Bug 659359 (CVE-2010-4259)
| Summary: | CVE-2010-4259 FontForge: Stack-based buffer overflow by processing specially-crafted CHARSET_REGISTRY font file header | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> | ||||||
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||||
| Status: | CLOSED WONTFIX | QA Contact: | |||||||
| Severity: | low | Docs Contact: | |||||||
| Priority: | low | ||||||||
| Version: | unspecified | CC: | bressers, eng-i18n-bugs, fonts-bugs, kevin, louis.simard, pnemade | ||||||
| Target Milestone: | --- | Keywords: | Security | ||||||
| Target Release: | --- | ||||||||
| Hardware: | All | ||||||||
| OS: | Linux | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2015-08-22 15:46:49 UTC | Type: | --- | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Bug Depends On: | 659365 | ||||||||
| Bug Blocks: | |||||||||
| Attachments: |
|
||||||||
|
Description
Jan Lieskovsky
2010-12-02 16:11:48 UTC
This issue affects the version of the fontforge package, as shipped with Red Hat Enterprise Linux 6. -- This issue affects the versions of the fontforge package, as shipped with Fedora release of 13 and 14. This issue affects the versions of the fontforge package, as present within EPEL-4 and EPEL-5 repositories. Please schedule the updates. Created attachment 464292 [details]
Local copy of public PoC provided by Ulrik Persson
Statement: This issue affects the version of the fontforge package as shipped with Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. Created fontforge tracking bugs for this issue Affects: fedora-all [bug 659365] I'll note that the upstream devel list hasn't been notified about this and there is no patch or fix that I can see yet. Will investigate. The CVE identifier of CVE-2010-4259 has been assigned to this issue. Created attachment 464658 [details] fix for CVE-2010-4259 crash Attached is a unified format patch which should copy strings correctly within their allocated buffers, for many fields in the BDF file format, including CHARSET_REGISTRY. I have tested FontForge before and after the patch; it does not crash predictably anymore. Thanks very much for the patch! Updates should roll out soon. https://admin.fedoraproject.org/updates/fontforge-20100501-5.fc14 (and similar f13 update) fixed this long ago. Can we just close this now? This issue has been addressed in the following versions: 1) fontforge-20100501-5.fc14 for Fedora-14, 2) fontforge-20090923-4.fc13 for Fedora-13, 3) fontforge-20061025-3.el5 for EPEL-5 and 4) fontforge-20061025-3.el4 for EPEL-4. Kevin, to your question, (In reply to comment #9) > https://admin.fedoraproject.org/updates/fontforge-20100501-5.fc14 > (and similar f13 update) fixed this long ago. > > Can we just close this now? No, this issue still affects fontforge package, as shipped with Red Hat Enterprise Linux 6. This bug will be closed only at the moment, it has been addressed there too. Though you are not responsible for this bug. It will be closed by Red Hat Security Response Team once the issue has been solved in all affected packages. You are / have been responsible only for BZ#659365 which is solved now. Hope this helps. Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team |