Version 3.44 - April 2018 - This release primarily patches security vulnerabilities. We strongly encourage this upgrade, particularly for those running CFITSIO in web accessible applications. Citing documentation from version 3.44 to outline security fixes. However, version 3.45 and 3.50 are available via upstream. Please see URL for details.
Escalating to @Security due to CVE and Vulnerability aspects. (https://nvd.nist.gov/vuln/detail/CVE-2018-3848): In the ffghbn function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution. (https://nvd.nist.gov/vuln/detail/CVE-2018-3849): In the ffghtb function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution. Gentoo Security Padawan (domhnall)
Adding a missed CVE and reference https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0529
``` ffgphd and ffgtkn ``` are CVE-2018-4846 while ```ffghbn and ffghtb``` are CVEs CVE-2018-3848 and CVE-2018-3849 respectively. See Also: CVE-2019-1010060. (https://nvd.nist.gov/vuln/detail/CVE-2019-1010060): (https://nvd.nist.gov/vuln/detail/CVE-2018-3846): In the ffgphd and ffgtkn functions in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution. (https://nvd.nist.gov/vuln/detail/CVE-2018-3847): Multiple exploitable buffer overflow vulnerabilities exist in image parsing functionality of the CFITSIO library version 3.42. Specially crafted images parsed via the library, can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.
(In reply to D'juan McDonald (domhnall) from comment #3) >..are CVE-2018-4846 CVE-2018-3846
ping..
ping
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a901fb5b9a1e317224a8126783bea78045554eaf commit a901fb5b9a1e317224a8126783bea78045554eaf Author: Sam James <sam@gentoo.org> AuthorDate: 2020-07-19 20:05:50 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2021-01-02 20:30:54 +0000 sci-libs/cfitsio: security bump to 3.480 Changes: * Update licence to ISC * EAPI 7 bump * Drop doc, examples USE flags * Remove other now non-existent options upstream Bug: https://bugs.gentoo.org/673944 Package-Manager: Portage-2.3.103, Repoman-2.3.23 Signed-off-by: Sam James <sam@gentoo.org> Closes: https://github.com/gentoo/gentoo/pull/16749 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> sci-libs/cfitsio/Manifest | 1 + sci-libs/cfitsio/cfitsio-3.480.ebuild | 71 +++++++++++++++++++++++++++++++++++ 2 files changed, 72 insertions(+)
x86 done
ppc done
amd64 done
ppc64 done
sparc done all arches done
Please cleanup, thanks!
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=34a9e327a6f7da965fd701f9b6527927b60c2d73 commit 34a9e327a6f7da965fd701f9b6527927b60c2d73 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2021-01-25 16:37:48 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2021-01-25 16:47:58 +0000 sci-libs/cfitsio: Cleanup vulnerable 3.360, 3.410 Bug: https://bugs.gentoo.org/673944 Package-Manager: Portage-3.0.14, Repoman-3.0.2 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> sci-libs/cfitsio/Manifest | 2 -- sci-libs/cfitsio/cfitsio-3.360.ebuild | 57 ---------------------------------- sci-libs/cfitsio/cfitsio-3.410.ebuild | 58 ----------------------------------- sci-libs/cfitsio/metadata.xml | 4 --- 4 files changed, 121 deletions(-)
This issue was resolved and addressed in GLSA 202101-24 at https://security.gentoo.org/glsa/202101-24 by GLSA coordinator Sam James (sam_c).
