A crafted msg to the script-fu server overflows a buffer and overwrites several function pointers allowing the attacker to gain control of EIP and potentially execute arbitrary code Reproducible: Always
Hanno or Sebastian. Are one of the >=2.8 versions suitable to stabilize?
Not yet still waiting.
(In reply to comment #1) > Hanno or Sebastian. Are one of the >=2.8 versions suitable to stabilize? Hard to say. 2.8 if any but it hasn't been around long. (In reply to comment #2) > Not yet still waiting. Waiting for what? Please elaborate.
Hanno or Sebastian, shall we stabilize 2.8.0-r1 now? thanks.
(In reply to comment #4) > Hanno or Sebastian, shall we stabilize 2.8.0-r1 now? thanks. It seems to be working fine, no bugs have been reported recently or at all (ignoring #414653 and #414853 for the moment). It still feels a bit early but I have no hard objections to it.
(In reply to comment #5) > It still feels a bit early > but I have no hard objections to it. Yeah... How about this? If you see any issues between now and Friday, add them as blockers here, please. Otherwise we'll call arches on Friday.
(In reply to comment #6) > Yeah... How about this? If you see any issues between now and Friday, add > them as blockers here, please. Otherwise we'll call arches on Friday. Sounds fair. A build issue just came in, adding #422497.
Created attachment 317388 [details, diff] CVE-2012-2763.diff CVE-2012-2763.diff
Created attachment 317392 [details, diff] CVE-2012-2763.diff Working with upstream, we identified the code in 2.8 which fixes this buffer overflow vulnerability in the script-fu server. The attached patch fixes the issue in gimp 2.6.x.
(In reply to comment #9) > Created attachment 317392 [details, diff] [details, diff] > CVE-2012-2763.diff > > Working with upstream, we identified the code in 2.8 which fixes this buffer > overflow vulnerability in the script-fu server. > > The attached patch fixes the issue in gimp 2.6.x. Thanks! +*gimp-2.6.12-r2 (08 Jul 2012) + + 08 Jul 2012; Sebastian Pipping <sping@gentoo.org> +gimp-2.6.12-r2.ebuild, + +files/gimp-2.6.12-CVE-2012-2763.patch: + Add backport of patch to CVE-2012-2763 by mancha + Commit mentioned in the patch: http://git.gnome.org/browse/gimp/commit/?id=76155d79df8d497d9a5994029247387e222da9e9
Great, thanks! Can we move to stabilize gimp-2.6.12-r2?
(In reply to comment #11) > Great, thanks! Can we move to stabilize gimp-2.6.12-r2? No objections from my side.
Great, thanks. Arches, please test and mark stable: =media-gfx/gimp-2.6.12-r2 Target keywords : "alpha amd64 hppa ia64 ppc ppc64 sparc x86"
x86 stable
amd64 stable
Stable for HPPA.
alpha/ia64/sparc stable
CVE-2012-2763 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2763): Buffer overflow in the readstr_upto function in plug-ins/script-fu/tinyscheme/scheme.c in GIMP 2.6.12 and earlier, and possibly 2.6.13, allows remote attackers to execute arbitrary code via a long string in a command to the script-fu server.
ppc done
ppc64 stable, last arch done
Thanks, everyone. This is already on a GLSA draft, ready for review.
This issue was resolved and addressed in GLSA 201209-23 at http://security.gentoo.org/glsa/glsa-201209-23.xml by GLSA coordinator Sean Amoss (ackle).