| Summary: | libexif new security issue CVE-2018-20030 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | davidwhodgins, sysadmin-bugs, tarazed25 |
| Version: | 6 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA6-64-OK | ||
| Source RPM: | libexif-0.6.21-9.2.mga6.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2019-02-16 17:40:14 CET
mga6, x86_64
Installed the current packages.
CVE-2018-20030
DOS vulnerability.
No POC available.
$ strace -o trace eom Sutherland_1.jpg
Manipulated the image.
$ grep exif trace
open("/lib64/libexif.so.12", O_RDONLY|O_CLOEXEC) = 3
open("/usr/lib64/libexif.so.12.3.3", O_RDONLY) = 3
$ strace -o trace eog LochCluanie_10.jpg
Rotated the image then browsed other images.
$ grep exif trace
open("/lib64/libexif.so.12", O_RDONLY|O_CLOEXEC) = 3
open("/usr/lib64/libexif.so.12.3.3", O_RDONLY) = 3
open("/usr/share/locale/en_GB.UTF-8/LC_MESSAGES/libexif-12.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_GB.utf8/LC_MESSAGES/libexif-12.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_GB/LC_MESSAGES/libexif-12.mo", O_RDONLY) = 11
Ran caja and selected an imaged directory and clicked on an image, which was displayed via eom.
Ran the GIMP under strace, selected an image, scaled it, changed contrast and brightness and saved it as an xcf file.
$ grep exif trace
write(13, "\0\0\0\35plug-in-metadata-decode-exif"..., 512) = 512
read(10, "plug-in-metadata-decode-exif\0", 29) = 29
read(10, "plug-in-metadata-decode-exif\0", 29) = 29
read(10, "plug-in-metadata-decode-exif\0", 29) = 29
read(10, "plug-in-metadata-decode-exif\0", 29) = 29
Does that relate to libexif?
Installed feh and ran that under strace. Displayed an image, switched fullscreen and back, rotated the image and showed information.
$ grep exif trace
open("/lib64/libexif.so.12", O_RDONLY|O_CLOEXEC) = 3
Looks like it is working fine.CC:
(none) =>
tarazed25
Dave Hodgins
2019-02-20 22:01:06 CET
Keywords:
(none) =>
advisory, validated_update An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0095.html Status:
NEW =>
RESOLVED |