Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 772317 (CVE-2021-3410) - <media-libs/libcaca-0.99_beta19-r4: buffer overflow vulnerability (CVE-2021-3410)
Summary: <media-libs/libcaca-0.99_beta19-r4: buffer overflow vulnerability (CVE-2021-3...
Status: RESOLVED FIXED
Alias: CVE-2021-3410
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://github.com/cacalabs/libcaca/i...
Whiteboard: B2 [glsa+]
Keywords:
Depends on:
Blocks:
 
Reported: 2021-02-24 03:43 UTC by John Helmert III
Modified: 2024-02-18 10:23 UTC (History)
3 users (show)

See Also:
Package list:
media-libs/libcaca-0.99_beta19-r4
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-02-24 03:43:28 UTC
CVE-2021-3410:

A flaw was found in libcaca v0.99.beta19. A buffer overflow issue in caca_resize function in libcaca/caca/canvas.c may lead to local execution of arbitrary code in the user context.


Looks like no fix upstream yet.
Comment 2 Andreas Sturmlechner gentoo-dev 2021-03-01 00:25:00 UTC
opensuse applies quite a number of more patches than us over that code:

https://build.opensuse.org/package/show/multimedia:libs/libcaca
Comment 3 Larry the Git Cow gentoo-dev 2021-05-22 11:39:27 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9e49df2222085dded48b58473bc2fd6347f8352f

commit 9e49df2222085dded48b58473bc2fd6347f8352f
Author:     Andrew Savchenko <bircoph@gentoo.org>
AuthorDate: 2021-05-22 11:36:04 +0000
Commit:     Andrew Savchenko <bircoph@gentoo.org>
CommitDate: 2021-05-22 11:39:14 +0000

    media-libs/libcaca: fix multiple CVEs and docs build failure
    
    CVE fixed (using Debian patchset):
    CVE-2018-20544, CVE-2018-20545, CVE-2018-20546,
    CVE-2018-20547, CVE-2018-20549, CVE-2021-3410.
    
    Fix docs build failure (doxygen and latex issues) using both Debian
    patch and patch from bug 543870#c11.
    
    Install docs into proper path.
    
    Bug: https://bugs.gentoo.org/543870
    Bug: https://bugs.gentoo.org/772317
    Package-Manager: Portage-3.0.18, Repoman-3.0.3
    Signed-off-by: Andrew Savchenko <bircoph@gentoo.org>

 media-libs/libcaca/files/100_doxygen.diff          | 170 +++++++++++++++++++
 media-libs/libcaca/files/CVE-2018-20544.patch      |  45 +++++
 .../libcaca/files/CVE-2018-20545+20547+20549.patch |  34 ++++
 .../libcaca/files/CVE-2018-20546+20547.patch       |  36 ++++
 ...em-in-the-caca_resize-overflow-detection-.patch | 135 +++++++++++++++
 ...as-fix-an-integer-overflow-in-caca_resize.patch | 141 ++++++++++++++++
 media-libs/libcaca/files/fix-css-path.patch        |  12 ++
 media-libs/libcaca/libcaca-0.99_beta19-r4.ebuild   | 182 +++++++++++++++++++++
 8 files changed, 755 insertions(+)
Comment 4 Andrew Savchenko gentoo-dev 2021-05-22 11:42:33 UTC
Security team, please note that multiple CVEs are present prior to -r4.

Also while I helped with current problem, I'm not a maintainer of this packages, so proceed with stabilization on your own or with @media-video team.
Comment 5 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-05-25 02:48:25 UTC
Thanks!
Comment 6 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-05-25 16:54:43 UTC
ppc64 done
Comment 7 Agostino Sarubbo gentoo-dev 2021-05-25 18:58:21 UTC
amd64 stable
Comment 8 Agostino Sarubbo gentoo-dev 2021-05-25 19:10:34 UTC
x86 stable
Comment 9 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-05-27 19:22:26 UTC
ppc done
Comment 10 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-05-28 00:28:45 UTC
arm done
Comment 11 Rolf Eike Beer archtester 2021-05-28 15:46:11 UTC
sparc done
Comment 12 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-06-03 22:52:01 UTC
arm64 done

all arches done
Comment 13 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-06-04 02:12:12 UTC
Please cleanup.
Comment 14 NATTkA bot gentoo-dev 2021-06-18 14:36:32 UTC Comment hidden (obsolete)
Comment 15 Larry the Git Cow gentoo-dev 2021-06-18 14:56:24 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a17a038ba653cf52039460cf79adca71ef4a2326

commit a17a038ba653cf52039460cf79adca71ef4a2326
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2021-06-18 14:55:58 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-06-18 14:56:11 +0000

    media-libs/libcaca: drop 0.99_beta19-r5, 0.99_beta19-r6
    
    Bug: https://bugs.gentoo.org/772317
    Signed-off-by: Sam James <sam@gentoo.org>

 media-libs/libcaca/libcaca-0.99_beta19-r5.ebuild | 151 --------------------
 media-libs/libcaca/libcaca-0.99_beta19-r6.ebuild | 173 -----------------------
 2 files changed, 324 deletions(-)
Comment 16 NATTkA bot gentoo-dev 2021-06-18 15:12:29 UTC
Unable to check for sanity:

> no match for package: media-libs/libcaca-0.99_beta19-r4
Comment 17 Larry the Git Cow gentoo-dev 2024-02-18 10:22:54 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=93b7e0381c6c02b0f3ba93252ac9f9b72c94107a

commit 93b7e0381c6c02b0f3ba93252ac9f9b72c94107a
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-02-18 10:22:11 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-02-18 10:22:34 +0000

    [ GLSA 202402-19 ] libcaca: Arbitary Code Execution
    
    Bug: https://bugs.gentoo.org/772317
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202402-19.xml | 42 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)