First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 202350
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Robert Buchholz <rbu@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
libexif-CVE-2007-6351.patch libexif-CVE-2007-6351.patch patch Robert Buchholz 2007-12-15 00:23 0000 405 bytes Details | Diff
libexif-CVE-2007-6352.patch libexif-CVE-2007-6352.patch patch Robert Buchholz 2007-12-15 00:23 0000 691 bytes Details | Diff
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 202350 depends on: Show dependency tree
Bug 202350 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2007-12-15 00:21 0000 
Meder Kydyraliev (Google Security) reported two issues in libexif:

CVE-2007-6351:
  Infinite recursion leading to a DoS.

CVE-2007-6352:
  Integer overflow when calculating memory boundaries.

------- Comment #1 From Robert Buchholz 2007-12-15 00:22:37 0000 ------- 
eradicator, i'll attach upstream committed patches in a second. Please advise.

------- Comment #2 From Robert Buchholz 2007-12-15 00:23:03 0000 ------- 
Created an attachment (id=138525) [details]
libexif-CVE-2007-6351.patch

------- Comment #3 From Robert Buchholz 2007-12-15 00:23:25 0000 ------- 
Created an attachment (id=138526) [details]
libexif-CVE-2007-6352.patch

------- Comment #4 From Jeremy Huddleston (RETIRED) 2007-12-18 17:46:55 0000 ------- 
In portage.

Targeted keywords:
alpha amd64 arm hppa ia64 mips ppc ppc64 s390 sh sparc x86

------- Comment #5 From Robert Buchholz 2007-12-18 20:06:13 0000 ------- 
Arches, please test and mark stable media-libs/libexif-0.6.16-r1.

------- Comment #6 From Ferris McCormick 2007-12-18 20:21:10 0000 ------- 
Stable for sparc, all tests pass as expected.

------- Comment #7 From Jonas Pedersen 2007-12-18 21:07:47 0000 ------- 
media-libs/libexif-0.6.16-r1  USE="nls -doc"

1. Emerges on AMD64. 
2. No collisions and passes test. 
3. Works - gimp depends on it and is still working. 

Please mark stable on AMD64. 

Portage 2.1.3.19 (default-linux/amd64/2007.0/desktop, gcc-4.1.2,
glibc-2.6.1-r0, 2.6.23-gentoo-r3 x86_64)
=================================================================
System uname: 2.6.23-gentoo-r3 x86_64 Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz
Timestamp of tree: Sat, 15 Dec 2007 22:46:01 +0000
distcc 2.18.3 x86_64-pc-linux-gnu (protocols 1 and 2) (default port 3632)
[enabled]
ccache version 2.4 [enabled]
app-shells/bash:     3.2_p17
dev-java/java-config: 1.3.7, 2.0.33-r1
dev-lang/python:     2.4.4-r6
dev-python/pycrypto: 2.0.1-r6
dev-util/ccache:     2.4-r7
sys-apps/baselayout: 1.12.9-r2
sys-apps/sandbox:    1.2.18.1-r2
sys-devel/autoconf:  2.13, 2.61-r1
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.18-r1
sys-devel/gcc-config: 1.3.16
sys-devel/libtool:   1.5.24
virtual/os-headers:  2.6.22-r2
ACCEPT_KEYWORDS="amd64"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=nocona -Os -msse3 -pipe -fomit-frame-pointer"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config
/usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf
/etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/
/etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/splash /etc/terminfo
/etc/udev/rules.d"
CXXFLAGS="-march=nocona -Os -msse3 -pipe -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
FEATURES="ccache collision-protect distcc distlocks metadata-transfer
multilib-strict parallel-fetch sandbox sfperms strict test unmerge-orphans
userfetch"
GENTOO_MIRRORS="http://ftp.belnet.be/mirror/rsync.gentoo.org/gentoo/
http://trumpetti.atm.tut.fi/gentoo/
http://ftp.snt.utwente.nl/pub/os/linux/gentoo
http://ds.thn.htu.se/linux/gentoo"
LC_ALL="en_DK.utf8"
MAKEOPTS="-j6"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress
--force --whole-file --delete --delete-after --stats --timeout=180
--exclude=/distfiles --exclude=/local --exclude=/packages
--filter=H_**/files/digest-*"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/portage/local/layman/php-testing /usr/local/portage"
SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage"
USE="X a52 aac acl acpi aiglx alsa amd64 apache2 arts atk berkdb bitmap-fonts
cairo cdr cli cracklib crypt cups dbus dga directfb dri dts dvd dvdr dvdread
eds emboss encode evo fam fbcn ffmpeg firefox fortran ftp gd gdbm gif gphoto2
gpm gstreamer gtk hal iconv icq ieee1394 ipv6 isdnlog java jpeg kde kerberos
live lm_sensors mad midi mikmod mjpeg mmx mozilla mp2 mp3 mpeg mplayer msn
mudflap ncurses nls nptl nptlonly ogg oggvorbis opengl openmp pam pcre pda pdf
perl png ppds pppd python qt qt3 qt3support qt4 quicktime readline reflection
samba sdl session spell spl sse sse2 sse3 ssl svg tcpd test threads tiff
truetype truetype-fonts type1-fonts unicode vorbis x264 xcomposite xml xorg
xscreensaver xv xvid zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem
bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel
intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci"
ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file
hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route
share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias
authn_anon authn_dbm authn_default authn_file authz_dbm authz_default
authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs
dav_lock deflate dir disk_cache env expires ext_filter file_cache filter
headers include info log_config logio mem_cache mime mime_magic negotiation
rewrite setenvif speling status unique_id userdir usertrack vhost_alias"
ELIBC="glibc" INPUT_DEVICES="keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad
cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU"
VIDEO_CARDS="radeon"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LDFLAGS,
LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS

------- Comment #8 From Jeroen Roovers 2007-12-18 21:14:36 0000 ------- 
Stable for HPPA.

------- Comment #9 From Brent Baude 2007-12-18 22:39:12 0000 ------- 
ppc and ppc64 done

------- Comment #10 From Peter Weller 2007-12-19 15:33:19 0000 ------- 
amd64 done, thanks Jonas

------- Comment #11 From Raúl Porcel 2007-12-19 16:23:11 0000 ------- 
alpha/ia64/sparc stable

------- Comment #12 From Tobias Heinlein 2007-12-21 23:07:44 0000 ------- 
All arches done, GLSA request filed.

------- Comment #13 From Pierre-Yves Rofes 2007-12-29 13:20:32 0000 ------- 
GLSA 200712-15
First Last Prev Next    No search results available      Search page      Enter new bug