[Bug 1056858] New: CVE-2013-6954 mingw-libpng: libpng: unhandled zero-length PLTE chunk or NULL palette [fedora-19]
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1056858
Bug ID: 1056858
Summary: CVE-2013-6954 mingw-libpng: libpng: unhandled
zero-length PLTE chunk or NULL palette [fedora-19]
Product: Fedora
Version: 19
Component: mingw-libpng
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: rjones(a)redhat.com
Reporter: huzaifas(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, lfarkas(a)lfarkas.org,
rjones(a)redhat.com
Blocks: 1045561 (CVE-2013-6954)
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
fedora-19 tracking bug for mingw-libpng: see blocks bug list for full details
of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1045561
[Bug 1045561] CVE-2013-6954 libpng: unhandled zero-length PLTE chunk or
NULL palette
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=Un14vuFRae&a=cc_unsubscribe
9 years, 11 months
[Bug 1095664] New: Crash in g_type_free_instance for instance objects at an address > 4GB on win64
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1095664
Bug ID: 1095664
Summary: Crash in g_type_free_instance for instance objects at
an address > 4GB on win64
Product: Fedora
Version: 20
Component: mingw-glib2
Severity: medium
Assignee: rjones(a)redhat.com
Reporter: bernhard.loos(a)ruecker.de
QA Contact: extras-qa(a)fedoraproject.org
CC: erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
kalevlember(a)gmail.com, lfarkas(a)lfarkas.org,
marcandre.lureau(a)redhat.com, rjones(a)redhat.com,
t.sailer(a)alumni.ethz.ch
Description of problem:
For some reason, glib2 is compiled with valgrind support.
This leads to a special code sequence to check if valgrind is running.
Among other things, this code sequence also contains an xchg ebx, ebx
instruction.
In g_type_free_instance, the address of the memory to be freed is stored in
rbx, and the xchg ebx,ebx zeros out the upper 32bit of the address.
This has no effect for most programs, but for large programs which use more
then 4GB of memory, it will lead to suprise crashes.
IMPORTANT: The valgrind check only happens for types with private data.
Adding NVALGRIND=1 to the compiler defines disables valgrind support and fixes
the problem.
Version-Release number of selected component (if applicable):
mingw64-glib2-2.38.2-1.fc20
How reproducible:
always
Steps to Reproduce:
1. Use loads of memory
2. create a GTypeInstance (with private data or the bug won't trigger) at an
address > 4GB. Most GObject types should also work
3. free the instance with g_type_free_instance (or g_object_unref)
4. -> crash
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=KFtUOGV4mk&a=cc_unsubscribe
9 years, 11 months
[Bug 1077023] CVE-2014-2524 readline: insecure temporary file use in _rl_tropen()
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1077023
Tomas Hoger <thoger(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=low,public=20140314, |impact=low,public=20140314,
|reported=20140314,source=os |reported=20140314,source=os
|ssec,cvss2=2.1/AV:L/AC:L/Au |ssec,cvss2=2.1/AV:L/AC:L/Au
|:N/C:N/I:P/A:N,rhel-5/readl |:N/C:N/I:P/A:N,rhel-5/readl
|ine=notaffected,rhel-6/read |ine=notaffected,rhel-6/read
|line=affected,rhel-7/readli |line=wontfix,rhel-7/readlin
|ne=affected,fedora-all/read |e=affected,fedora-all/readl
|line=affected,fedora-all/co |ine=affected,rhel-5/compat-
|mpat-readline5=notaffected, |readline43=notaffected,rhel
|rhel-5/compat-readline43=no |-6/compat-readline5=notaffe
|taffected,rhel-6/compat-rea |cted,fedora-all/compat-read
|dline5=notaffected,rhel-6/m |line5=notaffected,rhel-6/mi
|ingw32-readline=notaffected |ngw32-readline=notaffected,
|,fedora-all/mingw-readline= |fedora-all/mingw-readline=a
|affected,epel-5/mingw32-rea |ffected,epel-5/mingw32-read
|dline=notaffected |line=notaffected
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=tKI3BLQ7qT&a=cc_unsubscribe
9 years, 11 months