Bug 971964 - (CVE-2016-3190) VUL-0: CVE-2016-3190: cairo: out of bounds read in fill_xrgb32_lerp_opaque_spans
(CVE-2016-3190)
VUL-0: CVE-2016-3190: cairo: out of bounds read in fill_xrgb32_lerp_opaque_spans
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Antonio Larrosa
Security Team bot
https://smash.suse.de/issue/163550/
CVSSv2:RedHat:CVE-2016-3190:4.3:(AV:N...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-03-21 14:50 UTC by Victor Pereira
Modified: 2016-07-19 12:36 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Victor Pereira 2016-03-21 14:50:25 UTC
rh#1318977

A vulnerability was found in cairo. A maliciously crafted file can cause out of bounds read in fill_xrgb32_lerp_opaque_spans function in cairo, thus crashing the software.

Upstream fix:

https://cgit.freedesktop.org/cairo/patch/src/cairo-image-compositor.c?id=5c82d91a5e15d29b1489dcb413b24ee7fdf59934

References:

http://seclists.org/oss-sec/2016/q1/675

External references:

https://mail.gnome.org/archives/gnome-announce-list/2015-March/msg00047.html

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1318977
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3190
http://seclists.org/oss-sec/2016/q1/676
Comment 1 Swamp Workflow Management 2016-03-21 23:00:44 UTC
bugbot adjusting priority
Comment 2 Scott Reeves 2016-03-25 20:03:23 UTC
Antonio - can you take this one...
Comment 3 Antonio Larrosa 2016-03-28 10:06:16 UTC
Sure!

I created a regular submit request to submit the fix to Devel:Desktop:SLE12:SP2/cairo in https://build.suse.de/request/show/106241 and I have the same fix prepared to be submitted in home:alarrosa:branches:SUSE:SLE-12:Update. Should I submit that to SUSE:SLE-12:Update too using the --nodevelproject option? or is the first sr enough?
Comment 4 Antonio Larrosa 2016-03-29 15:37:28 UTC
After talking with fcrozat, I also created a submit request for SUSE:SLE-12:Update. https://build.suse.de/request/show/106380
Comment 5 Scott Reeves 2016-03-31 21:18:39 UTC
For SLE12 just the submission to SP1:Update is needed - I declined the SP2 submission. Can you also check if SLE11, openSUSE 13.2 or factory are vulnerable and if so submit there also.
Comment 6 Antonio Larrosa 2016-04-03 19:20:06 UTC
SLE11 has a version that is too old and doesn't seem to be affected. openSUSE Leap 42.1  and Factory have a modern version that is already fixed. But openSUSE 13.2 is indeed affected, so I submitted a patch (https://build.opensuse.org/request/show/383601).
Comment 7 Swamp Workflow Management 2016-04-12 10:09:27 UTC
openSUSE-SU-2016:1007-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 971964
CVE References: CVE-2016-3190
Sources used:
openSUSE 13.2 (src):    cairo-1.14.0-7.11.1
Comment 8 Swamp Workflow Management 2016-04-19 13:08:10 UTC
SUSE-SU-2016:1100-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 971964
CVE References: CVE-2016-3190
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    cairo-1.12.16-13.1
SUSE Linux Enterprise Software Development Kit 12 (src):    cairo-1.12.16-13.1
SUSE Linux Enterprise Server 12-SP1 (src):    cairo-1.12.16-13.1
SUSE Linux Enterprise Server 12 (src):    cairo-1.12.16-13.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    cairo-1.12.16-13.1
SUSE Linux Enterprise Desktop 12 (src):    cairo-1.12.16-13.1
Comment 9 Antonio Larrosa 2016-07-19 12:36:03 UTC
The fix was already released