Bug 303021 - CVE-2007-4033 Buffer overflow in t1lib triggerable by long filename string
CVE-2007-4033 Buffer overflow in t1lib triggerable by long filename string
Product: Fedora
Classification: Fedora
Component: t1lib (Show other bugs)
All Linux
low Severity low
: ---
: ---
Assigned To: José Matos
Fedora Extras Quality Assurance
: EasyFix, Patch, Security
Depends On:
Blocks: CVE-2007-4033
  Show dependency treegraph
Reported: 2007-09-24 09:47 EDT by Lubomir Kundrak
Modified: 2007-11-30 17:12 EST (History)
1 user (show)

See Also:
Fixed In Version: t1lib-5.1.1-3.fc8
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-09-27 12:18:33 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Lubomir Kundrak 2007-09-24 09:47:37 EDT
Description of problem:

Please see [1] and [2] for more information, [3] contains the patch.
[1] http://www.bugtraq.ir/adv/t1lib.txt
[2] http://secunia.com/advisories/26241/
[3] http://bugs.gentoo.org/show_bug.cgi?id=193437

Additional info:

This is most likely not exploitable on Fedora, due to FORTIFY_SOURCE protection,
as the overflow is strcat() call which is protected.

According to the Gentoo bug, the CVE identifier for this was requested.
Comment 1 Tomas Hoger 2007-09-27 08:15:15 EDT
CVE name is CVE-2007-4033, which was originally described as php_gd2
vulnerability.  Description on CVE site is already updated.
Comment 2 José Matos 2007-09-27 11:01:49 EDT
I read it here as well

I am applying the fix and rebuilding for FC-6, F-7 and F-8.
Comment 3 José Matos 2007-09-27 12:18:33 EDT
Build finished for F-7 and F-8. I will issue the build for FC-6 later (due to 
problems with plague and the local firewall).
Comment 4 Fedora Update System 2007-09-28 17:21:44 EDT
t1lib-5.1.1-3.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.