Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 940777 (CVE-2024-36474, CVE-2024-42415, TALOS-2024-2068, TALOS-2024-2069)

Summary: <gnome-extra/libgsf-1.14.53: Multiple vulnerabilities
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: IN_PROGRESS ---    
Severity: normal CC: gnome
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: A2 [glsa+ cleanup]
Package list:
Runtime testing required: ---
Bug Depends on: 946484, 945126    
Bug Blocks:    

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2024-10-05 06:50:19 UTC
* CVE-2024-42415 (https://talosintelligence.com/vulnerability_reports/TALOS-2024-2069)

An integer overflow vulnerability exists in the Compound Document Binary File format parser of v1.14.52 of the GNOME Project G Structured File Library (libgsf). A specially crafted file can result in an integer overflow that allows for a heap-based buffer overflow when processing the sector allocation table. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

* CVE-2024-36474 (https://talosintelligence.com/vulnerability_reports/TALOS-2024-2068)
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2024-10-05 06:50:43 UTC
Please bump to 1.14.53.
Comment 2 Larry the Git Cow gentoo-dev 2024-11-08 20:19:52 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=30036425b4ebd5b21a22b5e85e15d3859f73bdd1

commit 30036425b4ebd5b21a22b5e85e15d3859f73bdd1
Author:     Pacho Ramos <pacho@gentoo.org>
AuthorDate: 2024-11-08 20:17:39 +0000
Commit:     Pacho Ramos <pacho@gentoo.org>
CommitDate: 2024-11-08 20:18:39 +0000

    gnome-extra/libgsf: add 1.14.53
    
    Bug: https://bugs.gentoo.org/940777
    Bug: https://bugs.gentoo.org/923132
    Signed-off-by: Pacho Ramos <pacho@gentoo.org>

 gnome-extra/libgsf/Manifest              |  1 +
 gnome-extra/libgsf/libgsf-1.14.53.ebuild | 47 ++++++++++++++++++++++++++++++++
 2 files changed, 48 insertions(+)
Comment 3 Larry the Git Cow gentoo-dev 2025-01-23 06:25:16 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=1f5fa6179b095ca874fd9b27edaae949706a247e

commit 1f5fa6179b095ca874fd9b27edaae949706a247e
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2025-01-23 06:25:02 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2025-01-23 06:25:14 +0000

    [ GLSA 202501-07 ] libgsf: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/940777
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202501-07.xml | 45 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)
Comment 4 Larry the Git Cow gentoo-dev 2025-01-25 15:27:10 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3a18d26097caefed52126fbd7086202d20d53bb9

commit 3a18d26097caefed52126fbd7086202d20d53bb9
Author:     Pacho Ramos <pacho@gentoo.org>
AuthorDate: 2025-01-25 15:25:41 +0000
Commit:     Pacho Ramos <pacho@gentoo.org>
CommitDate: 2025-01-25 15:26:56 +0000

    gnome-extra/libgsf: drop 1.14.52
    
    Bug: https://bugs.gentoo.org/940777
    Signed-off-by: Pacho Ramos <pacho@gentoo.org>

 gnome-extra/libgsf/Manifest              |  1 -
 gnome-extra/libgsf/libgsf-1.14.52.ebuild | 47 --------------------------------
 2 files changed, 48 deletions(-)