| Summary: | libexif new security issue CVE-2020-0452 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | andrewsfarm, herman.viaene, nicolas.salguero, ouaurelien, sysadmin-bugs |
| Version: | 7 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA7-64-OK | ||
| Source RPM: | libexif-0.6.22-1.1.mga7.src.rpm | CVE: | CVE-2020-0452 |
| Status comment: | |||
|
Description
David Walser
2020-11-11 00:20:04 CET
David Walser
2020-11-11 00:20:11 CET
Whiteboard:
(none) =>
MGA7TOO Ubuntu has issued an advisory for this today (November 10): https://ubuntu.com/security/notices/USN-4624-1 Severity:
normal =>
major Suggested advisory: ======================== The updated packages fix a security vulnerability: In exif_entry_get_value of exif-entry.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if a third party app used this library to process remote image data with no additional execution privileges needed. User interaction is not needed for exploitation. (CVE-2020-0452) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0452 https://www.debian.org/security/2020/dsa-4786 https://ubuntu.com/security/notices/USN-4624-1 ======================== Updated packages in core/updates_testing: ======================== libexif12-common-0.6.22-1.2.mga7 lib(64)exif12-0.6.22-1.2.mga7 lib(64)exif-devel-0.6.22-1.2.mga7 from SRPM: libexif-0.6.22-1.2.mga7.src.rpm CC:
(none) =>
nicolas.salguero MGA7-64 MATE on Peaq C1011
No installation issues.?
Testing along ther lines of previous updates.
$ exif IMG_20200328_172150.jpg
EXIF tags in 'IMG_20200328_172150.jpg' ('Motorola' byte order):
--------------------+----------------------------------------------------------
Tag |Value
--------------------+----------------------------------------------------------
Image Width |1840
Image Length |3264
Bits per Sample |8, 8, 8
Manufacturer |HUAWEI
Model |VTR-L09
etc ......
Looks OK, but
$ exif RAW_NIKON_E5700_SRGB.NEF
Corrupt data
The data provided does not follow the specification.
ExifLoader: The data supplied does not seem to contain EXIF data.
[tester7@mach6 RawORF]$ exif P7212389.ORF
Corrupt data
The data provided does not follow the specification.
ExifLoader: The data supplied does not seem to contain EXIF data.
These are files that have been used in previous updates with success. Also opened the last one with UFRaw and there exif info shows.CC:
(none) =>
herman.viaene Mageia 7 Plasma x86_64 This update installs: libexif12-common 0.6.22 1.2.mga7 x86_64 lib64exif12 0.6.22 1.2.mga7 x86_64 Installation OK. $ exif /home/aurelien/Images/Smartphone/IMG_20200502_162603.jpg Marqueurs EXIF dans « /home/aurelien/Images/Smartphone/IMG_20200502_162603.jpg » (ordre des octets « Motorola ») : --------------------+---------------------------------------------------------- Marqueur |Valeur --------------------+---------------------------------------------------------- Largeur de l'image |4000 Modèle |Mi 9T Pro Longueur de l'image |2250 Orientation |Droit-haut Date et heure |2020:05:02 16:26:05 Positionnement YCbCr|Centré Unité de la résoluti|pouces Résolution X |72 Résolution Y |72 Constructeur |Xiaomi Orientation |Droit-haut Compression |Compression JPEG Unité de la résoluti|pouces Résolution X |72 Résolution Y |72 Valeurs de vitesse I|112 Programme d'expositi|Programme normal Nombre d'ouverture |f/1,8 Temps d'exposition |1/131 sec. Méthode d'acquisitio|Non défini Temps inférieur à la|874909 Temps inférieur à la|874909 Temps inférieur à la|874909 Longueur focale |4,8 mm Flash |Le flash n'a pas déclenché, mode auto Source lumineuse |D65 Mode de mesure |Pondération centrale Type de capture de l|Standard Longueur focale dans|26 Valeur d'ouverture m|1,61 EV (f/1,7) Date et heure (numér|2020:05:02 16:26:05 Correction d'exposit|0,00 EV Dimension Y du pixel|2250 Balance des blancs |Balance des blancs automatique Date et heure (origi|2020:05:02 16:26:05 Luminosité |3,73 EV (45,46 cd/m²) Dimension X du pixel|4000 Mode d'exposition |Exposition automatique Ouverture |1,61 EV (f/1,7) Configuration des co|Y Cb Cr - Espace des couleurs |sRGB Type de scène |Photographié directement Vitesse d'obturation|7,03 EV (1/131 sec.) Version d'exif |Exif version 2.2 FlashPixVersion |FlashPix version 1.0 Latitude Nord ou Sud|N Latitude |49, 37, 3,3312 Longitude Est ou Oue|E Longitude | 3, 12, 10,7891 Référence d'altitude|Niveau de la mer Altitude |72,626 Heure GPS (horloge a|14:26:04,00 Nom de la méthode de|12 octets de données inconnues Date GPS |2020:05:02 Index d'interopérabi|R98 Version d'interopéra|0100 --------------------+---------------------------------------------------------- Les données EXIF contiennent une vignette (11638 octets). @Herman, $ urpmq -i exif Summary : Command line tools to access EXIF extensions in JPEG files Description : Most digital cameras produce EXIF files, which are JPEG files with extra tags that contain information about the image. The EXIF library allows you to parse an EXIF file and read the data from those tags. This package contains a command line frontend for the EXIF library. I really don't think it can be tested on RAW files like NEF (NIKON)... MGA7-OK-64 for me. CC:
(none) =>
ouaurelien
Aurelien Oudelet
2020-11-13 18:03:53 CET
Whiteboard:
(none) =>
MGA7-64-OK No installation issues. Using exif on an image from a Canon digital camera, I get the following:
$ exif IMG_0704.JPG
EXIF tags in 'IMG_0704.JPG' ('Intel' byte order):
--------------------+----------------------------------------------------------
Tag |Value
--------------------+----------------------------------------------------------
Manufacturer |Canon
Model |Canon PowerShot A540
Orientation |Left-bottom
X-Resolution |180
Y-Resolution |180
Resolution Unit |Inch
Date and Time |2020:08:06 20:43:34
YCbCr Positioning |Centered
Compression |JPEG compression
X-Resolution |180
Y-Resolution |180
Resolution Unit |Inch
Exposure Time |1/60 sec.
F-Number |f/2.6
Exif Version |Exif Version 2.2
Date and Time (Origi|2020:08:06 20:43:34
Date and Time (Digit|2020:08:06 20:43:34
Components Configura|Y Cb Cr -
Compressed Bits per | 5
Shutter Speed |5.91 EV (1/60 sec.)
Aperture |2.75 EV (f/2.6)
Exposure Bias |0.00 EV
Maximum Aperture Val|2.75 EV (f/2.6)
Metering Mode |Pattern
Flash |Flash fired, auto mode, red-eye reduction mode
Focal Length |5.8 mm
Maker Note |1882 bytes undefined data
User Comment |
FlashPixVersion |FlashPix Version 1.0
Color Space |sRGB
Pixel X Dimension |2816
Pixel Y Dimension |2112
Focal Plane X-Resolu|12515.556
Focal Plane Y-Resolu|12497.041
Focal Plane Resoluti|Inch
Sensing Method |One-chip color area sensor
File Source |DSC
Custom Rendered |Normal process
Exposure Mode |Auto exposure
White Balance |Auto white balance
Digital Zoom Ratio |1.0000
Scene Capture Type |Standard
Interoperability Ind|R98
Interoperability Ver|0100
RelatedImageWidth |2816
RelatedImageLength |2112
--------------------+----------------------------------------------------------
EXIF data contains a thumbnail (4491 bytes).
I saw similar data from images taken by an Olympus camera.
@Herman: Attempting to get exif data from a jpg image that wasn't directly from a camera, one that had been edited with The GIMP or created with a scanner, resulted in the same error messages you saw.
Validating. Advisory in Comment 2.Keywords:
(none) =>
validated_update Urpmq --whatrequires shows Thunar to have lib64exif12 as a dependency, and Thunar also shows some exif data with the "Image" tab under "Properties" for jpg images that were directly from a camera, confirming the update. Advisory pushed to SVN. Keywords:
(none) =>
advisory An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0426.html Status:
ASSIGNED =>
RESOLVED |