| Summary: | exempi new security issues CVE-2018-7728 and CVE-2018-7730 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | herman.viaene, smelror, sysadmin-bugs |
| Version: | 6 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA6-32-OK MGA6-64-OK | ||
| Source RPM: | exempi-2.2.2-16.mga6.src.rpm | CVE: | CVE-2018-7728 CVE-2018-7730 |
| Status comment: | |||
|
Description
David Walser
2018-03-18 23:24:09 CET
David Walser
2018-03-18 23:24:24 CET
Whiteboard:
(none) =>
MGA6TOO
Stig-Ørjan Smelror
2018-03-19 09:12:57 CET
Version:
Cauldron =>
6 Cauldron updated to version 2.4.5. Advisory ======== Exempi has been updated to fix two security issues. CVE-2018-7728: Specially crafted TIFF images could have been used to cause a denial of service via a heap-based buffer overflow CVE-2018-7730: Specially crafted Excel files could have been used cause a denial of service via a heap-based buffer overflow References ========== https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-7728 https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-7730 Files ===== Uploaded to core/updates_testing: lib64exempi-devel-2.2.2-16.1.mga6.x86_64.rpm lib64exempi3-2.2.2-16.1.mga6.x86_64.rpm from exempi-2.2.2-16.1.mga6.src.rpm Assignee:
smelror =>
qa-bugs Stig-Ørjan, did you investigate if exiv2 is affected? MGA5-32 on Dell Latitude D600 Mate No installation issues Found libexempi required by eom. Checked with strace that libexempi is called by eom, and could open metadata of picture correctly. CC:
(none) =>
herman.viaene To test: M6/64 It seems as if CVE-2018-7728 has a PoC: https://bugs.freedesktop.org/show_bug.cgi?id=105205 also CVE-2018-7730: https://bugs.freedesktop.org/show_bug.cgi?id=105204 I will try these shortly, just in case they show something +ve. Advisory done from c2 + ref from c0.
Lewis Smith
2018-03-22 20:13:27 CET
Keywords:
(none) =>
advisory Testing M6/64
BEFORE update: lib64exempi3-2.2.2-16.mga6
Trying the PoCs.
$ exempi -x exempi-MD5-152-overflow
processing file exempi-MD5-152-overflow
dump_xmp for file exempi-MD5-152-overflow
EOF in data block
$ exempi -x exempi-PSD_Handler-166-overflow
processing file exempi-PSD_Handler-166-overflow
dump_xmp for file exempi-PSD_Handler-166-overflow
Segmentation fault (core dumped)
AFTER update: lib64exempi3-2.2.2-16.1.mga6
$ exempi -x exempi-MD5-152-overflow
Same output as before...
$ exempi -x exempi-PSD_Handler-166-overflow
processing file exempi-PSD_Handler-166-overflow
dump_xmp for file exempi-PSD_Handler-166-overflow
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Exempi + XMP Core 5.1.2">
lots of correct looking XML
</x:xmpmeta>
which *is* proof +ve.
Trying on some TIF images,
$ exempi -x <filename>
always output correct XML data. This does use the library:
$ strace exempi -x start.tif 2>&1 | grep libexempi
open("/lib64/libexempi.so.3", O_RDONLY|O_CLOEXEC) = 3
Following Herman's lead, viewers using this library are:
eog, eom, xviewer
I installed both eog & eom, but *neither* recognised TIF files at all. I reverted the library, same result; so that was not due to the update. But what are they missing? OKing the update anyway.Whiteboard:
MGA6-32-OK =>
MGA6-32-OK MGA6-64-OK An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0183.html Resolution:
(none) =>
FIXED |