Bug 511994 (CVE-2009-2688)
Summary: | CVE-2009-2688 xemacs: multiple integer overflow flaws | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> | ||||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||||
Status: | CLOSED WONTFIX | QA Contact: | |||||||
Severity: | medium | Docs Contact: | |||||||
Priority: | medium | ||||||||
Version: | unspecified | CC: | bressers, loganjerry, petersen, rvokal | ||||||
Target Milestone: | --- | Keywords: | Security | ||||||
Target Release: | --- | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2011-07-28 17:51:10 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | 511997 | ||||||||
Bug Blocks: | |||||||||
Attachments: |
|
Description
Vincent Danen
2009-07-15 21:33:38 UTC
Created attachment 353914 [details]
Gentoo patch from upstream for xemacs 21.4.22
Created attachment 353915 [details]
Gentoo patch from upstream for xemacs 21.5.29
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-2688 to the following vulnerability: Name: CVE-2009-2688 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2688 Reference: MISC: http://tracker.xemacs.org/XEmacs/its/issue534 Reference: CONFIRM: https://bugs.gentoo.org/show_bug.cgi?id=275397 Reference: CONFIRM: https://bugzilla.redhat.com/show_bug.cgi?id=511994 Reference: BID:35473 Reference: URL: http://www.securityfocus.com/bid/35473 Reference: OSVDB:55298 Reference: URL: http://osvdb.org/55298 Reference: SECUNIA:35348 Reference: URL: http://secunia.com/advisories/35348 Reference: VUPEN:ADV-2009-1666 Reference: URL: http://www.vupen.com/english/advisories/2009/1666 Reference: XF:xemacs-jpeg-bo(51334) Reference: URL: http://xforce.iss.net/xforce/xfdb/51334 Reference: XF:xemacs-png-bo(51333) Reference: URL: http://xforce.iss.net/xforce/xfdb/51333 Reference: XF:xemacs-tiff-bo(51332) Reference: URL: http://xforce.iss.net/xforce/xfdb/51332 Multiple integer overflows in glyphs-eimage.c in XEmacs 21.4.22, when running on Windows, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) the tiff_instantiate function processing a crafted TIFF file, (2) the png_instantiate function processing a crafted PNG file, and (3) the jpeg_instantiate function processing a crafted JPEG file, all which trigger a heap-based buffer overflow. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. The Secunia advisory singles out Windows here, but I don't think this is Windows-specific. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ The Gentoo patch removed any identifying information, but I am the author. The patch needed some tweaking and a little polish upstream. We seem to have settled on a generally acceptable patch. I will apply it to Fedora CVS and kick off new builds today. With respect to comment 1, Gentoo seems to also have misreported upstream's attitude. I *am* upstream, so I can tell you that we do consider this a security bug. It's just that we also believe that any user who uses XEmacs in a security-sensitive setting is out of his/her mind. I have not seen a single workable exploit for this bug. On the other hand, since XEmacs (and Emacs) support automatic loading of unverified Elisp, creating a workable Elisp-based exploit is not at all difficult. xemacs-21.5.29-2.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/xemacs-21.5.29-2.fc11 xemacs-21.5.28-10.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report. xemacs-21.5.29-2.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report. |