Bug 15925

Summary: libraw new integer overflow security issue (CVE-2015-3885)
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: sysadmin-bugs
Version: 4Keywords: validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/644511/
Whiteboard: has_procedure advisory mga4-32-ok mga4-64-ok
Source RPM: libraw CVE:
Status comment:
Bug Depends on:    
Bug Blocks: 15910    

Description David Walser 2015-05-13 16:18:47 CEST 
+++ This bug was initially created as a clone of Bug #15910 +++

An advisory has been issued today (May 11):
http://www.ocert.org/advisories/ocert-2015-006.html

Patched package uploaded for Mageia 4.  Updated package uploaded for Cauldron.

Advisory:
========================

Updated libraw packages fix security vulnerability:

The dcraw tool suffers from an integer overflow condition which lead to a
buffer overflow. The vulnerability concerns the 'len' variable, parsed without
validation from opened images, used in the ljpeg_start() function. A
maliciously crafted raw image file can be used to trigger the vulnerability,
causing a Denial of Service condition (CVE-2015-3885).

LibRaw contains a bundled copy of the affected code.  The libraw package has
been patched to fix this issue.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3885
http://www.ocert.org/advisories/ocert-2015-006.html
========================

Updated packages in core/updates_testing:
========================
libraw-tools-0.15.4-2.1.mga4
libraw9-0.15.4-2.1.mga4
libraw_r9-0.15.4-2.1.mga4
libraw-devel-0.15.4-2.1.mga4

from libraw-0.15.4-2.1.mga4.src.rpm
Comment 1 claire robinson 2015-05-13 16:33:00 CEST 
Can be tested by opening raw type images using shotwell, which requires libraw9, and luminance-hdr, which requires libraw_r9. Also raw-identify from libraw-tools.

Whiteboard: (none) => has_procedure

Comment 2 claire robinson 2015-05-13 16:58:26 CEST 
Testing complete mga4 64

Tested with nomacs rather than shotwell, others as comment 1.

Whiteboard: has_procedure => has_procedure mga4-64-ok

Comment 3 claire robinson 2015-05-13 17:12:22 CEST 
Testing complete mga4 32
claire robinson 2015-05-13 17:13:06 CEST

Whiteboard: has_procedure mga4-64-ok => has_procedure mga4-32-ok mga4-64-ok

Comment 4 claire robinson 2015-05-13 17:55:43 CEST 
Validating. Advisory uploaded.

Please push to 4 updates

Thanks

Keywords: (none) => validated_update
Whiteboard: has_procedure mga4-32-ok mga4-64-ok => has_procedure advisory mga4-32-ok mga4-64-ok
CC: (none) => sysadmin-bugs

Comment 5 Mageia Robot 2015-05-13 19:19:49 CEST 
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2015-0224.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

David Walser 2015-05-14 17:36:03 CEST

URL: (none) => http://lwn.net/Vulnerabilities/644511/