Bug 15915

Summary: libraw integer overflow security issue in darktable (CVE-2015-3885)
Product: Mageia Reporter: Rémi Verschelde <rverschelde>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: luigiwalser, sysadmin-bugs
Version: 4Keywords: validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/644511/
Whiteboard: has_procedure advisory mga4-32-ok mga4-64-ok
Source RPM: darktable CVE:
Status comment:
Bug Depends on:    
Bug Blocks: 15910    

Description Rémi Verschelde 2015-05-12 14:44:20 CEST 
+++ This bug was initially created as a clone of Bug #15910 +++

An advisory has been issued today (May 11):
http://www.ocert.org/advisories/ocert-2015-006.html

Darktable 1.2.3-4.2 in Mageia 4 and 1.6.3-1 in Mageia 5 both bundle libraw 0.14.7 and are therefore also vulnerable.
Rémi Verschelde 2015-05-12 14:44:41 CEST

Blocks: (none) => 15910
Depends on: 15910 => (none)
Source RPM: libraw, dcraw, ufraw, rawtherapee, kodi, darktable => darktable

Comment 1 Rémi Verschelde 2015-05-12 14:45:21 CEST 
Removing unneeded CCs, it looks like cloning bug 15910 was not the best procedure :)

CC: anssi.hannula, fundawang, jani.valimaa, rverschelde, shlomif => (none)

Rémi Verschelde 2015-05-12 14:45:35 CEST

Assignee: bugsquad => rverschelde

Comment 2 Rémi Verschelde 2015-05-12 14:52:50 CEST 
darktable-1.2.3-4.3.mga4 submitted to Mageia 4 core/updates_testing.
Freeze push requested for darktable-1.6.6-1.mga5 with the same patch.

Whiteboard: (none) => MGA4TOO

Comment 3 Rémi Verschelde 2015-05-12 22:32:59 CEST 
darktable-1.6.6-1.mga5 has been freeze pushed and should fix the issue for Mageia 5.

Version: Cauldron => 4
Whiteboard: MGA4TOO => (none)

Comment 4 Rémi Verschelde 2015-05-12 22:39:53 CEST 
Assigning to QA.

Suggested advisory:
===================

Updated darktable package fixes security vulnerability

  The dcraw tool bundled in darktable's libraw copy suffers from an integer
  overflow condition which leads to a buffer overflow. A maliciously crafted
  raw image file can be used to trigger the vulnerability, causing a Denial
  of Service condition.

  The bundled dcraw code has been patched to fix this vulnerability.

References:
 - http://www.ocert.org/advisories/ocert-2015-006.html
 - https://bugs.mageia.org/show_bug.cgi?id=15910
 - https://bugs.mageia.org/show_bug.cgi?id=15915

SRPM:
=====
- darktable-1.2.3-4.3.mga4

RPM:
====
- darktable-1.2.3-4.3.mga4

Assignee: rverschelde => qa-bugs

Comment 5 David Walser 2015-05-12 23:16:30 CEST 
Please add the CVE to the advisory (CVE-2015-3885).  You can use this reference unless the oCert advisory is updated to include the CVE:
http://openwall.com/lists/oss-security/2015/05/12/8

Summary: libraw integer overflow security issue in darktable => libraw integer overflow security issue in darktable (CVE-2015-3885)

Comment 6 claire robinson 2015-05-13 15:57:12 CEST 
Testing complete mga4 64

User darktable to open several types of raw image files

Whiteboard: (none) => has_procedure mga4-64-ok

Comment 7 claire robinson 2015-05-13 16:23:56 CEST 
Testing complete mga4 32, as comment 6

Whiteboard: has_procedure mga4-64-ok => has_procedure mga4-32-ok mga4-64-ok

Comment 8 claire robinson 2015-05-13 17:48:55 CEST 
Validating. Advisory uploaded.

Please push to 4 updates

Thanks

Keywords: (none) => validated_update
Whiteboard: has_procedure mga4-32-ok mga4-64-ok => has_procedure advisory mga4-32-ok mga4-64-ok
CC: (none) => sysadmin-bugs

Comment 9 Mageia Robot 2015-05-13 19:19:43 CEST 
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2015-0222.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

David Walser 2015-05-14 17:35:43 CEST

URL: (none) => http://lwn.net/Vulnerabilities/644511/