Bug 22565

Summary: jhead new security issue CVE-2018-6612
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: herman.viaene, marja11, sysadmin-bugs, tmb
Version: 6Keywords: advisory, has_procedure, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA6-32-OK mga6-64-ok
Source RPM: jhead-3.00-3.mga6.src.rpm CVE:
Status comment:

Description David Walser 2018-02-10 22:03:25 CET 
openSUSE has issued an advisory today (February 10):
https://lists.opensuse.org/opensuse-updates/2018-02/msg00037.html

Mageia 6 is also affected.
David Walser 2018-02-10 22:03:33 CET

Whiteboard: (none) => MGA6TOO

David Walser 2018-02-10 22:05:48 CET

Status comment: (none) => Debian and openSUSE have patches

Comment 1 Marja Van Waes 2018-02-11 17:35:08 CET 
Assigning to the registered maintainer.

Assignee: bugsquad => jani.valimaa
CC: (none) => marja11

Comment 2 Jani Välimaa 2018-02-11 19:18:35 CET 
Pushed fixed version to cauldron and mga6 core/updates_testing.

mga6 RPM and SRPM:
jhead-3.00-3.1.mga6

Assignee: jani.valimaa => qa-bugs

Thomas Backlund 2018-02-11 19:21:43 CET

Whiteboard: MGA6TOO => (none)
Version: Cauldron => 6
CC: (none) => tmb

Comment 3 David Walser 2018-02-11 20:46:21 CET 
Advisory:
========================

Updated jhead package fixes security vulnerability:

An integer underflow bug in the process_EXIF function of the exif.c file of
jhead 3.00 raises a heap-based buffer over-read when processing a malicious JPEG
file, which may allow a remote attacker to cause a denial-of-service attack or
unspecified other impact (CVE-2018-6612).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6612
https://lists.opensuse.org/opensuse-updates/2018-02/msg00037.html

Status comment: Debian and openSUSE have patches => (none)

Comment 4 Herman Viaene 2018-02-15 11:24:51 CET 
MGA6-32 on Dell Latitude D600
No installation issues
At CLI:
$ jhead P7212393.jpeg 
File name    : P7212393.jpeg
File size    : 9573842 bytes
File date    : 2013:11:11 08:46:16
Camera make  : OLYMPUS IMAGING CORP.  
Camera model : E-500           
Date/Time    : 2012:07:21 15:04:00
Resolution   : 3340 x 2504
Flash used   : No
Focal length : 31.0mm
Exposure time: 0.0100 s  (1/100)
Aperture     : f/18.0
ISO equiv.   : 100
Whitebalance : Manual
Metering Mode: spot
Exposure     : shutter priority (semi-auto)
JPEG Quality : 100
is OK.

Whiteboard: (none) => MGA6-32-OK
CC: (none) => herman.viaene

Comment 5 claire robinson 2018-02-26 17:54:59 CET 
Testing complete mga6 64. Validating.

PoC here https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889272

Before
------
$ jhead poc

Nonfatal Error : 'poc' Suspicious offset of first Exif IFD value
Segmentation fault (core dumped)

After
-----
$ jhead poc

Nonfatal Error : 'poc' invalid offset for first Exif IFD value

Nonfatal Error : 'poc' Extraneous 32 padding bytes before section 5C

Error : Premature end of file?
in file 'poc'

Keywords: (none) => has_procedure, validated_update
Whiteboard: MGA6-32-OK => MGA6-32-OK mga6-64-ok
CC: (none) => sysadmin-bugs

claire robinson 2018-02-26 17:58:25 CET

Keywords: (none) => advisory

Comment 6 Mageia Robot 2018-02-27 00:41:48 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0146.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED