@gentoo.org Reported By: dercorny@gentoo.org
Component: Vulnerabilities
URL:  http://www.us.debian.org/security/2006/dsa-1124
Summary: media-gfx/fbida: typo prevents filtering (CVE-2006-3119)
Keywords:  
Status Whiteboard: B2 [glsa]
Opened: 2006-07-25 03:06 0000
Description:   Opened: 2006-07-25 03:06 0000 
gs is not called with -dSAFER because of a typo, which might allow pdf files to
do evil stuff.

This is fixed in version 2.05. Either dump or apply this simple patch (gained
from a diff 2.04->2.05):

--- fbida-2.04/fbgs     2006-04-10 09:43:01.000000000 +0200
+++ fbida-2.05/fbgs     2006-07-25 09:26:16.000000000 +0200
@@ -51,7 +51,7 @@
 echo
 echo "### rendering pages, please wait ... ###"
 echo
-gs     -dSAVER -dNOPAUSE -dBATCH                       \
+gs     -dSAFER -dNOPAUSE -dBATCH                       \
        -sPDFPassword="$password"                       \
        -sDEVICE=${device} -sOutputFile=$DIR/ps%03d.tiff \
        $gsopts                                         \

------- Comment #1 From Thierry Carrez (RETIRED) 2006-07-29 05:37:50 0000 ------- 
spock please bump with patch.

------- Comment #2 From Michal Januszewski 2006-08-07 17:59:38 0000 ------- 
Fixed in CVS, thanks.

------- Comment #3 From Thierry Carrez (RETIRED) 2006-08-12 08:17:34 0000 ------- 
Fixed in 2.03-r4, already stable, thanks Michal.

The "?" in B2? calls for a vote, I'd say this warrants a GLSA

------- Comment #4 From Raphael Marichez 2006-08-16 01:54:12 0000 ------- 
yes

does "pdf files to do evif stuff" means code execution ? (==> B2 sure)

------- Comment #5 From Sune Kloppenborg Jeppesen 2006-08-19 09:25:26 0000 ------- 
Let's have a GLSA on this one as well.

------- Comment #6 From Raphael Marichez 2006-08-23 13:02:08 0000 ------- 
GLSA 200608-22

thanks everybody