| Summary: | rawtherapee new security issues CVE-2017-13735, CVE-2017-14265, CVE-2017-14348 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | herman.viaene, lewyssmith, marja11, nicolas.salguero, qa-bugs, security, sysadmin-bugs, tarazed25 |
| Version: | 6 | Keywords: | advisory, has_procedure, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA5TOO MGA6-64-OK MGA5-32-OK MGA6-32-OK | ||
| Source RPM: | rawtherapee-5.2-1.mga7.src.rpm | CVE: | |
| Status comment: | |||
| Bug Depends on: | 21716 | ||
| Bug Blocks: | |||
|
Description
David Walser
2017-09-22 17:13:14 CEST
David Walser
2017-09-22 17:13:31 CEST
Source RPM:
libraw-0.18.2-1.mga6.src.rpm =>
rawtherapee-5.2-1.mga7.src.rpm Assigning to the registered maintainer. Assignee:
bugsquad =>
mrambo
David Walser
2017-09-25 16:53:30 CEST
Summary:
rawtherapee new security issues CVE-2017-13735 and CVE-2017-14265 =>
rawtherapee new security issues CVE-2017-13735, CVE-2017-14265, CVE-2017-14348 Patched package uploaded for cauldron, Mageia 6 and 5. Advisory: ======================== Patched rawtherapee package fixes security vulnerabilities: It was discovered that rawtherapee had a floating point exception in the kodak_radc_load_raw function in dcraw.cc (CVE-2017-13735). It was discovered that rawtherapee had a Heap-based 1 byte buffer overflow in the processCanonCameraInfo function in dcraw.c (CVE-2017-14348). It was discovered that rawtherapee had a Stack Buffer Overflow in xtrans_interpolate in dcraw.c that could allow a remote denial of service and code execution attack (CVE-2017-14265). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13735 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14348 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14265 https://github.com/Beep6581/RawTherapee/issues/4061 https://github.com/Beep6581/RawTherapee/issues/4084 https://github.com/LibRaw/LibRaw/issues/99 ======================== Updated packages in core/updates_testing: ======================== rawtherapee-5.1-1.2.mga6 rawtherapee-4.1-4.2.mga5 from: rawtherapee-5.1-1.2.mga6.src.rpm rawtherapee-4.1-4.2.mga5.src.rpm Testing procedure https://bugs.mageia.org/show_bug.cgi?id=12693#c7 Whiteboard:
MGA6TOO, MGA5TOO =>
MGA5TOO Had a look at this for mga6::x86_64. There are PoCs, which need libraw tools. No package name for 64-bits so installed libraw-tools which supplies the multirender_test program in /bin. Downloaded some of the samples from the link in bug 12693#c7. About to check the PoCs. CC:
(none) =>
tarazed25 Summary of upstream PoCs CVE-2017-13735 https://bugzilla.redhat.com/show_bug.cgi?id=1483988 Expected output: $ multirender_test POC1 Processing file POC1 Floating point exception CVE-2017-14348 https://github.com/LibRaw/LibRaw/issues/100 ASAN testing $ raw-identify libraw-0.18.3-heap-buffer-overflow-processCanonCameraInfo.cr2 Aborting CVE-2017-14265 ASAN testing $ simple_dcraw crash-xtrans_interpolate-stack-overflow Aborting ---------------------------------------------------------------------------- Before update: $ multirender_test POC1 Processing file POC1 Floating point exception (core dumped) $ raw-identify libraw-0.18.3-heap-buffer-overflow-processCanonCameraInfo.cr2 Cannot decode libraw-0.18.3-heap-buffer-overflow-processCanonCameraInfo.cr2: Unsupported file format or not RAW file $ simple_dcraw crash-xtrans_interpolate-stack-overflow Segmentation fault (core dumped) ---------------------------------------------------------------------------- Installed updated rawtherapee After update: $ multirender_test POC1 Processing file POC1 Floating point exception (core dumped) $ raw-identify libraw-0.18.3-heap-buffer-overflow-processCanonCameraInfo.cr2 Cannot decode libraw-0.18.3-heap-buffer-overflow-processCanonCameraInfo.cr2: Unsupported file format or not RAW file $ simple_dcraw crash-xtrans_interpolate-stack-overflow $ The core dump for the first test is disappointing but the other two look OK. ---------------------------------------------------------------------------- Launched rawtherapee in the RAW images directory. The whole set of images was displayed. Used some of the controls to color-tag and rank images, cropped an image, used flip, flop and rotate. Opened images with a double-click and saved a couple of images in png and jpeg formats. Those displayed fine. Giving this an OK.
Len Lawrence
2017-09-29 17:01:00 CEST
Whiteboard:
MGA5TOO =>
MGA5TOO MGA6-64-OK Forgot the link for CVE-2017-14265 https://github.com/LibRaw/LibRaw/issues/99 MGA5-32 on Asus A6000VM Xfce No installation issues. Played around with lighting parameters of raw images, and save the result. All looks OK CC:
(none) =>
herman.viaene MGA6-32 on Asus A6000VM MATENo installation issues. Played around with lighting parameters of raw images, and save the result. This laptop is too slow to do much more.All looks OK Whiteboard:
MGA5TOO MGA6-64-OK MGA5-32-OK =>
MGA5TOO MGA6-64-OK MGA5-32-OK MGA6-32-OK Advisory from comments 2 & 0. Validating, 3/4 confirmations. Keywords:
(none) =>
advisory, validated_update An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2017-0359.html Resolution:
(none) =>
FIXED |