First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 175670
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Lars Hartmann <lars@chaotika.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 175670 depends on: Show dependency tree
Bug 175670 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2007-04-23 09:08 0000 
Hi,
i found this vuln on secunia, looks like xnview has an unfixed buffer overflow
in the xpm file handling function.
There are a few exploits around, and the only workaround 'yet' is to not open
xpm files you dont trust.

Reproducible: Always

------- Comment #1 From Lars Hartmann 2007-04-24 15:42:05 0000 ------- 
maintainers - please provide a fix

------- Comment #2 From Krzysiek Pawlik 2007-04-24 18:53:19 0000 ------- 
Latest for Linux is 1.70
(http://perso.orange.fr/pierre.g/xnview/endownloadlinux.html), the advisory
doesn't state if it's affected. It's a binary package, so we can't just patch
it. If it's confirmed in 1.70 for linux-x86 and/or 1.50 for linux-ppc I'm for
masking this as this is a second security bug in it (the first one is
http://www.gentoo.org/security/en/glsa/glsa-200512-18.xml).

------- Comment #3 From Pierre-Yves Rofes 2007-05-03 18:27:28 0000 ------- 
just mailed upstream to get some infos on this.

------- Comment #4 From Sune Kloppenborg Jeppesen 2007-05-20 07:19:40 0000 ------- 
Any news from upstream?

------- Comment #5 From Samuli Suominen 2007-07-01 05:18:47 0000 ------- 
Any news with this one?

------- Comment #6 From Sune Kloppenborg Jeppesen 2007-07-01 08:56:25 0000 ------- 
According to Secunia there is still no fix available.

------- Comment #7 From Krzysiek Pawlik 2007-07-01 09:39:42 0000 ------- 
I'm for p.mask and removal in 14 days.

------- Comment #8 From Pierre-Yves Rofes 2007-07-01 09:54:47 0000 ------- 
upstream should release 1.70.2 which fixes this, but I don't know when. I tried
to send another e-mail few days ago and I'm waiting for an answer. btw I agree
for p.mask until there's a fix available.

------- Comment #9 From Krzysiek Pawlik 2007-07-01 10:20:09 0000 ------- 
+# Krzysiek Pawlik <nelchael@gentoo.org> (01 Jul 2007)
+# Masked for security bug #175670.
+# Waiting for upstream to provide a fixed version.
+# If the fix won't be available the package will be removed.
+x11-misc/xnview
+

------- Comment #10 From Stefan Cornelius (RETIRED) 2007-07-11 21:10:17 0000 ------- 
GLSA 200707-06.

Thanks everybody

------- Comment #11 From Pierre-Yves Rofes 2008-01-31 21:35:14 0000 ------- 
some news: http://secunia.com/advisories/28326/

Dercorny, do you know iif the XPM issue is fixed in version 1.92?

------- Comment #12 From Robert Buchholz 2008-03-24 23:43:58 0000 ------- 
CVE-2008-1461 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1461):
  Buffer overflow in XnView 1.92.1 allows user-assisted remote attackers to
  execute arbitrary code via a long filename argument on the command line.
  NOTE: it is unclear whether there are common handler configurations in which
  this argument is controlled by an attacker.

------- Comment #13 From Robert Buchholz 2008-03-24 23:49:34 0000 ------- 
Already masked, and maskglsa'd. The Linux build has not been updated since
2006. 
Can we remove this?

------- Comment #14 From Samuli Suominen 2008-04-01 15:52:24 0000 ------- 
Not in tree anymore. If upstream doesn't care about updating their binary blob
for  security, but does updates for Windows version.. we should we care?

Gone. Gone. Gone.

------- Comment #15 From Robert Buchholz 2008-04-01 15:54:45 0000 ------- 
Closing since this got maskglsa 200707-06.
Thanks, drac.
First Last Prev Next    No search results available      Search page      Enter new bug