2021-11-08 19:33:45 |
Robert Löhning |
bug |
|
|
added bug |
2021-11-08 19:33:45 |
Robert Löhning |
attachment added |
|
Input file which triggers the issue https://bugs.launchpad.net/bugs/1950193/+attachment/5538910/+files/input.svg |
|
2021-11-08 19:34:34 |
Robert Löhning |
attachment added |
|
Project file for test program https://bugs.launchpad.net/ubuntu/+source/qtsvg-opensource-src/+bug/1950193/+attachment/5538913/+files/test-2021-38593.pro |
|
2021-11-08 19:37:09 |
Robert Löhning |
attachment added |
|
Source file for test program https://bugs.launchpad.net/ubuntu/+source/qtsvg-opensource-src/+bug/1950193/+attachment/5538914/+files/main.cpp |
|
2021-11-08 19:37:38 |
Robert Löhning |
cve linked |
|
2021-38593 |
|
2021-11-23 12:58:19 |
Marc Deslauriers |
tags |
amd64 apport-bug focal |
amd64 apport-bug community-security focal |
|
2021-11-23 12:58:30 |
Marc Deslauriers |
information type |
Private Security |
Public Security |
|
2021-11-23 12:58:31 |
Marc Deslauriers |
bug |
|
|
added subscriber Ubuntu Bugs |
2021-11-23 12:58:50 |
Marc Deslauriers |
qtsvg-opensource-src (Ubuntu): status |
New |
Confirmed |
|
2021-11-27 18:10:26 |
Dmitry Shachnev |
affects |
qtsvg-opensource-src (Ubuntu) |
qtbase-opensource-src (Ubuntu) |
|
2021-11-27 18:10:26 |
Dmitry Shachnev |
qtbase-opensource-src (Ubuntu): status |
Confirmed |
In Progress |
|
2021-11-27 18:10:26 |
Dmitry Shachnev |
qtbase-opensource-src (Ubuntu): assignee |
|
Dmitry Shachnev (mitya57) |
|
2021-11-30 19:27:06 |
Launchpad Janitor |
qtbase-opensource-src (Ubuntu): status |
In Progress |
Fix Released |
|
2021-12-07 11:37:09 |
Dmitry Shachnev |
nominated for series |
|
Ubuntu Focal |
|
2021-12-07 11:37:09 |
Dmitry Shachnev |
bug task added |
|
qtbase-opensource-src (Ubuntu Focal) |
|
2021-12-12 12:32:03 |
Dmitry Shachnev |
description |
libqt5svg5 5.12.8-0ubuntu1 in Ubuntu 20.04 is affected by CVE-2021-38593:
https://nvd.nist.gov/vuln/detail/CVE-2021-38593
Trying to open the attached svg file will block one core at 100% and occupy much memory. Depending on the configuration, it might even run out of memory and crash. This is fixed upstream by:
https://codereview.qt-project.org/c/qt/qtbase/+/377942
The original issue is public since July 29th. If I'm allowed to upload further files, I'll send a simple test program.
ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: libqt5svg5 5.12.8-0ubuntu1
ProcVersionSignature: Ubuntu 5.14.0-1005.5-oem 5.14.9
Uname: Linux 5.14.0-1005-oem x86_64
ApportVersion: 2.20.11-0ubuntu27.21
Architecture: amd64
CasperMD5CheckResult: skip
CurrentDesktop: GNOME
Date: Mon Nov 8 20:24:34 2021
InstallationDate: Installed on 2012-07-06 (3411 days ago)
InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Release amd64 (20120425)
ProcEnviron:
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=de_DE.UTF-8
SHELL=/bin/bash
SourcePackage: qtsvg-opensource-src
UpgradeStatus: Upgraded to focal on 2020-10-03 (400 days ago) |
[Impact]
libqt5svg5 5.12.8-0ubuntu1 in Ubuntu 20.04 is affected by CVE-2021-38593:
https://nvd.nist.gov/vuln/detail/CVE-2021-38593
Trying to open the attached svg file will block one core at 100% and occupy much memory. Depending on the configuration, it might even run out of memory and crash. This is fixed upstream by:
https://codereview.qt-project.org/c/qt/qtbase/+/377942
The original issue is public since July 29th.
[Test Plan]
1. Install libqt5svg5-dev, qtbase5-dev and their dependencies.
2. Build the attached project with the system's version of Qt:
/usr/lib/qt5/bin/qmake test-2021-38593.pro && make
3. Start the resulting binary and pass the path to the included input file as first parameter:
./test-2021-38593 ./input.svg
The binary should return immediately and without error messages. If it doesn't, you might be affected.
[Where problems could occur]
The fix tries to skip drawing dashes that would be invisible anyway. So a potential problem may that it skips too much. In fact, this has already happened, and upstream had to adjust the fix.
[Other Info]
The patch is a combination of the following upstream commits:
- https://code.qt.io/cgit/qt/qtbase.git/commit/?id=7f345f2a1c8d9f60
- https://code.qt.io/cgit/qt/qtbase.git/commit/?id=9378ba2ae857df7e
- https://code.qt.io/cgit/qt/qtbase.git/commit/?id=81998f50d039a631
- https://code.qt.io/cgit/qt/qtbase.git/commit/?id=cca8ed0547405b1c |
|
2021-12-14 17:26:04 |
Brian Murray |
bug |
|
|
added subscriber Brian Murray |
2021-12-14 19:41:38 |
Dmitry Shachnev |
nominated for series |
|
Ubuntu Impish |
|
2021-12-14 19:41:38 |
Dmitry Shachnev |
bug task added |
|
qtbase-opensource-src (Ubuntu Impish) |
|
2021-12-14 20:05:55 |
Brian Murray |
qtbase-opensource-src (Ubuntu Impish): status |
New |
Fix Committed |
|
2021-12-14 20:05:57 |
Brian Murray |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2021-12-14 20:05:58 |
Brian Murray |
bug |
|
|
added subscriber SRU Verification |
2021-12-14 20:06:02 |
Brian Murray |
tags |
amd64 apport-bug community-security focal |
amd64 apport-bug community-security focal verification-needed verification-needed-impish |
|
2021-12-14 20:08:28 |
Brian Murray |
qtbase-opensource-src (Ubuntu Focal): status |
New |
Fix Committed |
|
2021-12-14 20:08:35 |
Brian Murray |
tags |
amd64 apport-bug community-security focal verification-needed verification-needed-impish |
amd64 apport-bug community-security focal verification-needed verification-needed-focal verification-needed-impish |
|
2021-12-17 20:43:45 |
Robert Löhning |
tags |
amd64 apport-bug community-security focal verification-needed verification-needed-focal verification-needed-impish |
amd64 apport-bug community-security focal verification-done-focal verification-needed verification-needed-impish |
|
2021-12-19 18:02:32 |
Dmitry Shachnev |
tags |
amd64 apport-bug community-security focal verification-done-focal verification-needed verification-needed-impish |
amd64 apport-bug community-security focal verification-done verification-done-focal verification-done-impish |
|
2022-01-05 19:14:04 |
Dmitry Shachnev |
tags |
amd64 apport-bug community-security focal verification-done verification-done-focal verification-done-impish |
amd64 apport-bug block-proposed-focal block-proposed-impish community-security focal verification-done verification-done-focal verification-done-impish |
|
2022-01-06 17:19:51 |
Brian Murray |
qtbase-opensource-src (Ubuntu Focal): status |
Fix Committed |
Fix Released |
|
2022-01-06 17:19:58 |
Brian Murray |
qtbase-opensource-src (Ubuntu Impish): status |
Fix Committed |
Fix Released |
|
2022-01-06 17:20:03 |
Brian Murray |
removed subscriber SRU Verification |
|
|
|
2022-01-06 17:20:07 |
Brian Murray |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
2022-01-06 17:20:21 |
Brian Murray |
tags |
amd64 apport-bug block-proposed-focal block-proposed-impish community-security focal verification-done verification-done-focal verification-done-impish |
amd64 apport-bug community-security focal verification-done verification-done-focal verification-done-impish |
|