Bug 303021 - CVE-2007-4033 Buffer overflow in t1lib triggerable by long filename string
Summary: CVE-2007-4033 Buffer overflow in t1lib triggerable by long filename string
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: t1lib   
(Show other bugs)
Version: 7
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: José Matos
QA Contact: Fedora Extras Quality Assurance
URL: http://www.bugtraq.ir/adv/t1lib.txt
Whiteboard: impact=none?
Keywords: EasyFix, Patch, Security
Depends On:
Blocks: CVE-2007-4033
TreeView+ depends on / blocked
 
Reported: 2007-09-24 13:47 UTC by Lubomir Kundrak
Modified: 2007-11-30 22:12 UTC (History)
1 user (show)

Fixed In Version: t1lib-5.1.1-3.fc8
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-09-27 16:18:33 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Lubomir Kundrak 2007-09-24 13:47:37 UTC
Description of problem:

Please see [1] and [2] for more information, [3] contains the patch.
[1] http://www.bugtraq.ir/adv/t1lib.txt
[2] http://secunia.com/advisories/26241/
[3] http://bugs.gentoo.org/show_bug.cgi?id=193437

Additional info:

This is most likely not exploitable on Fedora, due to FORTIFY_SOURCE protection,
as the overflow is strcat() call which is protected.

According to the Gentoo bug, the CVE identifier for this was requested.

Comment 1 Tomas Hoger 2007-09-27 12:15:15 UTC
CVE name is CVE-2007-4033, which was originally described as php_gd2
vulnerability.  Description on CVE site is already updated.

Comment 2 José Matos 2007-09-27 15:01:49 UTC
I read it here as well
http://lwn.net/Articles/250737/

I am applying the fix and rebuilding for FC-6, F-7 and F-8.

Comment 3 José Matos 2007-09-27 16:18:33 UTC
Build finished for F-7 and F-8. I will issue the build for FC-6 later (due to 
problems with plague and the local firewall).


Comment 4 Fedora Update System 2007-09-28 21:21:44 UTC
t1lib-5.1.1-3.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.