Bug 1190616 – VUL-0: CVE-2020-21532: transfig: global buffer overflow in the setfigfont function in genepic.c.

Bug 1190616 - (CVE-2020-21532) VUL-0: CVE-2020-21532: transfig: global buffer overflow in the setfigfont function in genepic.c.

(CVE-2020-21532)
Summary:	VUL-0: CVE-2020-21532: transfig: global buffer overflow in the setfigfont fun...

Status:	NEW

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Major
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/310323/
Whiteboard:	CVSSv3.1:SUSE:CVE-2020-21532:7.8:(AV:...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2021-09-17 14:17 UTC by Gianluca Gabrielli
Modified:	2021-11-18 14:20 UTC (History)
CC List:	5 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Flags:	werner: needinfo? (gianluca.gabrielli)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Gianluca Gabrielli 2021-09-17 14:17:04 UTC

fig2dev 3.2.7b contains a global buffer overflow in the setfigfont function in
genepic.c.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-21532
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-21532
https://sourceforge.net/p/mcj/tickets/64/

Comment 1 Gianluca Gabrielli 2021-09-17 14:17:29 UTC

Affected packages:
 - SUSE:SLE-11:Update/transfig             3.2.5
 - openSUSE:Backports:SLE-15-SP2/transfig  3.2.6a
 - openSUSE:Backports:SLE-15-SP3/transfig  3.2.6a

Upstream patch [0].

[0] https://sourceforge.net/p/mcj/fig2dev/ci/421afa17d8cb8dafcaf3e6044a70790fa4fe307b/

Comment 2 Dr. Werner Fink 2021-09-20 06:11:27 UTC

gets fixed with transfig-3.2.8a

Comment 3 Dr. Werner Fink 2021-09-20 06:48:00 UTC

(In reply to Gianluca Gabrielli from comment #1)
> Affected packages:
>  - SUSE:SLE-11:Update/transfig             3.2.5
>  - openSUSE:Backports:SLE-15-SP2/transfig  3.2.6a
>  - openSUSE:Backports:SLE-15-SP3/transfig  3.2.6a

Why does  openSUSE:Backports:SLE-15-SP2/transfig and openSUSE:Backports:SLE-15-SP3/transfig have different versions than SUSE:SLE-15:Update/transfig

Comment 4 Gianluca Gabrielli 2021-09-20 06:54:04 UTC

(In reply to Dr. Werner Fink from comment #3)
> (In reply to Gianluca Gabrielli from comment #1)
> > Affected packages:
> >  - SUSE:SLE-11:Update/transfig             3.2.5
> >  - openSUSE:Backports:SLE-15-SP2/transfig  3.2.6a
> >  - openSUSE:Backports:SLE-15-SP3/transfig  3.2.6a
> 
> Why does  openSUSE:Backports:SLE-15-SP2/transfig and
> openSUSE:Backports:SLE-15-SP3/transfig have different versions than
> SUSE:SLE-15:Update/transfig

same question in bsc#1190607#c5 [0].

[0] https://bugzilla.suse.com/show_bug.cgi?id=1190607#c5

Comment 5 Dr. Werner Fink 2021-09-20 07:10:32 UTC

(In reply to Gianluca Gabrielli from comment #4)
> (In reply to Dr. Werner Fink from comment #3)
> > (In reply to Gianluca Gabrielli from comment #1)
> > > Affected packages:
> > >  - SUSE:SLE-11:Update/transfig             3.2.5
> > >  - openSUSE:Backports:SLE-15-SP2/transfig  3.2.6a
> > >  - openSUSE:Backports:SLE-15-SP3/transfig  3.2.6a
> > 
> > Why does  openSUSE:Backports:SLE-15-SP2/transfig and
> > openSUSE:Backports:SLE-15-SP3/transfig have different versions than
> > SUSE:SLE-15:Update/transfig
> 
> same question in bsc#1190607#c5 [0].
> 
> [0] https://bugzilla.suse.com/show_bug.cgi?id=1190607#c5

Marcus please can we have an answer?  How can I update those openSUSE:Backports trees for SLE on OBS

Comment 6 Marcus Meissner 2021-09-20 07:31:21 UTC

The reason is that transfig was shipped only in the Workstation Extension, so it was ALSO added to Packagehub (openSUSE:Backports:SLE-15*:Update)


They are community maintained, incorrectly linked by the packagehub team and were not updated in sync.

I will try to link openSUSE:Backports:SLE-15-SP2:Update to Leap 15.2, which gets it from SUSE:SLE-15:Update.

for openSUSE:Backports:SLE-15-SP3:Update, you can submit it there yourself if you want, i can also manually sync it over.

Comment 7 Dr. Werner Fink 2021-10-07 08:33:43 UTC

Now QA seems to be done (see below) can we now check if this bug is still valid? 

/suse/werner> osc ls openSUSE:Backports:SLE-15-SP3:Update transfig
_link
# -> openSUSE:Backports:SLE-15-SP3:Update transfig.16970 (latest)
6827c09d.patch
fig2dev-3.2.6-fig2mpdf-doc.patch
fig2dev-3.2.6-fig2mpdf.patch
fig2dev-3.2.6a-RGBFILE.patch
fig2dev-3.2.8a.tar.xz
transfig-3.2.8.dif
transfig-fix-afl.patch
transfig.changes
transfig.spec
/suse/werner> osc ls openSUSE:Backports:SLE-15-SP2:Update transfig
_link
# -> openSUSE:Backports:SLE-15-SP2:Update transfig.16971 (latest)
6827c09d.patch
fig2dev-3.2.6-fig2mpdf-doc.patch
fig2dev-3.2.6-fig2mpdf.patch
fig2dev-3.2.6a-RGBFILE.patch
fig2dev-3.2.8a.tar.xz
transfig-3.2.8.dif
transfig-fix-afl.patch
transfig.changes
transfig.spec
/suse/werner> isc ls SUSE:SLE-11:Update transfig
_link
# -> SUSE:SLE-11:Update transfig.20308 (latest)
6827c09d.patch
fig2dev-3.2.6-fig2mpdf-doc.patch
fig2dev-3.2.6-fig2mpdf.patch
fig2dev-3.2.6a-RGBFILE.patch
fig2dev-3.2.8a.tar.xz
transfig-3.2.8.dif
transfig-fix-afl.patch
transfig.changes
transfig.spec

Comment 8 OBSbugzilla Bot 2021-10-26 14:40:28 UTC

This is an autogenerated message for OBS integration:
This bug (1190616) was mentioned in
https://build.opensuse.org/request/show/927524 Factory / transfig

Comment 11 Swamp Workflow Management 2021-10-29 19:23:26 UTC

SUSE-SU-2021:3584-1: An update that fixes 12 vulnerabilities is now available.

Category: security (important)
Bug References: 1189325,1189343,1189345,1189346,1190607,1190611,1190612,1190615,1190616,1190617,1190618,1192019
CVE References: CVE-2020-21529,CVE-2020-21530,CVE-2020-21531,CVE-2020-21532,CVE-2020-21533,CVE-2020-21534,CVE-2020-21535,CVE-2020-21680,CVE-2020-21681,CVE-2020-21682,CVE-2020-21683,CVE-2021-32280
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP3 (src):    transfig-3.2.8b-4.15.1
SUSE Linux Enterprise Workstation Extension 15-SP2 (src):    transfig-3.2.8b-4.15.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 12 Swamp Workflow Management 2021-10-29 19:25:38 UTC

openSUSE-SU-2021:3584-1: An update that fixes 12 vulnerabilities is now available.

Category: security (important)
Bug References: 1189325,1189343,1189345,1189346,1190607,1190611,1190612,1190615,1190616,1190617,1190618,1192019
CVE References: CVE-2020-21529,CVE-2020-21530,CVE-2020-21531,CVE-2020-21532,CVE-2020-21533,CVE-2020-21534,CVE-2020-21535,CVE-2020-21680,CVE-2020-21681,CVE-2020-21682,CVE-2020-21683,CVE-2021-32280
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    transfig-3.2.8b-4.15.1

Comment 13 Swamp Workflow Management 2021-10-29 19:32:34 UTC

SUSE-SU-2021:3585-1: An update that fixes 8 vulnerabilities is now available.

Category: security (important)
Bug References: 1190607,1190611,1190612,1190615,1190616,1190617,1190618,1192019
CVE References: CVE-2020-21529,CVE-2020-21530,CVE-2020-21531,CVE-2020-21532,CVE-2020-21533,CVE-2020-21534,CVE-2020-21535,CVE-2021-32280
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    transfig-3.2.8b-2.20.1
SUSE OpenStack Cloud Crowbar 8 (src):    transfig-3.2.8b-2.20.1
SUSE OpenStack Cloud 9 (src):    transfig-3.2.8b-2.20.1
SUSE OpenStack Cloud 8 (src):    transfig-3.2.8b-2.20.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    transfig-3.2.8b-2.20.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    transfig-3.2.8b-2.20.1
SUSE Linux Enterprise Server 12-SP5 (src):    transfig-3.2.8b-2.20.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    transfig-3.2.8b-2.20.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    transfig-3.2.8b-2.20.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    transfig-3.2.8b-2.20.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    transfig-3.2.8b-2.20.1
HPE Helion Openstack 8 (src):    transfig-3.2.8b-2.20.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 14 Swamp Workflow Management 2021-11-02 14:21:20 UTC

SUSE-SU-2021:14836-1: An update that fixes 8 vulnerabilities is now available.

Category: security (important)
Bug References: 1190607,1190611,1190612,1190615,1190616,1190617,1190618,1192019
CVE References: CVE-2020-21529,CVE-2020-21530,CVE-2020-21531,CVE-2020-21532,CVE-2020-21533,CVE-2020-21534,CVE-2020-21535,CVE-2021-32280
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 11-SP4-LTSS (src):    transfig-3.2.8b-160.16.2
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    transfig-3.2.8b-160.16.2
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    transfig-3.2.8b-160.16.2
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    transfig-3.2.8b-160.16.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 15 Swamp Workflow Management 2021-11-02 17:22:28 UTC

openSUSE-SU-2021:1439-1: An update that fixes 12 vulnerabilities is now available.

Category: security (important)
Bug References: 1189325,1189343,1189345,1189346,1190607,1190611,1190612,1190615,1190616,1190617,1190618,1192019
CVE References: CVE-2020-21529,CVE-2020-21530,CVE-2020-21531,CVE-2020-21532,CVE-2020-21533,CVE-2020-21534,CVE-2020-21535,CVE-2020-21680,CVE-2020-21681,CVE-2020-21682,CVE-2020-21683,CVE-2021-32280
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    transfig-3.2.8b-lp152.6.9.1

Comment 16 Swamp Workflow Management 2021-11-07 23:17:07 UTC

openSUSE-SU-2021:1458-1: An update that fixes 12 vulnerabilities is now available.

Category: security (important)
Bug References: 1189325,1189343,1189345,1189346,1190607,1190611,1190612,1190615,1190616,1190617,1190618,1192019
CVE References: CVE-2020-21529,CVE-2020-21530,CVE-2020-21531,CVE-2020-21532,CVE-2020-21533,CVE-2020-21534,CVE-2020-21535,CVE-2020-21680,CVE-2020-21681,CVE-2020-21682,CVE-2020-21683,CVE-2021-32280
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP2 (src):    transfig-3.2.8b-bp152.3.6.2

Comment 17 Swamp Workflow Management 2021-11-18 14:20:30 UTC

openSUSE-SU-2021:1481-1: An update that fixes 12 vulnerabilities is now available.

Category: security (important)
Bug References: 1189325,1189343,1189345,1189346,1190607,1190611,1190612,1190615,1190616,1190617,1190618,1192019
CVE References: CVE-2020-21529,CVE-2020-21530,CVE-2020-21531,CVE-2020-21532,CVE-2020-21533,CVE-2020-21534,CVE-2020-21535,CVE-2020-21680,CVE-2020-21681,CVE-2020-21682,CVE-2020-21683,CVE-2021-32280
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP3 (src):    transfig-3.2.8b-bp153.3.6.3