https://bugzilla.redhat.com/show_bug.cgi?id=1301928
Bug ID: 1301928
Summary: libxml2: out-of-bounds read in htmlParseNameComplex()
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: mprpic(a)redhat.com
CC: athmanem(a)gmail.com, c.david86(a)gmail.com,
erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, lfarkas(a)lfarkas.org,
ohudlick(a)redhat.com, rjones(a)redhat.com,
veillard(a)redhat.com
An out-of-bounds read flaw was reported in libxml2's htmlParseNameComplex()
function:
http://seclists.org/oss-sec/2016/q1/199
A remote attacker could provide a specially crafted XML file that, when
processed by an application linked against libxml2, could cause the application
to disclose crash.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1175542
Bug ID: 1175542
Summary: Building NASM with mingw-gcc fails in a strange manner
Product: Fedora
Version: 20
Component: mingw32-gcc
Assignee: rjones(a)redhat.com
Reporter: hpa(a)zytor.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
kalevlember(a)gmail.com, rjones(a)redhat.com
Description of problem:
Building NASM 2.11.07 (or from git) with i686-w63-mingw32 fails with a bunch of
duplicate symbol errors.
Removing -std=c99 from the command line seems to make it work, but I have not
been able to reduce it to a smaller example.
Version-Release number of selected component (if applicable):
mingw32-gcc-4.8.3-1.fc20.x86_64
How reproducible:
100%
Steps to Reproduce:
1. Get NASM 2.11.07 source code.
2. ./autogen.sh
3. ./configure --host=i686-w64-mingw32
4. make
Actual results:
Build failure with a bunch of strange symbol errors.
Expected results:
Executables produced.
Additional info:
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=NINW6IoVUD&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1312782
Bug ID: 1312782
Summary: pcre: Heap buffer overflow in pcretest causing
infinite loop
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: amaris(a)redhat.com
CC: adam.stokes(a)gmail.com, andrew(a)beekhof.net,
csutherl(a)redhat.com, databases-maint(a)redhat.com,
dknox(a)redhat.com, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
fidencio(a)redhat.com, jclere(a)redhat.com,
jdornak(a)redhat.com, jdoyle(a)redhat.com,
jgrulich(a)redhat.com, jorton(a)redhat.com,
klember(a)redhat.com, lgao(a)redhat.com, lkundrak(a)v3.sk,
marcandre.lureau(a)redhat.com, mbabacek(a)redhat.com,
mclasen(a)redhat.com, mmaslano(a)redhat.com,
myarboro(a)redhat.com, pmyers(a)valanet.net,
ppisar(a)redhat.com, pslavice(a)redhat.com,
rcollet(a)redhat.com, rjones(a)redhat.com,
rmeggins(a)redhat.com, rsvoboda(a)redhat.com,
t.sailer(a)alumni.ethz.ch, twalsh(a)redhat.com,
walters(a)redhat.com, webstack-team(a)redhat.com,
weli(a)redhat.com
Heap-based buffer overread caused by specially crafted input triggering
infinite loop in pcretest.c was found affecting pcre 8.38. pcretest went into
loop if global matching was requested with an ovector size less than 2.
Upstream bug:
https://bugs.exim.org/show_bug.cgi?id=1777
Upstream patch:
http://vcs.pcre.org/pcre?view=revision&revision=1637
CVE request:
http://seclists.org/oss-sec/2016/q1/460
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1312794
Bug ID: 1312794
Summary: mingw-glib2: pcre: Heap buffer overflow in pcretest
causing infinite loop [epel-7]
Product: Fedora EPEL
Version: epel7
Component: mingw-glib2
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: erik-fedora(a)vanpienbroek.nl
Reporter: amaris(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
marcandre.lureau(a)redhat.com, rjones(a)redhat.com,
t.sailer(a)alumni.ethz.ch
Blocks: 1312782
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1312782
[Bug 1312782] pcre: Heap buffer overflow in pcretest causing infinite loop
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1312791
Bug ID: 1312791
Summary: mingw-glib2: pcre: Heap buffer overflow in pcretest
causing infinite loop [fedora-all]
Product: Fedora
Version: 23
Component: mingw-glib2
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: erik-fedora(a)vanpienbroek.nl
Reporter: amaris(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
fidencio(a)redhat.com, klember(a)redhat.com,
marcandre.lureau(a)redhat.com, rjones(a)redhat.com,
t.sailer(a)alumni.ethz.ch
Blocks: 1312782
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1312782
[Bug 1312782] pcre: Heap buffer overflow in pcretest causing infinite loop
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1086514
Bug ID: 1086514
Summary: CVE-2013-7353 Integer overflow leading to a heap-based
buffer overflow in png_set_unknown_chunks()
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: huzaifas(a)redhat.com
CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
jkoncick(a)redhat.com, jkurik(a)redhat.com,
ktietz(a)redhat.com, lfarkas(a)lfarkas.org,
pfrields(a)redhat.com, phracek(a)redhat.com,
rjones(a)redhat.com
An integer overflow leading to a heap-based buffer overflow was found in the
png_set_unknown_chunks() API function of libpng. A attacker could create a
specially-crafated image file and render it with an application written to
explicitly call png_set_unknown_chunks() function, could cause libpng to crash
or execute arbitrary code with the permissions of the user running such an
application.
The vendor mentions that internal calls use safe values. These issues could
potentially affect applications that use the libpng API. Apparently no such
applications were identified.
Reference:
http://sourceforge.net/p/libpng/bugs/199/http://seclists.org/oss-sec/2014/q2/83
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=70jisqeWxf&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1086516
Bug ID: 1086516
Summary: CVE-2013-7354 Integer overflow leading to a heap-based
buffer overflow in png_set_sPLT() and png_set_text_2()
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: huzaifas(a)redhat.com
CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
jkoncick(a)redhat.com, jkurik(a)redhat.com,
ktietz(a)redhat.com, lfarkas(a)lfarkas.org,
pfrields(a)redhat.com, phracek(a)redhat.com,
rjones(a)redhat.com
An integer overflow leading to a heap-based buffer overflow was found in the
png_set_sPLT() and png_set_text_2() API functions of libpng. A attacker could
create a specially-crafated image file and render it with an application
written to explicitly call png_set_sPLT() or png_set_text_2() function, could
cause libpng to crash or execute arbitrary code with the permissions of the
user running such an application.
The vendor mentions that internal calls use safe values. These issues could
potentially affect applications that use the libpng API. Apparently no such
applications were identified.
Reference:
http://sourceforge.net/p/libpng/bugs/199/http://seclists.org/oss-sec/2014/q2/83
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=lqm7CkaJep&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1262377
Bug ID: 1262377
Summary: freetype: Infinite loop in parse_encoding in t1load.c
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: low
Priority: low
Assignee: security-response-team(a)redhat.com
Reporter: amaris(a)redhat.com
CC: behdad(a)fedoraproject.org, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
fonts-bugs(a)lists.fedoraproject.org,
kevin(a)tigcc.ticalc.org, lfarkas(a)lfarkas.org,
mkasik(a)redhat.com, rjones(a)redhat.com
If the Postscript stream contains a broken number-with-base (e.g. "8#garbage")
the cursor doesn't advance and parse_encoding enters an infinite loop.
Upstream patch:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=df14e6c0…
CVE request:
http://seclists.org/oss-sec/2015/q3/537
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=Q45dqAndJZ&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1311882
Bug ID: 1311882
Summary: CVE-2014-9766 pixman: integer overflow in create_bits
function
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: anemec(a)redhat.com
CC: ajax(a)redhat.com, alonbl(a)redhat.com,
bmcclain(a)redhat.com, cfergeau(a)redhat.com,
dblechte(a)redhat.com, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
gklein(a)redhat.com, lsurette(a)redhat.com,
mgoldboi(a)redhat.com, michal.skrivanek(a)redhat.com,
ogabbay(a)redhat.com, rbalakri(a)redhat.com,
rh-spice-bugs(a)redhat.com, rjones(a)redhat.com,
sherold(a)redhat.com, ydary(a)redhat.com,
yeylon(a)redhat.com, ykaul(a)redhat.com
In create_bits() both height and stride are ints, so the result is
also an int, which will overflow if height or stride are big enough
and size_t is bigger than int.
External references:
https://web.archive.org/web/20141227044037/http://lists.freedesktop.org/arc…
CVE assignment:
http://seclists.org/oss-sec/2016/q1/425
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1281760
Bug ID: 1281760
Summary: CVE-2015-8126 mingw-libpng: libpng: Buffer overflow
vulnerabilities in png_get_PLTE/png_set_PLTE functions
[epel-7]
Product: Fedora EPEL
Version: epel7
Component: mingw-libpng
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: rjones(a)redhat.com
Reporter: amaris(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, lfarkas(a)lfarkas.org,
rjones(a)redhat.com
Blocks: 1281756 (CVE-2015-8126)
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
epel-7 tracking bug for mingw-libpng: see blocks bug list for full details of
the security issue(s).
This bug is never intended to be made public, please put any public notes
in the blocked bugs.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1281756
[Bug 1281756] CVE-2015-8126 libpng: Buffer overflow vulnerabilities in
png_get_PLTE/png_set_PLTE functions
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=3qNv1TFMnN&a=cc_unsubscribe