Bug 26784

In the absence of a registered maintainer, assigning to DavidG as the active maintainer of this SRPM.

Assignee: bugsquad => geiger.david68210

Done for both Cauldron and mga7!

Advisory:
========================

Updated libjpeg packages fix security vulnerability:

libjpeg-turbo 2.0.4 has a heap-based buffer over-read in get_rgb_row() in
rdppm.c via a malformed PPM input file (CVE-2020-13790).

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13790
https://usn.ubuntu.com/usn/usn-4386-1
========================

Updated packages in core/updates_testing:
========================
libjpeg8-2.0.4-1.1.mga7
libjpeg62-2.0.4-1.1.mga7
libturbojpeg0-2.0.4-1.1.mga7
libjpeg-devel-2.0.4-1.1.mga7
libjpeg-static-devel-2.0.4-1.1.mga7
jpeg-progs-2.0.4-1.1.mga7

from libjpeg-2.0.4-1.1.mga7.src.rpm

Assignee: geiger.david68210 => qa-bugs
CC: (none) => geiger.david68210
Whiteboard: MGA7TOO => (none)
Version: Cauldron => 7

mga7, x86_64

CVE-2020-13790
https://github.com/libjpeg-turbo/libjpeg-turbo/issues/433
$ valgrind -q cjpeg reproducer
==6825== Invalid read of size 1
==6825==    at 0x403D5A: ??? (in /usr/bin/cjpeg)
==6825==    by 0x4025F2: main (in /usr/bin/cjpeg)
==6825==  Address 0x4ad0dba is 6 bytes before a block of size 15,927 alloc'd
==6825==    at 0x4834753: malloc (vg_replace_malloc.c:309)
[...]
Premature end of input file

$ cjpeg reproducer
Premature end of input file

Ran the updates.
$ valgrind -q cjpeg reproducer
Premature end of input file
$ cjpeg reproducer
Premature end of input file

Problem fixed by the look of it.

Repeating utility tests reported in Bug 25296 - just cut and paste.
Results are current.
$ wrjpgcom -comment "Experimental comment for QA" newfile.jpg > withcomment.jpg
$ rdjpgcom withcomment.jpg
Experimental comment for QA
$ jpegtran -flip horizontal JessicaAlba.jpg > flipped.jpg
$ jpegtran -flip vertical LochLubnaig_4.jpg > upsidedown.jpg
$ jpegtran -transpose workspace.jpg > work1.jpg
$ jpegtran -transverse workspace.jpg > work2.jpg
$ jpegtran -grayscale JessicaAlba.jpg > greyscale.jpg
$ jpegtran -perfect -rotate 90 work1.jpg > work3.jpg
$ jpegtran -crop 800x640+300+200 workspace.jpg > work4.jpg

$ eom flipped.jpg upsidedown.jpg work* greyscale.jpg
Each image looked as expected.

Everything looks fine.

Whiteboard: (none) => MGA7-64-OK
CC: (none) => tarazed25

Forgot to look at cjpeg which has multiple options.  Sticking to the simplest.

$ cjpeg -quality 70 test.ppm > test.jpg
$ ll test*
-rw-r--r-- 1 lcl lcl   11196343 Jun 16 18:13 test.jpg
-rw-r--r-- 1 lcl lcl 2147490094 Nov 15  2019 test.ppm
$ identify test.*
test.jpg JPEG 26755x26755 26755x26755+0+0 8-bit sRGB 10.6777MiB 0.000u 0:00.000
test.ppm PPM 26755x26755 26755x26755+0+0 8-bit sRGB 2.00001GiB 3.970u 0:02.974

display takes forever to render the jpeg image.  It provides a pan icon.
This may have exceeded some internal limits  for ImageMagick so it seemed wise to crash it.  eom crashes anyway.
The test image seems to have a valid header.
Tried something more reasonable.
$ cjpeg -quality 50 JessicaAlba.ppm > jessica_x.jpg
$ ll JessicaAlba.ppm jessica_x.jpg
-rw-r--r-- 1 lcl lcl 3225616 Jun 19  2019 JessicaAlba.ppm
-rw-r--r-- 1 lcl lcl   61239 Jun 16 18:33 jessica_x.jpg
$ identify JessicaAlba.ppm jessica_x.jpg
JessicaAlba.ppm PPM 1200x896 1200x896+0+0 8-bit sRGB 3.07619MiB 0.010u 0:00.006
jessica_x.jpg JPEG 1200x896 1200x896+0+0 8-bit sRGB 61239B 0.000u 0:00.000

There was no discernible difference when the images were compared using display.

Good enough.

Whiteboard: (none) => MGA7-64-OK

Validating. Advisory in Comment 3.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2020-0267.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED