Bugzilla – Bug 853824
VUL-0: CVE-2013-6425: pixman: integer underflow when handling trapezoids
Last modified: 2014-01-28 14:04:43 UTC
CVE-2013-6425 An integer underflow flaw was found in pixman when handling trapezoids. If an application used pixman opened a crafted document, it could cause the application to crash. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6425 https://bugzilla.redhat.com/show_bug.cgi?id=1037975 https://bugs.freedesktop.org/show_bug.cgi?id=67484 https://bugs.freedesktop.org/attachment.cgi?id=87925
The SWAMPID for this issue is 55337. This issue was rated as moderate. Please submit fixed packages until 2013-12-19. When done, please reassign the bug to security-team@suse.de. Patchinfo will be handled by security team.
bugbot adjusting priority
Federico - can you look into this ...
Sure, I'm on it.
Thanks for doing this for SLE, Frederic :) Here are the submitreq IDs for openSUSE: openSUSE-12.2-Update - #211767 openSUSE-12.3-Update - #211768 openSUSE-13.1-Update - #211769 Reassigning to security-team for the release.
This is an autogenerated message for OBS integration: This bug (853824) was mentioned in https://build.opensuse.org/request/show/211767 12.2 / pixman https://build.opensuse.org/request/show/211768 12.3 / pixman https://build.opensuse.org/request/show/211769 13.1 / pixman
openSUSE-SU-2014:0007-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 853824 CVE References: CVE-2013-6425 Sources used: openSUSE 12.3 (src): pixman-0.28.2-2.4.1
openSUSE-SU-2014:0011-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 853824 CVE References: CVE-2013-6425 Sources used: openSUSE 12.2 (src): pixman-0.24.4-4.8.1
openSUSE-SU-2014:0014-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 853824 CVE References: CVE-2013-6425 Sources used: openSUSE 13.1 (src): pixman-0.30.2-2.5.1
released
Update released for: libpixman-1-0, libpixman-1-0-devel Products: SLE-SERVER 11-SP1-TERADATA (x86_64)
Update released for: libpixman-1-0, libpixman-1-0-devel Products: SLE-DESKTOP 11-SP2 (i386, x86_64) SLE-SDK 11-SP2 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP2 (i386, ia64, ppc64, s390x, x86_64) SLES4VMWARE 11-SP2 (i386, x86_64)
Update released for: libpixman-1-0, libpixman-1-0-devel Products: SLE-DESKTOP 11-SP3 (i386, x86_64) SLE-SDK 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLES4VMWARE 11-SP3 (i386, x86_64)
SUSE-SU-2014:0023-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 853824 CVE References: CVE-2013-6425 Sources used: SUSE Linux Enterprise Software Development Kit 11 SP3 (src): pixman-0.24.4-0.15.1 SUSE Linux Enterprise Software Development Kit 11 SP2 (src): pixman-0.16.0-1.4.1 SUSE Linux Enterprise Server 11 SP3 for VMware (src): pixman-0.24.4-0.15.1 SUSE Linux Enterprise Server 11 SP3 (src): pixman-0.24.4-0.15.1 SUSE Linux Enterprise Server 11 SP2 for VMware (src): pixman-0.16.0-1.4.1 SUSE Linux Enterprise Server 11 SP2 (src): pixman-0.16.0-1.4.1 SUSE Linux Enterprise Desktop 11 SP3 (src): pixman-0.24.4-0.15.1 SUSE Linux Enterprise Desktop 11 SP2 (src): pixman-0.16.0-1.4.1
openSUSE-SU-2014:0145-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 853824 CVE References: CVE-2013-6425 Sources used: openSUSE 11.4 (src): pixman-0.20.0-6.1