Bug 479864 (CVE-2008-5262)
| Summary: | CVE-2008-5262 DevIL: RGBE buffer overflow vulnerabilities | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | hdegoede |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://sourceforge.net/tracker/index.php?func=detail&aid=2496518&group_id=4470&atid=104470 | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2010-06-25 09:40:49 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 480269 | ||
| Bug Blocks: | |||
|
Description
Jan Lieskovsky
2009-01-13 17:14:10 UTC
This issue affects all versions of the DevIL package, as shipped with Fedora release of 9, 10 and devel. Please fix. I've prepped and build new DevIL packages fixing this for f9 - f11: DevIL-1.7.5-1.fc# IIRC there is some magic to be done with the bodhi entries, using multiple tracker bugs (one per release), or something like that. So I'll leave creating the actual bodhi entries to the security team, the updates are build and ready to go. DevIL-1.7.5-1.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/DevIL-1.7.5-1.fc10 DevIL-1.7.5-1.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/DevIL-1.7.5-1.fc9 (In reply to comment #2) > IIRC there is some magic to be done with the bodhi entries, using multiple > tracker bugs (one per release), or something like that. They are rather a bit of tracking help, rather than any strict requirement. It's more important to reference this bug in the update request. Submitted. It was reported that the upstream patch is off-by-one: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512122#5 (this does not seem to be corrected in the upstream CVS yet) (In reply to comment #6) > It was reported that the upstream patch is off-by-one: > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512122#5 > > (this does not seem to be corrected in the upstream CVS yet) Oh, a new update fixing this is on its way. DevIL-1.7.5-2.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/DevIL-1.7.5-2.fc10 DevIL-1.7.5-2.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/DevIL-1.7.5-2.fc9 DevIL-1.7.5-2.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report. DevIL-1.7.5-2.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report. |