Summary: | <dev-qt/qtgui-4.8.5-r4: DoS vulnerability in the BMP image handler (CVE-2015-0295) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | qt, Yanestra |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://lists.qt-project.org/pipermail/announce/2015-February/000059.html | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 543326 |
Description
Agostino Sarubbo
2015-03-03 08:37:28 UTC
So let me understand... every crash is a security vulnerability now? A division-by-zero is not exploitable by itself afaik. (In reply to Davide Pesavento from comment #1) > So let me understand... every crash is a security vulnerability now? A > division-by-zero is not exploitable by itself afaik. It is if it is not caught and as such crashes: resulting in Denial of Service. So every externally triggerable crash is a DoS? (In reply to Davide Pesavento from comment #3) > So every externally triggerable crash is a DoS? Basically yes, although it would in some circumstances depend on the security properties stated by the upstream. I haven't looked into this bug too closely but I imagine it is caused due to a CWE-20: Improper Input Validation. In overlay. https://gitweb.gentoo.org/proj/qt.git/commit/?id=04813ef4c2153cb4e91af61b48561f15909527c8 4.8.{5,6} need patching too -> git fetch https://codereview.qt-project.org/qt/qt refs/changes/08/107108/4 && git format-patch -1 --stdout FETCH_HEAD You can revbump both in tree and stabilize 4.8.5-r4 Thanks, fixed in CVS. + 17 Mar 2015; Michael Palimaka <kensington@gentoo.org> + +files/qtgui-5.4.1-CVE-2015-0295.patch, +qtgui-5.4.1-r1.ebuild, + -qtgui-5.4.1.ebuild: + Backport patch from upstream to solve CVE-2015-0295 wrt bug #541972. Thanks Davide, 4.8 done too. + 17 Mar 2015; Michael Palimaka <kensington@gentoo.org> + +files/qtgui-4.8.5-CVE-2015-0295.patch, +qtgui-4.8.5-r4.ebuild, + +qtgui-4.8.6-r2.ebuild, -qtgui-4.8.6-r1.ebuild: + Backport patch from upstream to solve CVE-2015-0295 wrt bug #541972. Arch teams, please test and stabilise dev-qt/qtgui-4.8.5-r4. Target KEYWORDS="alpha amd64 arm hppa ia64 ppc ppc64 sparc x86". amd64 stable x86 done. Stable for HPPA. ia64 stable ppc stable ppc64 stable arm stable CVE-2015-0295 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0295): The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file. sparc stable alpha stable. Maintainer(s), please cleanup. Security, please vote. + 30 Mar 2015; Michael Palimaka <kensington@gentoo.org> -qtgui-4.8.5-r3.ebuild: + Remove old. Arches and Maintainer(s), Thank you for your work. GLSA Vote: Yes GLSA Vote: No GLSA vote: no. Closing as [noglsa] |