Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 531544 (CVE-2014-9274) - <app-text/unrtf-0.21.9: out-of-bounds memory access vulnerability (CVE-2014-{9274,9275})
Summary: <app-text/unrtf-0.21.9: out-of-bounds memory access vulnerability (CVE-2014-{...
Status: RESOLVED FIXED
Alias: CVE-2014-9274
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: B2 [glsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2014-12-03 15:13 UTC by Agostino Sarubbo
Modified: 2015-07-07 07:09 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2014-12-03 15:13:31 UTC
From ${URL} :

Michal Zalewski reported [1] an out-of-bounds memory access vulnerability in unrtf.  Processing a 
malformed RTF file could lead to a segfault while accessing a pointer that may be under the 
attacker's control.  This would lead to a denial of service (application crash) or, potentially, 
the execution of arbitrary code.

There has been no response upstream regarding this (it seems that unrtf is no longer being 
maintained) so there is no patch available as of yet.

[1] https://lists.gnu.org/archive/html/bug-unrtf/2014-11/msg00000.html


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Hanno Böck gentoo-dev 2014-12-10 10:06:11 UTC
Good news: upstream is not dead. They released 0.21.6 which at least fixes some issues (including the two that got CVEs). Though there are more issues with unrtf.
Comment 2 Hanno Böck gentoo-dev 2014-12-22 07:01:51 UTC
Upstream now released 0.21.8 which contains many more fixes for more issues. It seems pretty robust now. Please bump.
Comment 3 Lars Wendler (Polynomial-C) gentoo-dev 2014-12-22 14:30:43 UTC
+*unrtf-0.21.8 (22 Dec 2014)
+
+  22 Dec 2014; Lars Wendler <polynomial-c@gentoo.org> +unrtf-0.21.8.ebuild,
+  +files/unrtf-0.21.8-automake-fix.patch,
+  +files/unrtf-0.21.8-iconv-detection.patch:
+  Security bump (bug #531544).
+
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2015-01-04 16:07:14 UTC
CVE-2014-9275 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9275):
  UnRTF allows remote attackers to cause a denial of service (out-of-bounds
  memory access and crash) and possibly execute arbitrary code via a crafted
  RTF file.

CVE-2014-9274 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9274):
  UnRTF allows remote attackers to cause a denial of service (crash) and
  possibly execute arbitrary code as demonstrated by a file containing the
  string "{\cb-999999999".
Comment 5 Sean Amoss gentoo-dev Security 2015-01-17 22:23:22 UTC
Maintainer(s), please add arches when ready for stabilization.
Comment 6 Kristian Fiskerstrand gentoo-dev Security 2015-02-07 20:00:07 UTC
(In reply to Sean Amoss from comment #5)
> Maintainer(s), please add arches when ready for stabilization.

@maintainers: ping
Comment 7 Yury German Gentoo Infrastructure gentoo-dev Security 2015-03-08 19:27:03 UTC
Arches, please test and mark stable:

=app-text/unrtf-0.21.9

Target Keywords : "alpha amd64 arm hppa ia64 ppc ppc64 spark x86"

Thank you!
Comment 8 Jeroen Roovers gentoo-dev 2015-03-09 11:18:57 UTC
Stable for HPPA.
Comment 9 Agostino Sarubbo gentoo-dev 2015-03-13 09:26:26 UTC
amd64 stable
Comment 10 Agostino Sarubbo gentoo-dev 2015-03-13 09:27:22 UTC
x86 stable
Comment 11 Markus Meier gentoo-dev 2015-03-14 13:33:39 UTC
arm stable
Comment 12 Agostino Sarubbo gentoo-dev 2015-03-25 16:07:38 UTC
ia64 stable
Comment 13 Agostino Sarubbo gentoo-dev 2015-03-26 11:22:04 UTC
ppc stable
Comment 14 Agostino Sarubbo gentoo-dev 2015-03-26 11:29:12 UTC
ppc64 stable
Comment 15 Agostino Sarubbo gentoo-dev 2015-03-30 09:50:48 UTC
sparc stable
Comment 16 Agostino Sarubbo gentoo-dev 2015-03-30 10:03:32 UTC
alpha stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 17 Yury German Gentoo Infrastructure gentoo-dev Security 2015-04-22 20:54:53 UTC
Maintainer(s), Thank you for you for cleanup.

New GLSA Request filed.

Maintainer(s), please drop the vulnerable version(s).
Comment 18 Yury German Gentoo Infrastructure gentoo-dev Security 2015-05-13 22:27:05 UTC
Maintainer(s), Thank you for you for cleanup.
Comment 19 GLSAMaker/CVETool Bot gentoo-dev 2015-07-07 07:09:29 UTC
This issue was resolved and addressed in
 GLSA 201507-06 at https://security.gentoo.org/glsa/201507-06
by GLSA coordinator Mikle Kolyada (Zlogene).