[Security] devil - Fix buffer overflows

Bug #603689 reported by Brian Thomason on 2010-07-09
262
This bug affects 1 person
Affects Status Importance Assigned to Milestone
devil (Ubuntu)
Undecided
Brian Thomason
Hardy
Medium
Unassigned
Jaunty
Medium
Unassigned
Karmic
Medium
Unassigned

Bug Description

Fix buffer overflows in the iGetHdrHeader() function that allow arbitrary code execution via a crafted Radiance RGBE file

CVE References

Changed in devil (Ubuntu):
status: New → In Progress
assignee: nobody → Brian Thomason (brian-thomason)
Brian Thomason (brian-thomason) wrote :
Brian Thomason (brian-thomason) wrote :

Forgot to run update-maintainer

Changed in devil (Ubuntu):
status: In Progress → New
Marc Deslauriers (mdeslaur) wrote :

Devil on hardy, jaunty and karmic is also vulnerable to CVE-2009-3994. Could you please update the debdiff with a fix for that CVE also, and then re-subscribe ubuntu-security-sponsors?

Thanks.

visibility: private → public
summary: - [Security] devil - Fix buffer overflows - CVE-2008-5262
+ [Security] devil - Fix buffer overflows
Changed in devil (Ubuntu Hardy):
status: New → Confirmed
Changed in devil (Ubuntu Karmic):
status: New → Confirmed
Changed in devil (Ubuntu Jaunty):
status: New → Confirmed
Changed in devil (Ubuntu Hardy):
importance: Undecided → Medium
Changed in devil (Ubuntu Karmic):
importance: Undecided → Medium
Changed in devil (Ubuntu Jaunty):
importance: Undecided → Medium
Brian Thomason (brian-thomason) wrote :

Hi Marc,

It appears that 1.6.x does not actually contain this vulnerability as the affected file doesn't even exist in that codebase. it appears that functionality was introduced in 1.7.x.

Marc Deslauriers (mdeslaur) wrote :

Oh, sorry about that. ACK to the debdiff. Packages for hardy are building now and will be released soon.

Thanks!

Changed in devil (Ubuntu Hardy):
status: Confirmed → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package devil - 1.6.7-5.1ubuntu0.1

---------------
devil (1.6.7-5.1ubuntu0.1) hardy-security; urgency=low

  * SECURITY UPDATE: Fix buffer overflows (LP: #603689)
  - modified src-IL/src/il_hd .c: Fix buffer overflows in the iGetHdrHeader()
    function that allow arbitrary code execution via a crafted Radiance RGBE
    file.
    Patch provided by Debian in Etch. (DSA-1717-1, DTSA-184-1)
  - CVE-2008-5262
 -- Brian Thomason <email address hidden> Fri, 09 Jul 2010 13:32:14 -0400

Changed in devil (Ubuntu Hardy):
status: Fix Committed → Fix Released
Changed in devil (Ubuntu Jaunty):
status: Confirmed → Invalid
tags: added: patch
Changed in devil (Ubuntu Karmic):
status: Confirmed → New
Changed in devil (Ubuntu Karmic):
status: New → Confirmed
Kees Cook (kees) wrote :

Jaunty seems vulnerable to this issue. I don't understand the comments above regarding hardy. It was uploaded, so it was vulnerable, yes? And the patch labeled "Karmic patch" is for hardy again? It looks like Karmic was fixed upstream.

Changed in devil (Ubuntu Jaunty):
status: Invalid → Confirmed
Changed in devil (Ubuntu Karmic):
status: Confirmed → Invalid
Changed in devil (Ubuntu):
status: New → Invalid
Kees Cook (kees) wrote :

Oh, NM, jaunty is fine. It was fixed already by Debian.

Changed in devil (Ubuntu Jaunty):
status: Confirmed → Invalid

I have no clue why I posted that "karmic" patch... (it was just the hardy patch that has already gone through) I have removed it so as to not confuse anyone else.

Correct, Jaunty and Karmic are fine.

To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers