Bugzilla – Bug 994819
VUL-0: CVE-2016-6855: eog: out-of-bounds write in eog
Last modified: 2016-11-17 17:34:33 UTC
A versionupdate is available for eog in Leap. Backported patch to eog in 13.2 Fixes CVE-2016-6855 out-of-bounds write
This is an autogenerated message for OBS integration: This bug (994819) was mentioned in https://build.opensuse.org/request/show/420993 13.2+42.1 / eog
Created attachment 688911 [details] crashEOG.svg QA REPRODUCER: eog crashEOG.svg
https://bugzilla.gnome.org/show_bug.cgi?id=770143 So, this is indeed as I thought in comment 2. GMarkup in glib pre-2.44.1 could cause this out-of-bounds access if given invalid input (bug 631597). eog triggered this by passing invalid UTF8 to GMarkup. I patched eog now to make sure the error messages in the ErrorMessageArea are valid UTF8. This also avoids the broken markup when using newer glib versions that wouldn't crash anymore. I'll do new eog-3.18 and 3.20 releases and possibly also a 3.16 tarball containing this fix. I won't prepare older releases for now though as the demand for those should rather small and LTS distros in my experience tend to prefer cherry-picking patches over newer tarballs anyway. Thanks for reporting this. commit e99a8c00f959652fe7c10e2fa5a3a7a5c25e6af4 Author: Felix Riemann <> Date: Sun Aug 21 15:56:46 2016 +0200 EogErrorMessageArea: Make sure error messages are valid UTF8 GMarkup requires valid UTF8 input strings and would cause odd looking messages if given invalid input. This could also trigger an out-of-bounds write in glib before 2.44.1. Reported by kaslovdmitri. https://bugzilla.gnome.org/show_bug.cgi?id=770143
Created attachment 688914 [details] eog-CVE-2016-6855.patch eog-CVE-2016-6855.patch attached to gnome bug
https://build.opensuse.org/request/show/420999 TW sub for ref. All openSUSE should be taken care of already. See comment#1 What is missing is SLE (and fwd from SLE to Leap 42.2) Adding some CC Setting status to confirmed.
openSUSE-SU-2016:2242-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 994819 CVE References: CVE-2016-6855 Sources used: openSUSE Leap 42.1 (src): eog-3.16.5-9.1 openSUSE 13.2 (src): eog-3.14.5-13.1
+ +- Update to version 3.20.4 (boo#994819): + + Out-of-bounds fix (bgo#770143, CVE-2016-6855). + + eog leaks error message if loading an SVG fails (bgo#770197). + + Updated translations. + https://build.opensuse.org/request/show/422084 This is in Leap 42.2 now, so for openSUSE this bug should be all done.
Resolved fixed. Should there be sle updates still missing, feel free to reopen.
We need to update SLE12 (prior to SP2). I can't reproduce the crash on SLE 11-SP4.
bugbot adjusting priority
done
SUSE-SU-2016:2827-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 994819 CVE References: CVE-2016-6855 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP1 (src): eog-3.10.2-2.3.1 SUSE Linux Enterprise Server 12-SP1 (src): eog-3.10.2-2.3.1 SUSE Linux Enterprise Desktop 12-SP1 (src): eog-3.10.2-2.3.1