Summary: | media-libs/freetype Possible incomplete fix CVE-2006-1861 (CVE-2006-3467) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sune Kloppenborg Jeppesen (RETIRED) <jaervosz> |
Component: | Auditing | Assignee: | Gentoo Security <security> |
Status: | RESOLVED WORKSFORME | ||
Severity: | normal | CC: | fonts |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3467 | ||
Whiteboard: | B3? [ebuild?] jaervosz | ||
Package list: | Runtime testing required: | --- | |
Attachments: | fix for CVE 2006 3467 |
Description
Sune Kloppenborg Jeppesen (RETIRED)
2006-07-26 02:23:49 UTC
Marinus please advise. Ok, this is already public :-) Integer overflow in FreeType before 2.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors, as demonstrated by the Red Hat bad1.pcf test file, due to a partial fix of CVE-2006-1861. Created attachment 93124 [details, diff]
fix for CVE 2006 3467
If I add the supposed fix to 2.1.10 I still get crashes with the font attached to this bug. Can someone please confirm this ?
Setting to Auditing for a patch review. Tavis, could you have a look ? (In reply to comment #3) > Created an attachment (id=93124) [edit] > fix for CVE 2006 3467 > > If I add the supposed fix to 2.1.10 I still get crashes with the font attached > to this bug. Can someone please confirm this ? foser, how are you testing? I used the supplied patch and after a rebuild of 2.1.10-r1 with the patch it no longer goes boom: plasmaroo /tmp $ ./ftcrash ./bad1.pcf error: 2 ftcrash: moo.c:34: main: Assertion `error == 0' failed. Aborted I just drop the font in my ~/.fonts dir. Starting any GUI app afterwards results in a segfault. plasmaroo did you get a chance to test it again? (In reply to comment #7) > plasmaroo did you get a chance to test it again? Yeah, I think foser isn't patching his freetype correctly or something is compiled with a static older version somewhere... It definitely fixes the bug for me. Sorry for my slow update. I'm patching fine and im certain I have no older versions lying around. I have been dealing with fc/ft for a long time, i know the pitfalls. The only thing I can think of is gcc/glibc issues, but I don't see them anywhere else. So I would like to see more confirmation to be sure it's not a local problem. marking WFM, the patch looks good to me, and I cant recreate the issue. |