Bug 332401 (CVE-2007-5200)
Summary: | CVE-2007-5200 hugin unsafe temporary file usage | ||||||
---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> | ||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | unspecified | CC: | bruno, jspaleta, lkundrak | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | 0.6.1-11.fc7 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2007-11-09 23:38:57 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | 295521, 362851, 362861, 362871 | ||||||
Bug Blocks: | |||||||
Attachments: |
|
Description
Tomas Hoger
2007-10-15 13:50:58 UTC
There isn't an upstream patch because nobody at opensuse bothered to contact upstream before creating a CVE. The fix however is a simple one-liner: sed -i 's/define DEBUG_WRITE_OPTIM_OUTPUT$/undef DEBUG_WRITE_OPTIM_OUTPUT/' \ src/Panorama/PTOptimise.cpp Though currently hugin isn't buildable for either f7 or f8 due to #295521 so this one is stucked. Yes, this is probably the easiest way to fix this. However, upstream may want to develop other fix, which does not sacrifice some functionality (I'm not trying to say fix above is wrong ;). According to comments in huginApp.cpp, there is some intention to fix temp file usage: // FIXME, make secure against some symlink attacks Created attachment 236541 [details] Patch to fix CVE-2007-5200 This is the upstream patch to fix this and another similar bug. Note that releasing a new hugin still depends on bug #295521 This is well over a month and still not resolved. Do you need any help other than oneliner fix in rebuilding wxGTK? The patch and updated hugin.spec files for FC-6, F-7, F-8 and devel are in CVS. I can't actually run `make tag` so I'm giving up on this one: [bruno@moo FC-6]$ cd ../F-7 [bruno@moo F-7]$ make tag cvs tag -c hugin-0_6_1-11_fc7 cvs tag: Tagging . T .cvsignore T Makefile T branch T hugin-0.6.1-CVE-2007-5200.patch T hugin.spec T sources Tagged with: hugin-0_6_1-11_fc7 [bruno@moo F-7]$ cd ../F-8/ [bruno@moo F-8]$ make tag error: Macro %dist has empty body error: Macro %dist has empty body error: Macro % has illegal name (%define) error: Macro % has illegal name (%define) error: Macro %dist has empty body error: Macro %dist has empty body error: Macro % has illegal name (%define) error: Macro % has illegal name (%define) error: Macro %dist has empty body error: Macro %dist has empty body error: Macro % has illegal name (%define) error: Macro % has illegal name (%define) error: Macro %dist has empty body error: Macro %dist has empty body error: Macro % has illegal name (%define) error: Macro % has illegal name (%define) error: Macro %dist has empty body error: Macro %dist has empty body error: Macro % has illegal name (%define) error: Macro % has illegal name (%define) error: Macro %dist has empty body error: Macro %dist has empty body error: Macro % has illegal name (%define) error: Macro % has illegal name (%define) error: Macro %dist has empty body error: Macro %dist has empty body error: Macro % has illegal name (%define) error: Macro % has illegal name (%define) error: Macro %dist has empty body error: Macro %dist has empty body error: Macro % has illegal name (%define) error: Macro % has illegal name (%define) cvs tag -c hugin-0_6_1-11_fc7 ERROR: The tag hugin-0_6_1-11_fc7 is already applied on a different branch ERROR: You can not forcibly move tags between branches hugin-0_6_1-5_fc6:devel:bpostle:1174424717 hugin-0_6_1-5_fc5:FC-5:bpostle:1174425164 hugin-0_6_1-6_fc7:devel:bpostle:1174425968 hugin-0_6_1-6_fc5:FC-5:bpostle:1174425980 hugin-0_6_1-6_fc6:FC-6:bpostle:1174425991 hugin-0_6_1-7_fc7:F-7:bpostle:1187035915 hugin-0_6_1-7_fc8:devel:bpostle:1187035930 hugin-0_6_1-8_fc8:devel:bpostle:1187730420 hugin-0_6_1-9_fc8:devel:bpostle:1187814430 hugin-0_6_1-10_fc8:devel:bpostle:1194300775 hugin-0_6_1-10_fc7:F-8:bpostle:1194300791 hugin-0_6_1-11_fc6:FC-6:bpostle:1194301109 hugin-0_6_1-11_fc7:F-7:bpostle:1194301120 cvs tag: Pre-tag check failed cvs [tag aborted]: correct the above errors first! make: *** [tag] Error 1 Bruno: No idea what your issue was (you had up-to date CVS checked out?), but seems like there were no changes to Makefiles. Anyways, thanks for the patch I was able to successfully tag and build all affected branches. hugin-0.6.1-11.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report. (In reply to comment #7) > Bruno: No idea what your issue was (you had up-to date CVS checked out?) I hadn't updated 'common', this has happened to me before... > I was able to successfully tag and build all affected branches. Thanks, there was no wxGTK release, is bug #295521 local to my system only? (In reply to comment #9) > > I was able to successfully tag and build all affected branches. > Thanks, there was no wxGTK release, is bug #295521 local to my system only? Huh, I even forgot about that :) Anyways, as you can see, the package built. That can mean that either some other build root change (gcc or whatever) solved that or it is really specific to your configuration. Which version do you run, are you completly up-to-date? I am/was up to date, the system is x86_64. I can switch between the two wxGTK packages and reproduce, though it looks like I need to try this in mock and update the bug report as necessary. hugin-0.6.1-11.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report. |