| Summary: | djvulibre new security issues CVE-2019-1514[2-5] and CVE-2019-18804 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, mageia, nicolas.salguero, sysadmin-bugs, tmb |
| Version: | 7 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA7-64-OK | ||
| Source RPM: | djvulibre-3.5.27-5.mga7.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2019-11-23 17:25:33 CET
David Walser
2019-11-23 17:25:40 CET
Whiteboard:
(none) =>
MGA7TOO This package now has no maintainer, so assigning the bug globally. Assignee:
bugsquad =>
pkg-bugs Suggested advisory: ======================== The updated packages fix security vulnerabilities: In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service (application crash in GStringRep::strdup in libdjvu/GString.cpp caused by a heap-based buffer over-read) by crafting a DJVU file. (CVE-2019-15142) In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error (resource exhaustion caused by a GBitmap::read_rle_raw infinite loop) by crafting a corrupted image file, related to libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp. (CVE-2019-15143) In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate<TYPE>::sort) allows attackers to cause a denial-of-service (application crash due to an Uncontrolled Recursion) by crafting a PBM image file that is mishandled in libdjvu/GContainer.h. (CVE-2019-15144) DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack (application crash via an out-of-bounds read) by crafting a corrupted JB2 image file that is mishandled in JB2Dict::JB2Codec::get_direct_context in libdjvu/JB2Image.h because of a missing zero-bytes check in libdjvu/GBitmap.h. (CVE-2019-15145) DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp. (CVE-2019-18804) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15142 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15143 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15144 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15145 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18804 https://usn.ubuntu.com/4198-1/ ======================== Updated packages in core/updates_testing: ======================== djvulibre-3.5.27-5.1.mga7 lib(64)djvulibre21-3.5.27-5.1.mga7 lib(64)djvulibre-devel-3.5.27-5.1.mga7 from SRPMS: djvulibre-3.5.27-5.1.mga7.src.rpm CC:
(none) =>
nicolas.salguero Installed and tested without issues. Tested using okular, djview4 and the various djvulibre tools. Tested with various djvu documents, ps documents and pdf documents. ps and pdf documents were converted to djvu documents using the djvulibre tools and viewed using both okular and djview4. Text was extracted from the djvu documents and compared. No issues noticed. djvu documents can be found at: http://www.djvu.org/resources/ $ uname -a Linux marte 5.3.11-desktop-1.mga7 #1 SMP Tue Nov 12 21:10:01 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ rpm -qa | grep djvu | sort djvulibre-3.5.27-5.1.mga7 lib64djvulibre21-3.5.27-5.1.mga7 $ rpm -q okular djview4 okular-19.04.0-1.mga7 djview4-4.10.6-2.mga7 CC:
(none) =>
mageia Looks good to me. Validating. Advisory in Comment 2. Keywords:
(none) =>
validated_update
Thomas Backlund
2019-11-30 12:31:40 CET
Keywords:
(none) =>
advisory An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0346.html Resolution:
(none) =>
FIXED |