Bug 1190616 - (CVE-2020-21532) VUL-0: CVE-2020-21532: transfig: global buffer overflow in the setfigfont function in genepic.c.
(CVE-2020-21532)
VUL-0: CVE-2020-21532: transfig: global buffer overflow in the setfigfont fun...
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Major
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/310323/
CVSSv3.1:SUSE:CVE-2020-21532:7.8:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-09-17 14:17 UTC by Gianluca Gabrielli
Modified: 2021-11-18 14:20 UTC (History)
5 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---
werner: needinfo? (gianluca.gabrielli)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Gianluca Gabrielli 2021-09-17 14:17:04 UTC
fig2dev 3.2.7b contains a global buffer overflow in the setfigfont function in
genepic.c.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-21532
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-21532
https://sourceforge.net/p/mcj/tickets/64/
Comment 1 Gianluca Gabrielli 2021-09-17 14:17:29 UTC
Affected packages:
 - SUSE:SLE-11:Update/transfig             3.2.5
 - openSUSE:Backports:SLE-15-SP2/transfig  3.2.6a
 - openSUSE:Backports:SLE-15-SP3/transfig  3.2.6a

Upstream patch [0].

[0] https://sourceforge.net/p/mcj/fig2dev/ci/421afa17d8cb8dafcaf3e6044a70790fa4fe307b/
Comment 2 Dr. Werner Fink 2021-09-20 06:11:27 UTC
gets fixed with transfig-3.2.8a
Comment 3 Dr. Werner Fink 2021-09-20 06:48:00 UTC
(In reply to Gianluca Gabrielli from comment #1)
> Affected packages:
>  - SUSE:SLE-11:Update/transfig             3.2.5
>  - openSUSE:Backports:SLE-15-SP2/transfig  3.2.6a
>  - openSUSE:Backports:SLE-15-SP3/transfig  3.2.6a

Why does  openSUSE:Backports:SLE-15-SP2/transfig and openSUSE:Backports:SLE-15-SP3/transfig have different versions than SUSE:SLE-15:Update/transfig
Comment 4 Gianluca Gabrielli 2021-09-20 06:54:04 UTC
(In reply to Dr. Werner Fink from comment #3)
> (In reply to Gianluca Gabrielli from comment #1)
> > Affected packages:
> >  - SUSE:SLE-11:Update/transfig             3.2.5
> >  - openSUSE:Backports:SLE-15-SP2/transfig  3.2.6a
> >  - openSUSE:Backports:SLE-15-SP3/transfig  3.2.6a
> 
> Why does  openSUSE:Backports:SLE-15-SP2/transfig and
> openSUSE:Backports:SLE-15-SP3/transfig have different versions than
> SUSE:SLE-15:Update/transfig

same question in bsc#1190607#c5 [0].

[0] https://bugzilla.suse.com/show_bug.cgi?id=1190607#c5
Comment 5 Dr. Werner Fink 2021-09-20 07:10:32 UTC
(In reply to Gianluca Gabrielli from comment #4)
> (In reply to Dr. Werner Fink from comment #3)
> > (In reply to Gianluca Gabrielli from comment #1)
> > > Affected packages:
> > >  - SUSE:SLE-11:Update/transfig             3.2.5
> > >  - openSUSE:Backports:SLE-15-SP2/transfig  3.2.6a
> > >  - openSUSE:Backports:SLE-15-SP3/transfig  3.2.6a
> > 
> > Why does  openSUSE:Backports:SLE-15-SP2/transfig and
> > openSUSE:Backports:SLE-15-SP3/transfig have different versions than
> > SUSE:SLE-15:Update/transfig
> 
> same question in bsc#1190607#c5 [0].
> 
> [0] https://bugzilla.suse.com/show_bug.cgi?id=1190607#c5

Marcus please can we have an answer?  How can I update those openSUSE:Backports trees for SLE on OBS
Comment 6 Marcus Meissner 2021-09-20 07:31:21 UTC
The reason is that transfig was shipped only in the Workstation Extension, so it was ALSO added to Packagehub (openSUSE:Backports:SLE-15*:Update)


They are community maintained, incorrectly linked by the packagehub team and were not updated in sync.

I will try to link openSUSE:Backports:SLE-15-SP2:Update to Leap 15.2, which gets it from SUSE:SLE-15:Update.

for openSUSE:Backports:SLE-15-SP3:Update, you can submit it there yourself if you want, i can also manually sync it over.
Comment 7 Dr. Werner Fink 2021-10-07 08:33:43 UTC
Now QA seems to be done (see below) can we now check if this bug is still valid? 

/suse/werner> osc ls openSUSE:Backports:SLE-15-SP3:Update transfig
_link
# -> openSUSE:Backports:SLE-15-SP3:Update transfig.16970 (latest)
6827c09d.patch
fig2dev-3.2.6-fig2mpdf-doc.patch
fig2dev-3.2.6-fig2mpdf.patch
fig2dev-3.2.6a-RGBFILE.patch
fig2dev-3.2.8a.tar.xz
transfig-3.2.8.dif
transfig-fix-afl.patch
transfig.changes
transfig.spec
/suse/werner> osc ls openSUSE:Backports:SLE-15-SP2:Update transfig
_link
# -> openSUSE:Backports:SLE-15-SP2:Update transfig.16971 (latest)
6827c09d.patch
fig2dev-3.2.6-fig2mpdf-doc.patch
fig2dev-3.2.6-fig2mpdf.patch
fig2dev-3.2.6a-RGBFILE.patch
fig2dev-3.2.8a.tar.xz
transfig-3.2.8.dif
transfig-fix-afl.patch
transfig.changes
transfig.spec
/suse/werner> isc ls SUSE:SLE-11:Update transfig
_link
# -> SUSE:SLE-11:Update transfig.20308 (latest)
6827c09d.patch
fig2dev-3.2.6-fig2mpdf-doc.patch
fig2dev-3.2.6-fig2mpdf.patch
fig2dev-3.2.6a-RGBFILE.patch
fig2dev-3.2.8a.tar.xz
transfig-3.2.8.dif
transfig-fix-afl.patch
transfig.changes
transfig.spec
Comment 8 OBSbugzilla Bot 2021-10-26 14:40:28 UTC
This is an autogenerated message for OBS integration:
This bug (1190616) was mentioned in
https://build.opensuse.org/request/show/927524 Factory / transfig
Comment 11 Swamp Workflow Management 2021-10-29 19:23:26 UTC
SUSE-SU-2021:3584-1: An update that fixes 12 vulnerabilities is now available.

Category: security (important)
Bug References: 1189325,1189343,1189345,1189346,1190607,1190611,1190612,1190615,1190616,1190617,1190618,1192019
CVE References: CVE-2020-21529,CVE-2020-21530,CVE-2020-21531,CVE-2020-21532,CVE-2020-21533,CVE-2020-21534,CVE-2020-21535,CVE-2020-21680,CVE-2020-21681,CVE-2020-21682,CVE-2020-21683,CVE-2021-32280
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP3 (src):    transfig-3.2.8b-4.15.1
SUSE Linux Enterprise Workstation Extension 15-SP2 (src):    transfig-3.2.8b-4.15.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 12 Swamp Workflow Management 2021-10-29 19:25:38 UTC
openSUSE-SU-2021:3584-1: An update that fixes 12 vulnerabilities is now available.

Category: security (important)
Bug References: 1189325,1189343,1189345,1189346,1190607,1190611,1190612,1190615,1190616,1190617,1190618,1192019
CVE References: CVE-2020-21529,CVE-2020-21530,CVE-2020-21531,CVE-2020-21532,CVE-2020-21533,CVE-2020-21534,CVE-2020-21535,CVE-2020-21680,CVE-2020-21681,CVE-2020-21682,CVE-2020-21683,CVE-2021-32280
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    transfig-3.2.8b-4.15.1
Comment 13 Swamp Workflow Management 2021-10-29 19:32:34 UTC
SUSE-SU-2021:3585-1: An update that fixes 8 vulnerabilities is now available.

Category: security (important)
Bug References: 1190607,1190611,1190612,1190615,1190616,1190617,1190618,1192019
CVE References: CVE-2020-21529,CVE-2020-21530,CVE-2020-21531,CVE-2020-21532,CVE-2020-21533,CVE-2020-21534,CVE-2020-21535,CVE-2021-32280
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    transfig-3.2.8b-2.20.1
SUSE OpenStack Cloud Crowbar 8 (src):    transfig-3.2.8b-2.20.1
SUSE OpenStack Cloud 9 (src):    transfig-3.2.8b-2.20.1
SUSE OpenStack Cloud 8 (src):    transfig-3.2.8b-2.20.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    transfig-3.2.8b-2.20.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    transfig-3.2.8b-2.20.1
SUSE Linux Enterprise Server 12-SP5 (src):    transfig-3.2.8b-2.20.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    transfig-3.2.8b-2.20.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    transfig-3.2.8b-2.20.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    transfig-3.2.8b-2.20.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    transfig-3.2.8b-2.20.1
HPE Helion Openstack 8 (src):    transfig-3.2.8b-2.20.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 14 Swamp Workflow Management 2021-11-02 14:21:20 UTC
SUSE-SU-2021:14836-1: An update that fixes 8 vulnerabilities is now available.

Category: security (important)
Bug References: 1190607,1190611,1190612,1190615,1190616,1190617,1190618,1192019
CVE References: CVE-2020-21529,CVE-2020-21530,CVE-2020-21531,CVE-2020-21532,CVE-2020-21533,CVE-2020-21534,CVE-2020-21535,CVE-2021-32280
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 11-SP4-LTSS (src):    transfig-3.2.8b-160.16.2
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    transfig-3.2.8b-160.16.2
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    transfig-3.2.8b-160.16.2
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    transfig-3.2.8b-160.16.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 15 Swamp Workflow Management 2021-11-02 17:22:28 UTC
openSUSE-SU-2021:1439-1: An update that fixes 12 vulnerabilities is now available.

Category: security (important)
Bug References: 1189325,1189343,1189345,1189346,1190607,1190611,1190612,1190615,1190616,1190617,1190618,1192019
CVE References: CVE-2020-21529,CVE-2020-21530,CVE-2020-21531,CVE-2020-21532,CVE-2020-21533,CVE-2020-21534,CVE-2020-21535,CVE-2020-21680,CVE-2020-21681,CVE-2020-21682,CVE-2020-21683,CVE-2021-32280
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    transfig-3.2.8b-lp152.6.9.1
Comment 16 Swamp Workflow Management 2021-11-07 23:17:07 UTC
openSUSE-SU-2021:1458-1: An update that fixes 12 vulnerabilities is now available.

Category: security (important)
Bug References: 1189325,1189343,1189345,1189346,1190607,1190611,1190612,1190615,1190616,1190617,1190618,1192019
CVE References: CVE-2020-21529,CVE-2020-21530,CVE-2020-21531,CVE-2020-21532,CVE-2020-21533,CVE-2020-21534,CVE-2020-21535,CVE-2020-21680,CVE-2020-21681,CVE-2020-21682,CVE-2020-21683,CVE-2021-32280
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP2 (src):    transfig-3.2.8b-bp152.3.6.2
Comment 17 Swamp Workflow Management 2021-11-18 14:20:30 UTC
openSUSE-SU-2021:1481-1: An update that fixes 12 vulnerabilities is now available.

Category: security (important)
Bug References: 1189325,1189343,1189345,1189346,1190607,1190611,1190612,1190615,1190616,1190617,1190618,1192019
CVE References: CVE-2020-21529,CVE-2020-21530,CVE-2020-21531,CVE-2020-21532,CVE-2020-21533,CVE-2020-21534,CVE-2020-21535,CVE-2020-21680,CVE-2020-21681,CVE-2020-21682,CVE-2020-21683,CVE-2021-32280
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP3 (src):    transfig-3.2.8b-bp153.3.6.3