Bug 134246 - [patch] [vuxml] graphics/libwmf: document and fix two remote code execution vulnerabilities
Summary: [patch] [vuxml] graphics/libwmf: document and fix two remote code execution v...
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Martin Wilke
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-05-05 22:10 UTC by Eygene Ryabinkin
Modified: 2009-05-16 23:40 UTC (History)
0 users

See Also:


Attachments
libwmf.diff (2.60 KB, patch)
2009-05-05 22:10 UTC, Eygene Ryabinkin
no flags Details | Diff
vuln-2.xml (1.58 KB, text/plain)
2009-05-05 22:10 UTC, Eygene Ryabinkin
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Eygene Ryabinkin 2009-05-05 22:10:03 UTC
Two vulnerabilities (at least) are present in the current FreeBSD's
port graphics/libwmf: [1], [2].

Fix: The following patch fixes both vulnerabilites in the FreeBSD port:

The following VuXML entries should be evaluated and added:
  <vuln vid="8dba4ad9-39b3-11de-a493-001b77d09812">
    <topic>libwmf -- Denial of Service and possible remote code execution</topic>
    <affects>
      <package>
        <name>libwmf</name>
        <range><lt>0.2.8.4_3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
        <p>SecurityFocus reports:</p>
        <blockquote
          cite="http://www.securityfocus.com/bid/34792/discuss">
          <p>The 'libwmf' library is prone to a buffer-overflow
          vulnerability because the vector graphics linked library
          improperly allocates memory when parsing WMF image files.</p>
          <p>Successfully exploiting this issue would allow an attacker
          to corrupt memory and execute arbitrary code in the context of
          the currently logged-in user.</p>
        </blockquote>
      </body>
    </description>
    <references>
      <cvename></cvename>
      <bid>34792</bid>
      <url>http://secunia.com/advisories/34901/</url>
    </references>
    <dates>
      <discovery>2009-05-05</discovery>
      <entry>TODAY</entry>
    </dates>
  </vuln>
--- vuln-1.xml ends here ---
How-To-Repeat: 
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1364
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3376
Comment 1 Edwin Groothuis freebsd_committer 2009-05-05 22:10:20 UTC
Responsible Changed
From-To: freebsd-ports-bugs->miwi

miwi@ wants his PRs (via the GNATS Auto Assign Tool)
Comment 2 dfilter service freebsd_committer 2009-05-16 20:59:58 UTC
miwi        2009-05-16 19:59:44 UTC

  FreeBSD ports repository

  Modified files:
    security/vuxml       vuln.xml 
  Log:
  - Document libwmf -- Integer Overflow Vulnerability
  
  PR:             based on 134246
  
  Revision  Changes    Path
  1.1940    +35 -1     ports/security/vuxml/vuln.xml
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 3 dfilter service freebsd_committer 2009-05-16 21:09:09 UTC
miwi        2009-05-16 20:09:00 UTC

  FreeBSD ports repository

  Modified files:
    security/vuxml       vuln.xml 
  Log:
  - Document libwmf -- embedded GD library Use-After-Free vulnerability
  
  PR:             based on 134246
  
  Revision  Changes    Path
  1.1941    +36 -1     ports/security/vuxml/vuln.xml
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 4 dfilter service freebsd_committer 2009-05-16 23:33:32 UTC
miwi        2009-05-16 22:33:17 UTC

  FreeBSD ports repository

  Modified files:
    graphics/libwmf      Makefile 
  Added files:
    graphics/libwmf/files patch-cve-2006-3376 patch-cve-2009-1364 
  Log:
  - Fix two remote code execution
  
  PR:             134246
  Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru>
  Security:       http://www.vuxml.org/freebsd/6a245f31-4254-11de-b67a-0030843d3802.html
                  http://www.vuxml.org/freebsd/48aab1d0-4252-11de-b67a-0030843d3802.html
  
  Revision  Changes    Path
  1.44      +1 -1      ports/graphics/libwmf/Makefile
  1.1       +27 -0     ports/graphics/libwmf/files/patch-cve-2006-3376 (new)
  1.1       +10 -0     ports/graphics/libwmf/files/patch-cve-2009-1364 (new)
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 5 Martin Wilke freebsd_committer 2009-05-16 23:34:05 UTC
State Changed
From-To: open->closed

both documented and patches added, thanks for your good job.