Ubuntu
devil package

[Security] devil - Fix buffer overflows

Bug #603689 reported by Brian Thomason
262
This bug affects 1 person
Affects Status Importance Assigned to Milestone
devil (Ubuntu)
Invalid
Undecided
Brian Thomason
Hardy
Fix Released
Medium
Unassigned
Jaunty
Invalid
Medium
Unassigned
Karmic
Invalid
Medium
Unassigned

Bug Description

Fix buffer overflows in the iGetHdrHeader() function that allow arbitrary code execution via a crafted Radiance RGBE file

Tags: patch

CVE References

Brian Thomason (brian-thomason)
Changed in devil (Ubuntu):
status: New → In Progress
assignee: nobody → Brian Thomason (brian-thomason)
Revision history for this message
Brian Thomason (brian-thomason) wrote :
Revision history for this message
Brian Thomason (brian-thomason) wrote :

Forgot to run update-maintainer

Brian Thomason (brian-thomason)
Changed in devil (Ubuntu):
status: In Progress → New
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Devil on hardy, jaunty and karmic is also vulnerable to CVE-2009-3994. Could you please update the debdiff with a fix for that CVE also, and then re-subscribe ubuntu-security-sponsors?

Thanks.

visibility: private → public
summary: - [Security] devil - Fix buffer overflows - CVE-2008-5262
+ [Security] devil - Fix buffer overflows
Changed in devil (Ubuntu Hardy):
status: New → Confirmed
Changed in devil (Ubuntu Karmic):
status: New → Confirmed
Changed in devil (Ubuntu Jaunty):
status: New → Confirmed
Changed in devil (Ubuntu Hardy):
importance: Undecided → Medium
Changed in devil (Ubuntu Karmic):
importance: Undecided → Medium
Changed in devil (Ubuntu Jaunty):
importance: Undecided → Medium
Revision history for this message
Brian Thomason (brian-thomason) wrote :

Hi Marc,

It appears that 1.6.x does not actually contain this vulnerability as the affected file doesn't even exist in that codebase. it appears that functionality was introduced in 1.7.x.

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Oh, sorry about that. ACK to the debdiff. Packages for hardy are building now and will be released soon.

Thanks!

Changed in devil (Ubuntu Hardy):
status: Confirmed → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package devil - 1.6.7-5.1ubuntu0.1

---------------
devil (1.6.7-5.1ubuntu0.1) hardy-security; urgency=low

  * SECURITY UPDATE: Fix buffer overflows (LP: #603689)
  - modified src-IL/src/il_hd .c: Fix buffer overflows in the iGetHdrHeader()
    function that allow arbitrary code execution via a crafted Radiance RGBE
    file.
    Patch provided by Debian in Etch. (DSA-1717-1, DTSA-184-1)
  - CVE-2008-5262
 -- Brian Thomason <email address hidden> Fri, 09 Jul 2010 13:32:14 -0400

Changed in devil (Ubuntu Hardy):
status: Fix Committed → Fix Released
Brian Thomason (brian-thomason)
Changed in devil (Ubuntu Jaunty):
status: Confirmed → Invalid
Brian Murray (brian-murray)
tags: added: patch
Brian Thomason (brian-thomason)
Changed in devil (Ubuntu Karmic):
status: Confirmed → New
Marc Deslauriers (mdeslaur)
Changed in devil (Ubuntu Karmic):
status: New → Confirmed
Revision history for this message
Kees Cook (kees) wrote :

Jaunty seems vulnerable to this issue. I don't understand the comments above regarding hardy. It was uploaded, so it was vulnerable, yes? And the patch labeled "Karmic patch" is for hardy again? It looks like Karmic was fixed upstream.

Changed in devil (Ubuntu Jaunty):
status: Invalid → Confirmed
Changed in devil (Ubuntu Karmic):
status: Confirmed → Invalid
Changed in devil (Ubuntu):
status: New → Invalid
Revision history for this message
Kees Cook (kees) wrote :

Oh, NM, jaunty is fine. It was fixed already by Debian.

Changed in devil (Ubuntu Jaunty):
status: Confirmed → Invalid
Revision history for this message
Brian Thomason (brian-thomason) wrote :

I have no clue why I posted that "karmic" patch... (it was just the hardy patch that has already gone through) I have removed it so as to not confuse anyone else.

Correct, Jaunty and Karmic are fine.

To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.