|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2020-21530: transfig: segmentation fault in the read_objects function in read.c. | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Gianluca Gabrielli <gianluca.gabrielli> |
| Component: | Incidents | Assignee: | Security Team bot <security-team> |
| Status: | NEW --- | QA Contact: | Security Team bot <security-team> |
| Severity: | Normal | ||
| Priority: | P3 - Medium | CC: | gianluca.gabrielli, smash_bz, werner |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| URL: | https://smash.suse.de/issue/310325/ | ||
| Whiteboard: | CVSSv3.1:SUSE:CVE-2020-21530:5.5:(AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) | ||
| Found By: | Security Response Team | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Bug Depends on: | |||
| Bug Blocks: | 1190607 | ||
|
Description
Gianluca Gabrielli
2021-09-17 14:12:00 UTC
This bug can be fixed backporting 41b9bb [0] as for bsc#1190607. [0] https://sourceforge.net/p/mcj/fig2dev/ci/41b9bb838a3d544539f6e68aa4f87d70ef7d45ce/ Now QA seems to be done (see below) can we now check if this bug is still valid? /suse/werner> osc ls openSUSE:Backports:SLE-15-SP3:Update transfig _link # -> openSUSE:Backports:SLE-15-SP3:Update transfig.16970 (latest) 6827c09d.patch fig2dev-3.2.6-fig2mpdf-doc.patch fig2dev-3.2.6-fig2mpdf.patch fig2dev-3.2.6a-RGBFILE.patch fig2dev-3.2.8a.tar.xz transfig-3.2.8.dif transfig-fix-afl.patch transfig.changes transfig.spec /suse/werner> osc ls openSUSE:Backports:SLE-15-SP2:Update transfig _link # -> openSUSE:Backports:SLE-15-SP2:Update transfig.16971 (latest) 6827c09d.patch fig2dev-3.2.6-fig2mpdf-doc.patch fig2dev-3.2.6-fig2mpdf.patch fig2dev-3.2.6a-RGBFILE.patch fig2dev-3.2.8a.tar.xz transfig-3.2.8.dif transfig-fix-afl.patch transfig.changes transfig.spec /suse/werner> isc ls SUSE:SLE-11:Update transfig _link # -> SUSE:SLE-11:Update transfig.20308 (latest) 6827c09d.patch fig2dev-3.2.6-fig2mpdf-doc.patch fig2dev-3.2.6-fig2mpdf.patch fig2dev-3.2.6a-RGBFILE.patch fig2dev-3.2.8a.tar.xz transfig-3.2.8.dif transfig-fix-afl.patch transfig.changes transfig.spec I don't see this CVE/BZ ID mentioned in the changes file, was that an overlook? (In reply to Gianluca Gabrielli from comment #3) > I don't see this CVE/BZ ID mentioned in the changes file, was that an > overlook? ON SLE-11, SLE-12, and SLE-15 we are talking about 3.2.8a and IMHO with the submnissions this bug was fixed before it was done ... the only problem was that the submnissions had stucked within the QA channels meanwhile The fix has been shipped with the version bump to all three codestreams. We are only missing the mention of this CVE / BZ ID in related changes files. Can you please submit a request with the correct changes file? Thank you. This is an autogenerated message for OBS integration: This bug (1190615) was mentioned in https://build.opensuse.org/request/show/927524 Factory / transfig SUSE-SU-2021:3584-1: An update that fixes 12 vulnerabilities is now available. Category: security (important) Bug References: 1189325,1189343,1189345,1189346,1190607,1190611,1190612,1190615,1190616,1190617,1190618,1192019 CVE References: CVE-2020-21529,CVE-2020-21530,CVE-2020-21531,CVE-2020-21532,CVE-2020-21533,CVE-2020-21534,CVE-2020-21535,CVE-2020-21680,CVE-2020-21681,CVE-2020-21682,CVE-2020-21683,CVE-2021-32280 JIRA References: Sources used: SUSE Linux Enterprise Workstation Extension 15-SP3 (src): transfig-3.2.8b-4.15.1 SUSE Linux Enterprise Workstation Extension 15-SP2 (src): transfig-3.2.8b-4.15.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. openSUSE-SU-2021:3584-1: An update that fixes 12 vulnerabilities is now available. Category: security (important) Bug References: 1189325,1189343,1189345,1189346,1190607,1190611,1190612,1190615,1190616,1190617,1190618,1192019 CVE References: CVE-2020-21529,CVE-2020-21530,CVE-2020-21531,CVE-2020-21532,CVE-2020-21533,CVE-2020-21534,CVE-2020-21535,CVE-2020-21680,CVE-2020-21681,CVE-2020-21682,CVE-2020-21683,CVE-2021-32280 JIRA References: Sources used: openSUSE Leap 15.3 (src): transfig-3.2.8b-4.15.1 SUSE-SU-2021:3585-1: An update that fixes 8 vulnerabilities is now available. Category: security (important) Bug References: 1190607,1190611,1190612,1190615,1190616,1190617,1190618,1192019 CVE References: CVE-2020-21529,CVE-2020-21530,CVE-2020-21531,CVE-2020-21532,CVE-2020-21533,CVE-2020-21534,CVE-2020-21535,CVE-2021-32280 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 9 (src): transfig-3.2.8b-2.20.1 SUSE OpenStack Cloud Crowbar 8 (src): transfig-3.2.8b-2.20.1 SUSE OpenStack Cloud 9 (src): transfig-3.2.8b-2.20.1 SUSE OpenStack Cloud 8 (src): transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server for SAP 12-SP4 (src): transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server for SAP 12-SP3 (src): transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server 12-SP5 (src): transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server 12-SP4-LTSS (src): transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server 12-SP3-LTSS (src): transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server 12-SP3-BCL (src): transfig-3.2.8b-2.20.1 SUSE Linux Enterprise Server 12-SP2-BCL (src): transfig-3.2.8b-2.20.1 HPE Helion Openstack 8 (src): transfig-3.2.8b-2.20.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. SUSE-SU-2021:14836-1: An update that fixes 8 vulnerabilities is now available. Category: security (important) Bug References: 1190607,1190611,1190612,1190615,1190616,1190617,1190618,1192019 CVE References: CVE-2020-21529,CVE-2020-21530,CVE-2020-21531,CVE-2020-21532,CVE-2020-21533,CVE-2020-21534,CVE-2020-21535,CVE-2021-32280 JIRA References: Sources used: SUSE Linux Enterprise Server 11-SP4-LTSS (src): transfig-3.2.8b-160.16.2 SUSE Linux Enterprise Point of Sale 11-SP3 (src): transfig-3.2.8b-160.16.2 SUSE Linux Enterprise Debuginfo 11-SP4 (src): transfig-3.2.8b-160.16.2 SUSE Linux Enterprise Debuginfo 11-SP3 (src): transfig-3.2.8b-160.16.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. openSUSE-SU-2021:1439-1: An update that fixes 12 vulnerabilities is now available. Category: security (important) Bug References: 1189325,1189343,1189345,1189346,1190607,1190611,1190612,1190615,1190616,1190617,1190618,1192019 CVE References: CVE-2020-21529,CVE-2020-21530,CVE-2020-21531,CVE-2020-21532,CVE-2020-21533,CVE-2020-21534,CVE-2020-21535,CVE-2020-21680,CVE-2020-21681,CVE-2020-21682,CVE-2020-21683,CVE-2021-32280 JIRA References: Sources used: openSUSE Leap 15.2 (src): transfig-3.2.8b-lp152.6.9.1 openSUSE-SU-2021:1458-1: An update that fixes 12 vulnerabilities is now available. Category: security (important) Bug References: 1189325,1189343,1189345,1189346,1190607,1190611,1190612,1190615,1190616,1190617,1190618,1192019 CVE References: CVE-2020-21529,CVE-2020-21530,CVE-2020-21531,CVE-2020-21532,CVE-2020-21533,CVE-2020-21534,CVE-2020-21535,CVE-2020-21680,CVE-2020-21681,CVE-2020-21682,CVE-2020-21683,CVE-2021-32280 JIRA References: Sources used: openSUSE Backports SLE-15-SP2 (src): transfig-3.2.8b-bp152.3.6.2 openSUSE-SU-2021:1481-1: An update that fixes 12 vulnerabilities is now available. Category: security (important) Bug References: 1189325,1189343,1189345,1189346,1190607,1190611,1190612,1190615,1190616,1190617,1190618,1192019 CVE References: CVE-2020-21529,CVE-2020-21530,CVE-2020-21531,CVE-2020-21532,CVE-2020-21533,CVE-2020-21534,CVE-2020-21535,CVE-2020-21680,CVE-2020-21681,CVE-2020-21682,CVE-2020-21683,CVE-2021-32280 JIRA References: Sources used: openSUSE Backports SLE-15-SP3 (src): transfig-3.2.8b-bp153.3.6.3 |