Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 277722 (CVE-2009-2369) - <x11-libs/wxGTK-2.8.10.1-r1 wxImage::Create() arbitrary code execution (CVE-2009-2369)
Summary: <x11-libs/wxGTK-2.8.10.1-r1 wxImage::Create() arbitrary code execution (CVE-2...
Status: RESOLVED FIXED
Alias: CVE-2009-2369
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://trac.wxwidgets.org/ticket/10993
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2009-07-13 21:56 UTC by Stefan Behte (RETIRED)
Modified: 2010-09-02 21:21 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
wxGTK-2.8.10.1-CVE-2009-2369.patch (wxGTK-2.8.10.1-CVE-2009-2369.patch,2.29 KB, patch)
2009-07-19 01:58 UTC, Ryan Hill (RETIRED) 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behte (RETIRED) gentoo-dev Security 2009-07-13 21:56:38 UTC 
CVE-2009-2369 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2369):
  Integer overflow in the wxImage::Create function in
  src/common/image.cpp in wxWidgets 2.8.10 allows attackers to cause a
  denial of service (crash) and possibly execute arbitrary code via a
  crafted JPEG file, which triggers a heap-based buffer overflow. 
  NOTE: the provenance of this information is unknown; the details are
  obtained solely from third party information.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2009-07-16 00:56:52 UTC 
upstream bug: http://trac.wxwidgets.org/ticket/10993
Comment 2 Ryan Hill (RETIRED) gentoo-dev 2009-07-19 01:58:05 UTC 
Created attachment 198446 [details, diff]
wxGTK-2.8.10.1-CVE-2009-2369.patch
Comment 3 Ryan Hill (RETIRED) gentoo-dev 2009-07-19 03:42:05 UTC 
Fixed in 2.8.10.1-r1.
Comment 4 Robert Buchholz (RETIRED) gentoo-dev 2009-07-19 12:01:12 UTC 
Arches, please test and mark stable:
=x11-libs/wxGTK-2.8.10.1-r1
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sh sparc x86"
Comment 5 Robert Buchholz (RETIRED) gentoo-dev 2009-07-19 12:08:33 UTC 
Ryan, what about the 2.6 slot? The patch applies there as well (with fuzz).
Comment 6 Tobias Klausmann (RETIRED) gentoo-dev 2009-07-19 16:55:13 UTC 
Stable on alpha.
Comment 7 nixnut (RETIRED) gentoo-dev 2009-07-19 17:51:47 UTC 
ppc stable
Comment 8 Ryan Hill (RETIRED) gentoo-dev 2009-07-20 04:13:46 UTC 
oops, also fixed in 2.6.4.0-r5.  alpha and ppc, can you stabilize that version as well?
Comment 9 Christian Faulhammer (RETIRED) gentoo-dev 2009-07-21 08:08:56 UTC 
x86 stable
Comment 10 Tobias Klausmann (RETIRED) gentoo-dev 2009-07-21 17:58:59 UTC 
(In reply to comment #8)
> oops, also fixed in 2.6.4.0-r5.  alpha and ppc, can you stabilize that version
> as well?

Stable on alpha.
Comment 11 Ferris McCormick (RETIRED) gentoo-dev 2009-07-21 21:19:19 UTC 
I've marked 2.6.4.0-r5 and 10.1-r1 stable for sparc.  But I *think* we're really using wxGTK-2.8.10.1-r1.  I guess this thing is slotted, but it is not clear from the request here what you want.  Thus, I'm not removing the CC.  I don't know what you are asking for.  I've marked stable versions which seem to work.
Comment 12 Jeroen Roovers (RETIRED) gentoo-dev 2009-07-22 14:54:29 UTC 
Stable for HPPA.
Comment 13 Raúl Porcel (RETIRED) gentoo-dev 2009-07-23 14:54:29 UTC 
arm/ia64/sh stable
Comment 14 Ryan Hill (RETIRED) gentoo-dev 2009-07-25 01:06:35 UTC 
Ferris: there are two slots.  stabilize the latest version in each.
Comment 15 Ryan Hill (RETIRED) gentoo-dev 2009-07-25 02:23:59 UTC 
it looks like there was an 2.8.10.1-r2 ebuild added by jokey a couple days ago.  i just removed it, so please ignore it if you see it.  sorry for the confusion.
Comment 16 Christian Becke 2009-07-25 08:00:18 UTC 
(In reply to comment #15)
> it looks like there was an 2.8.10.1-r2 ebuild added by jokey a couple days ago.
>  i just removed it, so please ignore it if you see it.  sorry for the
> confusion.

Please rebuild the manifest as well, 2.8.10.1-r2 is still in there (as of revision 1.291). And a note in the ChangeLog (which mentions the addition of -r2) about the removal and its reasons would have been nice.
Comment 17 Brent Baude (RETIRED) gentoo-dev 2009-07-26 15:33:12 UTC 
ppc64 done on both
Comment 18 Markus Meier gentoo-dev 2009-07-29 21:43:57 UTC 
amd64 stable for both
Comment 19 Ryan Hill (RETIRED) gentoo-dev 2009-08-06 00:04:04 UTC 
sparc is done.  2.8.10 is good to go.  ppc needs to stabilize 2.6.4.0-r5.
Comment 20 nixnut (RETIRED) gentoo-dev 2009-08-09 13:04:53 UTC 
ppc stable
Comment 21 Mounir Lamouri (volkmar) (RETIRED) gentoo-dev 2009-09-25 17:18:29 UTC 
Removing ppc as it has been stabilized by nixut.
Bug is ready to be fixed by security team.
Comment 22 Stefan Behte (RETIRED) gentoo-dev Security 2009-10-04 23:41:49 UTC 
B2 -> GLSA request filed.
Comment 23 Alex Legler (RETIRED) archtester gentoo-dev Security 2010-09-02 21:21:07 UTC 
GLSA 201009-01