infamous41md discovered a heap overflow in libgsf. When a specially crafted OLE document is opened, it can overflow a buffer possibly leading to arbitrary code execution. This flaw should also affect RHEL3
Created attachment 142527 [details] Patch extracted from upstream CVS
Built as... RHEL-4: libgsf-1.10.1-2 RHEL-3: libgsf-1.6.0-5
RHEL-3: libgsf-1.6.0-6 to add extra BuildRequires so as to get the same output rpms through brew as through beehive
ah, screw it, still not sufficient for brewization, but... RHEL-3: libgsf-1.6.0-7 looks good... i.e. rpm -qRp libgsf-1.6.0-7.x86_64.rpm glib2 >= 2.0.0 libORBit-2.so.0()(64bit) libbonobo-2.so.0()(64bit) libbonobo-activation.so.4()(64bit) libc.so.6()(64bit) libc.so.6(GLIBC_2.2.5)(64bit) libdl.so.2()(64bit) libglib-2.0.so.0()(64bit) libgmodule-2.0.so.0()(64bit) libgnomevfs-2.so.0()(64bit) libgobject-2.0.so.0()(64bit) libgsf-1.so.1()(64bit) libgthread-2.0.so.0()(64bit) liblinc.so.1()(64bit) libm.so.6()(64bit) libpthread.so.0()(64bit) libpthread.so.0(GLIBC_2.2.5)(64bit) libxml2.so.2()(64bit) libz.so.1()(64bit) rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 as opposed to rpm -qRp libgsf-1.6.0-5.x86_64.rpm glib2 >= 2.0.0 libc.so.6()(64bit) libc.so.6(GLIBC_2.2.5)(64bit) libgsf-1.so.1()(64bit) rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1
TPS run result adds: TPS found some failures in tps-srpmtest.log of job 14637: re-ran by hand and seems OK (no failures) TPS jobs 14634 and 14635 are still in "NOT_STARTED": 14634: i386_3es: stable system for testing not available, will run it later but don't expect any problems 14635: ia64_3es: re-ran by hand and PASS
Hello, trying to test using "How to test" from RHSA-2006:0752, but RHEL3 contains librsvg2-2.2.3-6 which doesn't include rsvg-view: # rpm -q librsvg2 librsvg2-2.2.3-6.el3.1.ia64 # rpm -ql librsvg2 | grep bin /usr/bin/rsvg Is following command enought to test this bug?: $ rsvg email.svgz email.png $ eog email.png # to check output
yes, that should be sufficient to show that rsvg can still open such compressed stream storages through libgsf
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2007-0011.html