Bug 27842

Summary: jasper new security issue CVE-2020-27828
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: geiger.david68210, ouaurelien, sysadmin-bugs, tarazed25
Version: 7Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA7-64-OK
Source RPM: jasper-2.0.19-1.mga7.src.rpm CVE:
Status comment:

Description David Walser 2020-12-16 01:03:02 CET 
David Geiger fixed a CVE in jasper in Cauldron, but forgot to file a bug.

Fixed upstream in 2.0.23:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-27828
Comment 1 David GEIGER 2020-12-16 10:38:28 CET 
Done for mga7!
Comment 2 David Walser 2020-12-16 15:12:16 CET 
Advisory:
========================

Updated jasper packages fix security vulnerability:

There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted
input provided to jasper by an attacker could cause an arbitrary out-of-bounds
write. This could potentially affect data confidentiality, integrity, or
application availability (CVE-2020-27828).

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-27828
https://github.com/jasper-software/jasper/releases/tag/version-2.0.23
========================

Updated packages in core/updates_testing:
========================
jasper-2.0.23-1.mga7
libjasper4-2.0.23-1.mga7
libjasper-devel-2.0.23-1.mga7

from jasper-2.0.23-1.mga7.src.rpm

Assignee: geiger.david68210 => qa-bugs
CC: (none) => geiger.david68210

Comment 3 Len Lawrence 2020-12-16 17:25:55 CET 
mga7, x64

CVE-2020-27828
https://github.com/jasper-software/jasper/issues/252
$ jasper --input sample.pgx --output out2 --output-format jpc -O numrlvls=40
invalid number of guard bits
munmap_chunk(): invalid pointer
Aborted (core dumped)

Updated the three packages.
$ jasper --input sample.pgx --output out2 --output-format jpc -O numrlvls=40
number of resolution levels exceeds maximum 33
invalid JP encoder options
jpc_encode failed
error: cannot encode image

Patched OK.

Ran some tests used earlier.
$ jasper --input ht2jk.jpg --output-format jp2 --output riverpan.jp2
$ ll riverpan.jp2 
-rw-r--r-- 1 lcl lcl 1570642 Dec 16  2020 riverpan.jp2
Looks fine  using 'display'.
$ imginfo -f riverpan.jp2
jp2 3 2816 558 8 4713984

$ jasper -f sail.j2k -F sail.bmp -T bmp
$ display sail.bmp
That looks fine.
$ imginfo -f sail.bmp
THE BMP FORMAT IS NOT FULLY SUPPORTED!
THAT IS, THE JASPER SOFTWARE CANNOT DECODE ALL TYPES OF BMP DATA.
IF YOU HAVE ANY PROBLEMS, PLEASE TRY CONVERTING YOUR IMAGE DATA
TO THE PNM FORMAT, AND USING THIS FORMAT INSTEAD.
bmp 3 640 480 8 921600
$ imginfo -f sail.ppm
pnm 3 640 480 8 921600

Reckon this is good enough.

CC: (none) => tarazed25
Whiteboard: (none) => MGA7-64-OK

Comment 4 Aurelien Oudelet 2020-12-17 10:41:18 CET 
Validating.
Advisory pushed to SVN.

CC: (none) => ouaurelien, sysadmin-bugs
Keywords: (none) => advisory, validated_update

Comment 5 Mageia Robot 2020-12-17 14:12:20 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2020-0463.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED