Summary: | <media-libs/libwmf-0.2.8.4-r3 Use-after-free in embedded GD (CVE-2009-1364) | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Alex Legler (RETIRED) <a3li> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | normal | CC: | loki_val, maintainer-needed | ||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
URL: | https://launchpad.net/bugs/cve/2009-1364 | ||||||
Whiteboard: | B2 [glsa] | ||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
Alex Legler (RETIRED)
![]() ![]() ![]() Created attachment 190066 [details, diff]
CVE-2009-1364.patch
That GD copy should be removed.
If that should take too long, I'm adding the patch found in Debian's bugtracker.
Since perusal of the sources indicate that use of the internal gd seems to offer little benefit, I just dropped the gd use-flag, since libwmf seems unmaintained and maintaining an internal copy in this package is unattractive. Gd is no longer built. +*libwmf-0.2.8.4-r3 (10 May 2009) + + 10 May 2009; Peter Alfredsen <loki_val@gentoo.org> + +libwmf-0.2.8.4-r3.ebuild, +files/libwmf-0.2.8.4-pngfix.patch: + Drop use of internal gd w.r.t. bug 268161. Add fix for bug 269324, include + order bug, possibly triggered by gcc-4.4.0. + Arches, please test and mark stable: =media-libs/libwmf-0.2.8.4-r3 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86" x86 stable Stable for HPPA. Sparc stable. alpha/arm/ia64/s390/sh stable amd64 stable ppc64 done ppc done GLSA request filed. (In reply to comment #2) > Since perusal of the sources indicate that use of the internal gd seems to > offer little benefit, I just dropped the gd use-flag, since libwmf seems > unmaintained and maintaining an internal copy in this package is unattractive. > Gd is no longer built. Does this mean that libwmf does not have any gd support at all now, not even with the system gd, or does it build against the system gd? The situation is currently unclear to me and the GLSA draft says "All libwmf users should upgrade to the latest version, which now builds against a current version from portage". Is this correct? It does not build the internal copy and does not link against the system copy: $ diff -u libwmf-0.2.8.4-r2.ebuild libwmf-0.2.8.4-r3.ebuild --- libwmf-0.2.8.4-r2.ebuild 2009-03-06 06:18:15.000000000 +0100 +++ libwmf-0.2.8.4-r3.ebuild 2009-05-25 21:05:12.000000000 +0200 ... -IUSE="X expat xml debug doc gtk gd" +IUSE="X expat xml debug doc gtk" RDEPEND="virtual/ghostscript xml? ( !expat? ( dev-libs/libxml2 ) ) expat? ( dev-libs/expat ) - gd? ( media-libs/gd ) >=media-libs/freetype-2.0.1 sys-libs/zlib media-libs/libpng ... @@ -65,10 +65,13 @@ myconf="${myconf} $(use_with expat) $(use_with xml libxml2)" fi + # NOTE: The gd that is included is gd-2.0.0. Even with --with-sys-gd, that gd is built + # and included in libwmf. Since nothing in-tree seems to use media-libs/libwmf[gd], + # we're explicitly disabling gd use w.r.t. bug 268161 econf \ $(use_enable debug) \ $(use_with X x) \ - $(use_enable gd) \ + --disable-gd \ --with-sys-gd \ ${myconf} \ --with-gsfontdir=/usr/share/ghostscript/fonts \ $ ./configure --help | grep gd --disable-gd don't build GD, don't look for it, don't require it --with-sys-gd=DIR use system GD in DIR (if compatible) $ ldd /var/tmp/portage/media-libs/libwmf-0.2.8.4-r3/image/usr/lib64/libwmf.so linux-vdso.so.1 => (0x00007fff4bbfe000) libwmflite-0.2.so.7 => /usr/lib/libwmflite-0.2.so.7 (0x00007f724364a000) libfreetype.so.6 => /usr/lib/libfreetype.so.6 (0x00007f72433b1000) libX11.so.6 => /usr/lib/libX11.so.6 (0x00007f72430a2000) libxml2.so.2 => /usr/lib/libxml2.so.2 (0x00007f7242d43000) libpng12.so.0 => /usr/lib/libpng12.so.0 (0x00007f7242b1c000) libz.so.1 => /lib/libz.so.1 (0x00007f7242905000) libm.so.6 => /lib/libm.so.6 (0x00007f7242681000) libc.so.6 => /lib/libc.so.6 (0x00007f7242310000) libxcb-xlib.so.0 => /usr/lib/libxcb-xlib.so.0 (0x00007f724210c000) libxcb.so.1 => /usr/lib/libxcb.so.1 (0x00007f7241eee000) libdl.so.2 => /lib/libdl.so.2 (0x00007f7241cea000) /lib64/ld-linux-x86-64.so.2 (0x00007f7243aba000) libXau.so.6 => /usr/lib/libXau.so.6 (0x00007f7241ae6000) libXdmcp.so.6 => /usr/lib/libXdmcp.so.6 (0x00007f72418e0000) GLSA 200907-01 |