| Summary: | exiv2 new security issue CVE-2019-20421 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | andrewsfarm, sysadmin-bugs, tarazed25, tmb |
| Version: | 7 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA7-64-OK | ||
| Source RPM: | exiv2-0.27.1-3.2.mga7.src.rpm | CVE: | CVE-2019-20421 |
| Status comment: | |||
|
Description
David Walser
2020-02-07 21:18:21 CET
David Walser
2020-02-07 21:18:29 CET
Whiteboard:
(none) =>
MGA7TOO Suggested advisory: ======================== The updated packages fix a security vulnerability: In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file. (CVE-2019-20421) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20421 https://usn.ubuntu.com/4270-1/ ======================== Updated packages in core/updates_testing: ======================== exiv2-0.27.1-3.3.mga7 lib(64)exiv2_27-0.27.1-3.3.mga7 lib(64)exiv2-devel-0.27.1-3.3.mga7 exiv2-doc-0.27.1-3.3.mga7 from SRPMS: exiv2-0.27.1-3.3.mga7.src.rpm Status:
NEW =>
ASSIGNED Mageia7, x86_64 CVE-2019-20421 https://github.com/Exiv2/exiv2/issues/1011 $ exiv2 Jp2Image_readMetadata_loop.poc File name : Jp2Image_readMetadata_loop.poc File size : 738 Bytes MIME type : image/pgf Image size : 1007160575 x 1781334193 Jp2Image_readMetadata_loop.poc: No Exif data found in the file No infinite loop and a tidy exit which implies that the fix was already in place before the update but note that the upstream note says the fault -can- lead to an infinite loop. This system is starting at exiv2-0.27.1-3.2.mga7. Updated the four packages. $ exiv2 Jp2Image_readMetadata_loop.poc Exiv2 exception in print action for file Jp2Image_readMetadata_loop.poc: corrupted image metadata This differs from the earlier test but seems to confirm the fix. The library is used by various image viewers, nautilus, mythtv, okular, gimp, astronomy packages, gnome-shell, digikam, darktable .... $ strace -o dark.trace darktable $ grep exiv2 dark.trace openat(AT_FDCWD, "/lib64/libexiv2.so.27", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/usr/lib64/libexiv2.so.0.27.1", O_RDONLY) = 3 $ exiv2 JessicaAlba.tif File name : JessicaAlba.tif File size : 3229613 Bytes MIME type : image/tiff Image size : 1200 x 896 .... $ exiv2 -c "QA testing" TatianaMaslany.jpg $ strings TatianaMaslany.jpg | grep QA QA testing QA)E .... $ exiv2 -pc TatianaMaslany.jpg QA testing gthumb displays Exif information for selected images. $ strace -o thumb.trace gthumb . $ grep exiv2 thumb.trace openat(AT_FDCWD, "/usr/lib64/gthumb/extensions/exiv2_tools.extension", O_RDONLY) = 25 openat(AT_FDCWD, "/usr/lib64/gthumb/extensions/libexiv2_tools.so", O_RDONLY|O_CLOEXEC) = 24 openat(AT_FDCWD, "/usr/lib64/gthumb/extensions/libexiv2.so.27", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/lib64/libexiv2.so.27", O_RDONLY|O_CLOEXEC) = 24 stat("/usr/lib64/gthumb/extensions/libexiv2_tools.so", {st_mode=S_IFREG|0755, st_size=148064, ...}) = 0 This looks fine for 64-bits. Whiteboard:
(none) =>
MGA7-64-OK Thank you, Len. Validating. Advisory in Comment 1. Keywords:
(none) =>
validated_update
Thomas Backlund
2020-02-13 11:07:29 CET
Keywords:
(none) =>
advisory An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0084.html Status:
ASSIGNED =>
RESOLVED |