FEDORA-2019-76fbe24cab created by caolanm 2 years ago for Fedora 29
stable

CVE-2019-6978: double free in the gdImage*Ptr in gd_jpeg.c, and gd_wbmp.c

How to install

sudo dnf upgrade --advisory=FEDORA-2019-76fbe24cab

This update has been submitted for testing by caolanm.

2 years ago

This update has been pushed to testing.

2 years ago
User Icon mattf commented & provided feedback 2 years ago

I got dnf errors relating to this libwmf update and gimp. gimp-2.10.8-5.fc29 requires libwmf-0.2.so.7 and libwmflite-0.2.so.7, but libwmf-0.2.11-1.fc29 provides libwmf-0.2.so.8 and libwmf-lite-0.2.11-1.fc29 provides libwmflite-0.2.so.8. libabiword, GraphicsMagick, ImageMagick-libs also depend on libwmf-0.2.so.7 and/or libwmflite-0.2.so.7. Rebuilding gimp, libabiword, GraphicsMagick, ImageMagick to use this libwmf update might avoid further dnf errors. I filed the following report with more details https://bugzilla.redhat.com/show_bug.cgi?id=1671621

User Icon bluepencil commented & provided feedback 2 years ago

Such errors touches libabiword too:

package libabiword-1:3.0.2-13.fc29.x86_64 requires libwmf-0.2.so.7()(64bit), but none of the providers can be installed
  - cannot install both libwmf-0.2.11-1.fc29.x86_64 and libwmf-0.2.10-1.fc29.x86_64
User Icon kparal commented & provided feedback 2 years ago
karma
 Problem: problem with installed package ImageMagick-libs-1:6.9.9.38-3.fc29.x86_64
  - package ImageMagick-libs-1:6.9.9.38-3.fc29.x86_64 requires libwmflite-0.2.so.7()(64bit), but none of the providers can be installed
  - cannot install both libwmf-lite-0.2.11-1.fc29.x86_64 and libwmf-lite-0.2.10-1.fc29.x86_64
  - cannot install both libwmf-lite-0.2.10-1.fc29.x86_64 and libwmf-lite-0.2.11-1.fc29.x86_64
  - package libwmf-0.2.11-1.fc29.x86_64 requires libwmflite-0.2.so.8()(64bit), but none of the providers can be installed
  - cannot install the best update candidate for package libwmf-0.2.10-1.fc29.x86_64

Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.

2 years ago
User Icon pwalter commented & provided feedback 2 years ago
karma

This breaks packages using libwmf as the soname changes.

This update has been unpushed.

besser82 edited this update.

New build(s):

  • GraphicsMagick-1.3.31-4.fc29
  • abiword-3.0.2-18.fc29
  • gimp-2.10.8-6.fc29
  • ImageMagick-6.9.9.38-4.fc29

Karma has been reset.

2 years ago

This update has been submitted for testing by besser82.

2 years ago

besser82 edited this update.

New build(s):

  • libwmf-0.2.12-1.fc29

Removed build(s):

  • abiword-3.0.2-18.fc29
  • gimp-2.10.8-6.fc29
  • GraphicsMagick-1.3.31-4.fc29
  • ImageMagick-6.9.9.38-4.fc29
  • libwmf-0.2.11-1.fc29

Karma has been reset.

2 years ago
User Icon besser82 commented & provided feedback 2 years ago

Rebuilt packages are not needed anymore as this NVR reverts the soname bump.

This update has been pushed to testing.

2 years ago
User Icon smithp commented & provided feedback 2 years ago
karma

+1

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

a year ago

This update has been submitted for batched by caolanm.

a year ago

This update has been submitted for stable by caolanm.

a year ago

This update has been pushed to stable.

a year ago

Please login to add feedback.

Metadata
Type
security
Severity
low
Karma
1
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
disabled
Dates
submitted
2 years ago
in testing
2 years ago
in stable
a year ago
modified
2 years ago
BZ#1671392 CVE-2019-6978 libwmf: gd: double free in the gdImage*Ptr in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c [fedora-all]
0
0
BZ#1671621 gimp-2.10.8-5.fc29 requires libwmf-0.2.so.7 and libwmflite-0.2.so.7, but libwmf-0.2.11-1.fc29 provides libwmf-0.2.so.8 and libwmf-lite-0.2.11-1.fc29 provides libwmflite-0.2.so.8
0
0

Automated Test Results