Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 236525 (CVE-2008-3791)

Summary: media-gfx/gpicview Insecure tempfile and shell metadata in filename (CVE-2008-3791, CVE-2008-3904)
Product: Gentoo Security Reporter: Robert Buchholz (RETIRED) <rbu>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: graphics+disabled
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://thread.gmane.org/gmane.comp.security.oss.general/845
Whiteboard: ~2 [noglsa]
Package list:
Runtime testing required: ---

Description Robert Buchholz (RETIRED) gentoo-dev 2008-09-03 00:06:18 UTC 
http://sourceforge.net/tracker/index.php?func=detail&aid=2019481&group_id=180858&atid=894869

Possible symlink attack via the temporary created "/tmp/rot.jpg" 
file used for image rotation.

Furthermore Nico Golde reported discovered that shell code could be executed via crafted filenames:
http://thread.gmane.org/gmane.comp.security.oss.general/845/focus=872

A patch can be found at the debian bug (not reviewed yet):
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495968
Comment 1 Markus Meier gentoo-dev 2008-09-12 21:01:13 UTC 
*gpicview-0.1.10 (12 Sep 2008)

  12 Sep 2008; Markus Meier <maekke@gentoo.org> -gpicview-0.1.8.ebuild,
  -gpicview-0.1.9.ebuild, +gpicview-0.1.10.ebuild:
  bump to 0.1.10, remove old ebuilds, security bug #236525

this should fix the mentioned security bugs (I checked /tmp/rot.jpg bug)
Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2008-09-13 17:56:53 UTC 
confirmed, thanks for bumping. Closing [noglsa].