[Secure-testing-team] Bug#863481: [node-concat-stream] Uninitialized Memory Exposure

[Bastien ROUCARIÈS]

Package: node-concat-stream
Version: 1.5.1-1
Severity: grave
Tags: patch security fixed-upstream fixed-in-experimental
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
forwarded: https://snyk.io/vuln/npm:concat-stream:20160901

Overview

concat-stream is writable stream that concatenates strings or binary data and 
calls a callback with the result. Affected versions of the package are 
vulnerable to Uninitialized Memory Exposure.

A possible memory disclosure vulnerability exists when a value of type number 
is provided to the stringConcat() method and results in concatination of 
uninitialized memory to the stream collection.

This is a result of unobstructed use of the Buffer constructor, whose insecure 
default constructor increases the odds of memory leakage.

signature.asc
Description: This is a digitally signed message part.
___
Secure-testing-team mailing list
Secure-testing-team@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team

[Secure-testing-team] Bug#856883: [src:imagemagick] Fixed fd leak for webp coder

[Bastien ROUCARIÈS]

Package: src:imagemagick
Version: 8:6.6.0.4-3
Severity: serious
Tags: security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
control: found -1 8:6.7.7.10-5
control: found -1 8:6.8.9.9-5

Does not affect debian due to webp not compiled by default. So not important

Fixed in 126c7c98ea788241922c30df4a5633ea692cf8df



signature.asc
Description: This is a digitally signed message part.
___
Secure-testing-team mailing list
Secure-testing-team@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team

[Secure-testing-team] Bug#856881: [src:imagemagick] Avoid null pointer dereference in xcf coder

[Bastien ROUCARIÈS]

Package: src:imagemagick
Version: 8:6.6.0.4-3
Severity: serious
Tags: security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
control: found -1 8:6.7.7.10-5
control: found -1 8:6.8.9.9-5

Fixed in d31fec57e9dfb0516deead2053a856e3c71e9751

From Андрей Черный

signature.asc
Description: This is a digitally signed message part.
___
Secure-testing-team mailing list
Secure-testing-team@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team

[Secure-testing-team] Bug#856882: [src:imagemagick] Added missing null check in psd coder

[Bastien ROUCARIÈS]

Package: src:imagemagick
Version: 8:6.6.0.4-3
Severity: serious
Tags: security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
control: found -1 8:6.7.7.10-5
control: found -1 8:6.8.9.9-5

Fixed in 7f2dc7a1afc067d0c89f12c82bcdec0445fb1b94



signature.asc
Description: This is a digitally signed message part.
___
Secure-testing-team mailing list
Secure-testing-team@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team

[Secure-testing-team] Bug#856880: [src:imagemagick] Fixed memory leak when creating nested exceptions in Magick++

[Bastien ROUCARIÈS]

Package: src:imagemagick
Version: 8:6.6.0.4-3
Severity: serious
Tags: security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
control: found -1 8:6.7.7.10-5
control: found -1 8:6.8.9.9-5
forwarded: 
https://www.imagemagick.org/discourse-server/viewtopic.php?f=23=142634

Fixed in 3358f060fc182551822576b2c0a8850faab5d543

signature.asc
Description: This is a digitally signed message part.
___
Secure-testing-team mailing list
Secure-testing-team@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team

[Secure-testing-team] Bug#856878: [src:imagemagick] Assertion failure in TGA coder

[Bastien ROUCARIÈS]

Package: src:imagemagick
Version: 8:6.6.0.4-3
Severity: serious
Tags: security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
control: found -1 8:6.7.7.10-5
control: found -1 8:6.8.9.9-5
forwarded: https://github.com/ImageMagick/ImageMagick/pull/359.

Fixed in 65f75a32a93ae4044c528a987a68366ecd4b46b9. Low impact (DOS only)

signature.asc
Description: This is a digitally signed message part.
___
Secure-testing-team mailing list
Secure-testing-team@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team

[Secure-testing-team] Bug#851485: [imagemagick] ipl file missing malloc check

[Bastien ROUCARIÈS]

Package: src:imagemagick
Version:  8:6.7.7.10-5
Severity: serious
Tags: patch security fixed-upstream
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org

Fixed 
https://github.com/ImageMagick/ImageMagick/commit/97566cf2806c0a5a86e884c96831a0c3b1ec6c20


signature.asc
Description: This is a digitally signed message part.
___
Secure-testing-team mailing list
Secure-testing-team@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team

[Secure-testing-team] Bug#851483: [imagemagick] wpg file off by one

[Bastien ROUCARIÈS]

Package: src:imagemagick
Version:  8:6.7.7.10-5
Severity: serious
Tags: patch security fixed-upstream
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org

Fix a off by one error 
Fixed 
https://github.com/ImageMagick/ImageMagick/commit/d23beebe7b1179fb75db1e85fbca3100e49593d9


signature.asc
Description: This is a digitally signed message part.
___
Secure-testing-team mailing list
Secure-testing-team@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team

[Secure-testing-team] Bug#851382: [imagemagick] memory leak in MPC file handling

[Bastien ROUCARIÈS]

Package: imagemagick
Version:  8:6.7.7.10-5
Severity: serious
Tags: patch security fixed-upstream
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
forwarded: 
https://github.com/ImageMagick/ImageMagick/commit/4493d9ca1124564da17f9b628ef9d0f1a6be9738

Fixed here 
https://github.com/ImageMagick/ImageMagick/commit/4493d9ca1124564da17f9b628ef9d0f1a6be9738

signature.asc
Description: This is a digitally signed message part.
___
Secure-testing-team mailing list
Secure-testing-team@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team

[Secure-testing-team] Bug#851381: [imagemagick] Crash - PushQuantumPixel - Heap-Buffer-Overflow (TIFF)

[Bastien ROUCARIÈS]

Package: imagemagick
Version:  8:6.7.7.10-5
Severity: serious
Tags: patch security fixed-upstream
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
forwarded: 
https://www.imagemagick.org/discourse-server/viewtopic.php?f=3=31161

Fixed here 
https://github.com/ImageMagick/ImageMagick/commit/c073a7712d82476b5fbee74856c46b88af9c3175


signature.asc
Description: This is a digitally signed message part.
___
Secure-testing-team mailing list
Secure-testing-team@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team

[Secure-testing-team] Bug#851380: [imagemagick] memory leak in caption and label handling

[Bastien ROUCARIÈS]

Package: imagemagick
Version:  8:6.7.7.10-5
Severity: serious
Tags: patch security fixed-upstream
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
forwarded: 
https://github.com/ImageMagick/ImageMagick/commit/aeff00de228bc5a158c2a975ab47845d8a1db456

Fixed here 
https://github.com/ImageMagick/ImageMagick/commit/aeff00de228bc5a158c2a975ab47845d8a1db456


signature.asc
Description: This is a digitally signed message part.
___
Secure-testing-team mailing list
Secure-testing-team@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team

[Secure-testing-team] Bug#851377: [imagemagick] out of bound in psd file handling

[Bastien ROUCARIÈS]

Package: imagemagick
Version:  8:6.7.7.10-5
Severity: serious
Tags: patch security fixed-upstream
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
forwarded: https://github.com/ImageMagick/ImageMagick/issues/350

Memory corruption via a PSB file another one.

Please open a CVE or merge with upstream #347, #348


signature.asc
Description: This is a digitally signed message part.
___
Secure-testing-team mailing list
Secure-testing-team@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team

[Secure-testing-team] Bug#851376: [imagemagick] memory corruption heap overflow

[Bastien ROUCARIÈS]

Package: imagemagick
Version:  8:6.7.7.10-5
Severity: serious
Tags: patch security fixed-upstream
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
forwarded: https://github.com/ImageMagick/ImageMagick/issues/348

Memory corruption via a PSB file another one.

Please open a CVE or merge with upstream #347


signature.asc
Description: This is a digitally signed message part.
___
Secure-testing-team mailing list
Secure-testing-team@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team

[Secure-testing-team] Bug#851374: [imagemagick] memory corruption heap overflow

[Bastien ROUCARIÈS]

Package: imagemagick
Version:  8:6.7.7.10-5
Severity: serious
Tags: patch security fixed-upstream
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
forwarded: https://github.com/ImageMagick/ImageMagick/issues/347

Specially crafted PSB file create a memory corruption.

Please open a CVE


signature.asc
Description: This is a digitally signed message part.
___
Secure-testing-team mailing list
Secure-testing-team@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team

[Secure-testing-team] Bug#851307: [vtable-dumper] New upstream version fixing securities bug

[Bastien ROUCARIÈS]

Package: vtable-dumper
Severity: serious
Tags: patch security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org

Hi,

vtable dumper could be run from network process in order to test remote 
binaries.

Newer version fix some security bug like off-by-ones, segfault and memory leak

Thanks

signature.asc
Description: This is a digitally signed message part.
___
Secure-testing-team mailing list
Secure-testing-team@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team

[Secure-testing-team] Bug#823750: [imagemagick] Multiple security problems

[Bastien ROUCARIÈS]

Package: imagemagick
Version: 8:6.7.7.10-5
Severity: grave
Tags: security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org

Hi,

after CVE-2016-3718 I do a audit of upstream source code and bugzilla, and I 
found a few security bug.

Will send some description in follow up of this bug.

Dear security team could you ask for CVE ? I have a newborn to take care, and I 
try my best to get imagemagick and my new born in good shape, but I lake time

Bastien

___
Secure-testing-team mailing list
Secure-testing-team@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team

[Secure-testing-team] Bug#773823: [src:libpng1.6] Heap overflow

[bastien ROUCARIÈS]

Package: src:libpng1.6
Severity: grave
Tags: security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org

According to http://seclists.org/oss-sec/2014/q4/1133
libpng (embeded in your package) has an heap overlow.

Thanks

Bastien


signature.asc
Description: This is a digitally signed message part.
___
Secure-testing-team mailing list
Secure-testing-team@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team

[Secure-testing-team] Bug#773824: [texlive-bin] Embeded libpng 1.6.13 Heap Overflow

[bastien ROUCARIÈS]

Package: texlive-bin
Severity: grave
Tags: security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org

According to http://seclists.org/oss-sec/2014/q4/1133
libpng (embeded in your package) has an heap overlow.

Thanks

Bastien

signature.asc
Description: This is a digitally signed message part.
___
Secure-testing-team mailing list
Secure-testing-team@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team

[Secure-testing-team] Bug#727122: [gitolite3] Do not create a test-repo with @all RW

[Bastien ROUCARIÈS]

Package: gitolite3
Severity: grave
Tags: security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org

By default gitolite3 install create a test repo (see gitolite.conf)
repo testing:
RW+ = @all

This repositionnery is writtable by every one and could lead to distant dos 
(disk full).

Bastien

___
Secure-testing-team mailing list
Secure-testing-team@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team

[Secure-testing-team] Bug#692367: [imagemagick][patch][mentors] Three Security leading to DOS

[Bastien ROUCARIÈS]

Package: imagemagick
Version: 8:6.7.7.10-4
Severity: serious
Tags: patch security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org

Current imagemagick version  8:6.7.7.10-4 is unsuitable for realease due to 
(under my own analysis) three memory leaks:
  * Fix a memory leak: after setjmp used variable need to be volatile.
Fix jpeg and png coder.
  * Fix a memory leak: in webp handling add a forgotten WebPPictureFree
  * Fix another memory leak in case of corrupted image in magick++ read 
method.

According to my own analysis the risk is only a local dos.

These bug should be nevertheless fixed before wheezy. I have prepared a package 
for stable-security if needed and I could upload in a few minutes to mentors 
if needed by security team.

Bastien

-- 
Dr-Ing Bastien ROUCARIÈS uUniversité de Cergy/SATIE ENS Cachan

___
Secure-testing-team mailing list
Secure-testing-team@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team