Debian Bug report logs -
#890548
leptonlib: CVE-2018-7186: Stack buffer overflows
Reported by: Ben Hutchings <ben@decadent.org.uk>
Date: Thu, 15 Feb 2018 20:39:02 UTC
Severity: serious
Tags: patch, security, upstream
Found in version leptonlib/1.74.4-2
Fixed in version leptonlib/1.75.3-2
Done: Jeff Breidenbach <jab@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Jeff Breidenbach <jab@debian.org>:
Bug#890548; Package src:leptonlib.
(Thu, 15 Feb 2018 20:39:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Ben Hutchings <ben@decadent.org.uk>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Jeff Breidenbach <jab@debian.org>.
(Thu, 15 Feb 2018 20:39:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: leptonlib
Version: 1.74.4-2
Severity: serious
Tags: security upstream
gplotRead() and ptaReadStream() read strings into stack buffers using
fscanf() without a length limit.
Ben.
-- System Information:
Debian Release: buster/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.14.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Information forwarded
to debian-bugs-dist@lists.debian.org, Jeff Breidenbach <jab@debian.org>:
Bug#890548; Package src:leptonlib.
(Thu, 15 Feb 2018 21:36:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Jeff Breidenbach <jeff@jab.org>:
Extra info received and forwarded to list. Copy sent to Jeff Breidenbach <jab@debian.org>.
(Thu, 15 Feb 2018 21:36:03 GMT) (full text, mbox, link).
Message #10 received at 890548@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
This is just about strings, right? So something like this will fix the
problem
and resolve this bug? Or am I missing something?
char buf[L_BUF_SIZE];
- fscanf(fp, "Rootname: %s\n", buf);
+ fscanf(fp, "Rootname: %L_BUF_SIZE_MINUS_ONEs%\n", buf);
[Message part 2 (text/html, inline)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Jeff Breidenbach <jab@debian.org>:
Bug#890548; Package src:leptonlib.
(Fri, 16 Feb 2018 18:03:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to Jeff Breidenbach <jab@debian.org>.
(Fri, 16 Feb 2018 18:03:05 GMT) (full text, mbox, link).
Message #15 received at 890548@bugs.debian.org (full text, mbox, reply):
Control: retitle -1 leptonlib: CVE-2018-7186: Stack buffer overflows
Control: tags -1 + patch
Hi,
On Thu, Feb 15, 2018 at 01:34:04PM -0800, Jeff Breidenbach wrote:
> This is just about strings, right? So something like this will fix the
> problem
> and resolve this bug? Or am I missing something?
>
> char buf[L_BUF_SIZE];
> - fscanf(fp, "Rootname: %s\n", buf);
> + fscanf(fp, "Rootname: %L_BUF_SIZE_MINUS_ONEs%\n", buf);
Those seem to have been adressed upstream with commit
https://github.com/DanBloomberg/leptonica/commit/ee301cb2029db8a6289c5295daa42bba7715e99a
Regards,
Salvatore
Changed Bug title to 'leptonlib: CVE-2018-7186: Stack buffer overflows' from 'Stack buffer overflows'.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to 890548-submit@bugs.debian.org.
(Fri, 16 Feb 2018 18:03:05 GMT) (full text, mbox, link).
Added tag(s) patch.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to 890548-submit@bugs.debian.org.
(Fri, 16 Feb 2018 18:03:06 GMT) (full text, mbox, link).
Reply sent
to Jeff Breidenbach <jab@debian.org>:
You have taken responsibility.
(Sat, 17 Feb 2018 00:09:03 GMT) (full text, mbox, link).
Notification sent
to Ben Hutchings <ben@decadent.org.uk>:
Bug acknowledged by developer.
(Sat, 17 Feb 2018 00:09:03 GMT) (full text, mbox, link).
Message #24 received at 890548-close@bugs.debian.org (full text, mbox, reply):
Source: leptonlib
Source-Version: 1.75.3-2
We believe that the bug you reported is fixed in the latest version of
leptonlib, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 890548@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jeff Breidenbach <jab@debian.org> (supplier of updated leptonlib package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 16 Feb 2018 15:26:11 -0800
Source: leptonlib
Binary: libleptonica-dev liblept5 leptonica-progs
Architecture: source amd64
Version: 1.75.3-2
Distribution: unstable
Urgency: medium
Maintainer: Jeff Breidenbach <jab@debian.org>
Changed-By: Jeff Breidenbach <jab@debian.org>
Description:
leptonica-progs - sample programs for Leptonica image processing library
liblept5 - image processing library
libleptonica-dev - image processing library
Closes: 890548
Changes:
leptonlib (1.75.3-2) unstable; urgency=medium
.
* Fix fscanf buffer overflow (closes: #890548)
Checksums-Sha1:
fd5683455eead027b875f8d695b9ebda92d1d775 1953 leptonlib_1.75.3-2.dsc
e57babec0f89bdabc82e0445d28db351d1abcd6c 9652 leptonlib_1.75.3-2.debian.tar.xz
de95eafb1ce33f31f4aa1f244ffa35f3c6b5eab7 32908 leptonica-progs-dbgsym_1.75.3-2_amd64.deb
47ae72dadd341fa415a26c9ca4ac7cbb2c29a15a 17256 leptonica-progs_1.75.3-2_amd64.deb
e0e19fbc6023e75c780fb2395fecd72586e95f16 7378 leptonlib_1.75.3-2_amd64.buildinfo
3dda9a9420878ce5eb474920774fdc3d7f5098fc 2265884 liblept5-dbgsym_1.75.3-2_amd64.deb
f77da6a98358e665767ede1dae047964b5488715 937076 liblept5_1.75.3-2_amd64.deb
7ff27dab99646dec47dccf5392fdc9abb10c8827 1315132 libleptonica-dev_1.75.3-2_amd64.deb
Checksums-Sha256:
f77da6e33fd633160b127195155039d2b6c5de59e68dd50f1b82248e5e63adb7 1953 leptonlib_1.75.3-2.dsc
a212df5214c2c973de3cc548e21c3a8b419828baf35b6552174951cf406ad4f4 9652 leptonlib_1.75.3-2.debian.tar.xz
7205e48ff78de2a94f0a78693e73e1cbc2dc4eaaf3ca0be0d723760fffa59484 32908 leptonica-progs-dbgsym_1.75.3-2_amd64.deb
ed833619755a6cfb7b9cc62c0f4abe825483707270f83b55403d1ede79eb0f7a 17256 leptonica-progs_1.75.3-2_amd64.deb
0efd73557a621cbacb3f78073114902a80f9cab022033bd49af62bc90c449aef 7378 leptonlib_1.75.3-2_amd64.buildinfo
7ccdd044334d02d9b422af0ef06bfae2b191d01ced46053b05b8ab9f85dd62ff 2265884 liblept5-dbgsym_1.75.3-2_amd64.deb
4a95356116cc7aba3982921085b0cb7caac0f6bee8f40365f13210e73260c8bf 937076 liblept5_1.75.3-2_amd64.deb
9a5aab1812781dfe68ca2d6b8a35352a3ceaa26fbb1a638168b82c37f9ae5c00 1315132 libleptonica-dev_1.75.3-2_amd64.deb
Files:
242a6b0011d64858c431ee104f3896fc 1953 graphics optional leptonlib_1.75.3-2.dsc
1b85e954c32cfbbbe0e674a81a2d6126 9652 graphics optional leptonlib_1.75.3-2.debian.tar.xz
73cfc755ff99b12dc16e80a6d3964cdb 32908 debug optional leptonica-progs-dbgsym_1.75.3-2_amd64.deb
8f6e0bad3389f4d12a7929e522826693 17256 graphics optional leptonica-progs_1.75.3-2_amd64.deb
a447c1d4fd82b97eae72580f980f1f39 7378 graphics optional leptonlib_1.75.3-2_amd64.buildinfo
ca85f1f01a5964f31abb57b279b0435a 2265884 debug optional liblept5-dbgsym_1.75.3-2_amd64.deb
0a9923690ab088fa05e5664674f7f879 937076 libs optional liblept5_1.75.3-2_amd64.deb
6d1b4169f90db5a449daa38cd7d8a8bf 1315132 libdevel optional libleptonica-dev_1.75.3-2_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQJDBAEBCAAtFiEEfzii+Ck3m3QwNJ0yqHaugwpJrNMFAlqHbnYPHGphYkBkZWJp
YW4ub3JnAAoJEKh4roMKSazT6F8P/3QOadUjx6kYXzLgp2e1+LU6FOq4UNAWZER3
vDaIWFwcTjo0aVuHJP45KmFhSuFN1rrAWVIhCSJTQbArS3pWJMU6L6fUicT0VvoB
e5or0nN3biwB1VR8ktzDGN2mmOLoSofpRcua7trXkZbqAH9qBktV9D7Kcxrgqw+X
2VdfhF8DLskp4MsLnan7D9fHvgSr7LKToYLqHQSC1paCyF2jLtdfORrvdCELloI3
2v4td5vRZfdZgxC9cOdJFCJFPcDJDOddp2ptUoiWSmIKztrfucBme7ukIVEdfwPP
4SEztAc9AGDJbZot9A4LnSA07/5cICWpSCC6NH9PyWtT4PqgO5VnYEg337MEFJFD
QSwJlbz7AGzvR9jviIx7hPK6Pk9zo33qXocgWGIB3kTNXqCrI7Ue+5ohmLHq3Pq0
M1mhjv36LMWMtSN7QLtqV9mta0bEstWjQLBpg4AXJJO5w8XgxBL+fwM2KpRZypNS
C/S878qENcWnobgiKVHmtjEmpEMUk5TL6s9nKxPq8lBg0X9Y7/87W2V2Y2c4ditX
fGUt23V4GuVBGGRO/JMJh4EJFCeGg2i63kCs7vLbsUy1i+qoq6ADQCwj4exzlkAR
+P2Bj6Rhg2jPOisWWLQ3rzmTVzNbSd6hyYrPCfxBdX2b26AJegzYAAAmpvZJXYMM
Bt2j6oIn
=TfRR
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sat, 17 Mar 2018 07:27:49 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 14:57:57 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon