Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 15 May 2016 09:05:03 +0200
From: Gustavo Grieco <gustavo.grieco@...il.com>
To: Brian May <brian@...uxpenguins.xyz>
Cc: oss-security@...ts.openwall.com, cve-assign@...re.org
Subject: Re: Re: CVE requests: DoS in librsvg parsing SVGs with
 circular definitions

2016-05-11 0:36 GMT+02:00 Brian May <brian@...uxpenguins.xyz>:
> Just did a git bisect against the source. Assuming I got this right, the
> following commits fixed the issue.

Thanks for taking the time to do the git bisect!

>
>>> They affect the following functions:
>>
>>> * rsvg_cairo_pop_discrete_layer - rsvg_cairo_pop_render_stack -
>>> rsvg_cairo_generate_mask: reproducible using circular-1.svg
>>
>> Use CVE-2016-4347.
>
> Fixed in:
>
> commit a51919f7e1ca9c535390a746fbf6e28c8402dc61
> Author: Benjamin Otte <otte@...hat.com>
> Date:   Wed Oct 7 08:45:37 2015 +0200
>
>     rsvg: Add rsvg_acquire_node()
>
>     This function does proper recursion checks when looking up resources
>     from URLs and thereby helps avoiding infinite loops when cyclic
>     references span multiple types of elements.


I think CVE-2016-4347 and CVE-2015-7558 (stack exhaustion due to
cyclic dependency, reported here:
http://www.openwall.com/lists/oss-security/2015/12/21/5) are in fact,
the same issue. This is probably my fault (sorry!).

MITRE: We should reject the the newly assigned one?

Regards,
Gustavo.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ