Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 153800 - app-text/wv <=1.2.2 two integer overflows
Summary: app-text/wv <=1.2.2 two integer overflows
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://cve.mitre.org/cgi-bin/cvename....
Whiteboard: B2 [glsa] jaervosz
Keywords:
Depends on:
Blocks:
 
Reported: 2006-11-02 04:17 UTC by Matt Drew (RETIRED)
Modified: 2006-12-07 03:18 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Matt Drew (RETIRED) gentoo-dev 2006-11-02 04:17:49 UTC
Original credit to infamous41md (via idefense).

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4513

second vulnerability:

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=434

Both involve unchecked input from a file being multiplied, the first by a constant and the second by another unchecked user-input value.  Exploitation would require enticing a user to open a malicious document, and would gain the rights of the user running wv.

Solution is to upgrade to 1.2.3, although it looks like some folks are patching 1.2.1 (Ubuntu's sec notice on 2 Nov 2006).
Comment 1 Matt Drew (RETIRED) gentoo-dev 2006-11-02 04:55:42 UTC
cc'ing maintainer.
Comment 2 Sune Kloppenborg Jeppesen gentoo-dev 2006-11-20 22:57:53 UTC
Pulling in herd for advise.
Comment 3 foser (RETIRED) gentoo-dev 2006-11-21 06:05:45 UTC
Added wv-1.2.3 .

However there is #131686 , which is still an issue with wv 1.2.3 . Altough it seems to be an abiword problem, fixed in 2.4.6 (not in the tree yet).
Comment 4 Sune Kloppenborg Jeppesen gentoo-dev 2006-11-21 06:45:34 UTC
Thx foser, any ETA on the new abiword ebuild?
Comment 5 foser (RETIRED) gentoo-dev 2006-11-21 07:56:10 UTC
I added wv-1.2.3-r1 which does no longer provide (now faulty) links to older library versions, forcing a revdep-rebuild, this should at least take care of #131686 . Makes this bug no longer dependant on an abiword update.
Comment 6 Sune Kloppenborg Jeppesen gentoo-dev 2006-11-21 08:00:44 UTC
Thx foser.

Arches please test and mark stable. Target keywords are:

wv-1.2.3-r1.ebuild:KEYWORDS="x86 ppc sparc hppa alpha ia64 amd64 ppc64"
Comment 7 Brent Baude (RETIRED) gentoo-dev 2006-11-21 10:57:09 UTC
marked ppc64 stable
Comment 8 Jeroen Roovers gentoo-dev 2006-11-21 12:13:07 UTC
Stable for HPPA.
Comment 9 Christoph Mende (RETIRED) gentoo-dev 2006-11-21 12:53:41 UTC
emerges and works fine on amd64

Portage 2.1.2_rc2-r1 (default-linux/amd64/2006.1/desktop, gcc-4.1.1, glibc-2.4-r4, 2.6.18-ck1-r2 x86_64)
=================================================================
System uname: 2.6.18-ck1-r2 x86_64 AMD Athlon(tm) 64 Processor 3000+
Gentoo Base System version 1.12.6
Last Sync: Tue, 21 Nov 2006 20:20:01 +0000
ccache version 2.3 [enabled]
dev-java/java-config: 1.3.7, 2.0.30
dev-lang/python:     2.4.3-r4
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     2.3
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.60
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.13-r4
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="amd64"
AUTOCLEAN="yes"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=k8 -O2 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/X11/xkb"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-march=k8 -O2 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig buildsyspkg ccache collision-protect distlocks metadata-transfer multilib-strict parallel-fetch sandbox sfperms strict test"
GENTOO_MIRRORS="ftp://linux.rz.ruhr-uni-bochum.de/gentoo-mirror/ ftp://ftp.uni-erlangen.de/pub/mirrors/gentoo ftp://ftp.join.uni-muenster.de/pub/linux/distributions/gentoo ftp://ftp.wh2.tu-dresden.de/pub/mirrors/gentoo ftp://ftp.join.uni-muenster.de/pub/linux/distributions/gentoo ftp://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/ ftp://ftp.gentoo.mesh-solutions.com/gentoo/ ftp://pandemonium.tiscali.de/pub/gentoo/ "
LANG="en_US.ISO-8859-15"
LC_ALL="en_US.ISO-8859-15"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_EXTRA_OPTS="--exclude-from=/etc/portage/rsync_excludes"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage/overlay"
SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage"
USE="amd64 X a52 aac acpi alsa amr audiofile berkdb bitmap-fonts branding bzip2 cairo cdinstall cdr cli cracklib crypt cups dbus divx dlloader dri dvd dvdr dvdread eds elibc_glibc emboss encode fam ffmpeg firefox fortran gdbm gif glut gpm gstreamer gtk gtk2 hal iconv imagemagick input_devices_evdev input_devices_keyboard ipod isdnlog jpeg kernel_linux ldap libg++ lirc lirc_devices_inputlirc logrotate mad mikmod mng mp3 mpeg ncurses nls nptl nptlonly offensive ogg opengl pam pcre php png ppds pppd quicktime readline reflection rtc sdl session socks5 spl ssl svg symlink tcpd test tiff truetype truetype-fonts type1-fonts udev unicode userland_GNU userlocales v4l v4l2 video_cards_fglrx video_cards_radeon vim-with-x vorbis wmp xine xinerama xml xorg xv xvid zlib"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS, LINGUAS
Comment 10 Markus Meier gentoo-dev 2006-11-21 13:37:43 UTC
app-text/wv-1.2.3-r1  USE="wmf"
1. emerges on x86
2. passes collision test
3. works

Portage 2.1.1-r2 (default-linux/x86/2006.1/desktop, gcc-4.1.1, glibc-2.4-r4, 2.6.17.13 i686)
=================================================================
System uname: 2.6.17.13 i686 AMD Athlon(TM) XP1800+
Gentoo Base System version 1.12.6
Last Sync: Tue, 21 Nov 2006 19:00:01 +0000
ccache version 2.3 [enabled]
app-admin/eselect-compiler: [Not Present]
dev-java/java-config: 1.3.7, 2.0.30
dev-lang/python:     2.3.5-r3, 2.4.3-r4
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     2.3
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.60
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.13-r4
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.17-r1
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=i686 -fomit-frame-pointer -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c"
CXXFLAGS="-O2 -march=i686 -fomit-frame-pointer -pipe"
DISTDIR="/usr/portage/distfiles"
EMERGE_DEFAULT_OPTS="--nospinner"
FEATURES="autoconfig ccache collision-protect distlocks fixpackages metadata-transfer parallel-fetch sandbox sfperms strict test userfetch userpriv usersandbox"
GENTOO_MIRRORS="http://mirror.switch.ch/mirror/gentoo/ http://gentoo.inode.at/"
LANG="en_GB.utf8"
LINGUAS="en de en_GB"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage/normal"
SYNC="rsync://192.168.2.1/gentoo-portage"
USE="x86 3dnow 3dnowext X a52 aac acpi alsa apache2 bash-completion berkdb bitmap-fonts bzip2 cairo cdr cli cracklib crypt css cups dbus divx4linux dlloader dri dts dvd dvdr dvdread elibc_glibc emboss exif fam ffmpeg firefox font-server fortran gdbm gif gnome gphoto2 gpm gstreamer gtk gtk2 gtkhtml hal iconv input_devices_keyboard input_devices_mouse ipv6 isdnlog java jpeg kde kernel_linux ldap libclamav libg++ linguas_de linguas_en linguas_en_GB logitech-mouse mad mikmod mmx mmxext mono mozcalendar mozdevelop mozsvg mp3 mpeg ncurses network nls nptl nptlonly nvidia oav ogg opengl oss pam pcre perl png ppds pppd python qt qt3 qt4 quicktime readline reflection samba sdl seamonkey session spell spl ssl tcltk tcpd test tetex tiff truetype truetype-fonts type1-fonts udev unicode usb userland_GNU vcd video_cards_none video_cards_nv vorbis win32codecs xine xinerama xml xorg xorg-x11 xprint xv xvg xvid zlib"
Unset:  CTARGET, INSTALL_MASK, LC_ALL, LDFLAGS, MAKEOPTS, PORTAGE_RSYNC_EXTRA_OPTS
Comment 11 Malcolm Lashley (RETIRED) gentoo-dev 2006-11-21 15:56:29 UTC
amd64 done.
Comment 12 Christian Faulhammer (RETIRED) gentoo-dev 2006-11-22 00:19:31 UTC
We are done on x86
Comment 13 Tobias Scherbaum (RETIRED) gentoo-dev 2006-11-22 09:20:24 UTC
ppc stable
Comment 14 Gustavo Zacarias (RETIRED) gentoo-dev 2006-11-22 09:28:00 UTC
sparc stable.
Comment 15 Bryan Østergaard (RETIRED) gentoo-dev 2006-11-24 10:19:50 UTC
Stable on Alpha + ia64.
Comment 16 Sune Kloppenborg Jeppesen gentoo-dev 2006-11-24 11:25:36 UTC
There seems to be only one issue at least the iDefense issue is CVE-2006-4513.

GLSA drafted, security please review.
Comment 17 Sune Kloppenborg Jeppesen gentoo-dev 2006-12-07 03:18:21 UTC
GLSA 200612-01