Bug 141684

Summary:	media-gfx/fbida: typo prevents filtering (CVE-2006-3119)
Product:	Gentoo Security	Reporter:	Stefan Cornelius (RETIRED) <dercorny>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	spock
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://www.us.debian.org/security/2006/dsa-1124
Whiteboard:	B2 [glsa]
Package list:		Runtime testing required:	---

Description Stefan Cornelius (RETIRED) gentoo-dev

2006-07-25 03:06:35 UTC

gs is not called with -dSAFER because of a typo, which might allow pdf files to do evil stuff.

This is fixed in version 2.05. Either dump or apply this simple patch (gained from a diff 2.04->2.05):

--- fbida-2.04/fbgs     2006-04-10 09:43:01.000000000 +0200
+++ fbida-2.05/fbgs     2006-07-25 09:26:16.000000000 +0200
@@ -51,7 +51,7 @@
 echo
 echo "### rendering pages, please wait ... ###"
 echo
-gs     -dSAVER -dNOPAUSE -dBATCH                       \
+gs     -dSAFER -dNOPAUSE -dBATCH                       \
        -sPDFPassword="$password"                       \
        -sDEVICE=${device} -sOutputFile=$DIR/ps%03d.tiff \
        $gsopts                                         \

Comment 1 Thierry Carrez (RETIRED) gentoo-dev

2006-07-29 05:37:50 UTC

spock please bump with patch.

Comment 2 Michal Januszewski (RETIRED) gentoo-dev

2006-08-07 17:59:38 UTC

Fixed in CVS, thanks.

Comment 3 Thierry Carrez (RETIRED) gentoo-dev

2006-08-12 08:17:34 UTC

Fixed in 2.03-r4, already stable, thanks Michal.

The "?" in B2? calls for a vote, I'd say this warrants a GLSA

Comment 4 Raphael Marichez (Falco) (RETIRED) gentoo-dev

2006-08-16 01:54:12 UTC

yes

does "pdf files to do evif stuff" means code execution ? (==> B2 sure)

Comment 5 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2006-08-19 09:25:26 UTC

Let's have a GLSA on this one as well.

Comment 6 Raphael Marichez (Falco) (RETIRED) gentoo-dev

2006-08-23 13:02:08 UTC

GLSA 200608-22

thanks everybody