| Summary: | leptonica new security issues CVE-2020-3627[7-9] and CVE-2020-3628[0-1] | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | andrewsfarm, ouaurelien, sysadmin-bugs, tarazed25, zen25000 |
| Version: | 7 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA7-64-OK | ||
| Source RPM: | leptonica-1.78.0-1.mga7.src.rpm | CVE: | CVE-2020-3627[7-9] and CVE-2020-3628[0-1] |
| Status comment: | |||
| Attachments: | Test image for OCR | ||
|
Description
David Walser
2021-05-28 22:43:30 CEST
David Walser
2021-05-28 22:43:43 CEST
Status comment:
(none) =>
Fixed upstream in 1.80.0 Fedora has issued an advisory for this on April 19: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JQUEA2X6UTH4DMYCMZAWE2QQLN5YANUA/
leptonica-1-80-0 has been submitted to 7/core/updates_testing
#####################
Advisory
This update fixes several heap-based buffer overflow and DoS vulnerabilities.
###################
References
From redhat:
[ 1 ] Bug #1939138 - CVE-2020-36281 leptonica: heap-based buffer overflow in
pixFewColorsOctcubeQuantMixed in colorquant1.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1939138
[ 2 ] Bug #1939139 - CVE-2020-36281 mingw-leptonica: leptonica: heap-based buffer
overflow in pixFewColorsOctcubeQuantMixed in colorquant1.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1939139
[ 3 ] Bug #1939194 - CVE-2020-36277 leptonica: DoS via an incorrect left shift in
pixConvert2To8 in pixconv.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1939194
[ 4 ] Bug #1939195 - CVE-2020-36277 mingw-leptonica: leptonica: DoS via an incorrect
left shift in pixConvert2To8 in pixconv.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1939195
[ 5 ] Bug #1939196 - CVE-2020-36277 leptonica: DoS via an incorrect left shift in
pixConvert2To8 in pixconv.c [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1939196
[ 6 ] Bug #1939201 - CVE-2020-36278 leptonica: heap-based buffer overflow in
findNextBorderPixel in ccbord.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1939201
[ 7 ] Bug #1939202 - CVE-2020-36278 mingw-leptonica: leptonica: heap-based buffer
overflow in findNextBorderPixel in ccbord.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1939202
[ 8 ] Bug #1939207 - CVE-2020-36279 leptonica: heap-based buffer overflow in
rasteropGeneralLow [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1939207
[ 9 ] Bug #1939208 - CVE-2020-36279 mingw-leptonica: leptonica: heap-based buffer
overflow in rasteropGeneralLow [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1939208
[ 10 ] Bug #1939211 - CVE-2020-36280 leptonica: heap-based buffer overflow in
pixReadFromTiffStream [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1939211
[ 11 ] Bug #1939212 - CVE-2020-36280 mingw-leptonica: leptonica: heap-based buffer
overflow in pixReadFromTiffStream [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1939212
#################
Affected rpms
lib64leptonica5-1.80.0-1.mga7.x86_64.rpm
lib64leptonica-devel-1.80.0-1.mga7.x86_64.rpm
leptonica-debugsource-1.80.0-1.mga7.x86_64.rpm
lib64leptonica5-debuginfo-1.80.0-1.mga7.x86_64.rpm
libleptonica5-1.80.0-1.mga7.i586.rpm
libleptonica-devel-1.80.0-1.mga7.i586.rpm
leptonica-debugsource-1.80.0-1.mga7.i586.rpm
libleptonica5-debuginfo-1.80.0-1.mga7.i586.rpm
leptonica-1.80.0-1.mga7.src.rpm
################
Testing
No idea sorry.
Barry Jackson
2021-06-23 15:53:17 CEST
Assignee:
zen25000 =>
qa-bugs
David Walser
2021-06-23 19:21:10 CEST
CC:
(none) =>
zen25000 Mageia7, x86_64 Ran tesseract, an OCR application, before updating leptonica. Original text in a bold font as a JPEG image: ---------------- Carol & Tommy ---------------- $ tesseract abc.jpg abc --psm 5 $ cat abc.txt g - - Sel ---------------- Tried PNG input format: $ tesseract abc.png abc_png --psm 5 Tesseract Open Source OCR Engine v4.0.0 with Leptonica Warning: Invalid resolution 0 dpi. Using 70 instead. $ cat abc_png.txt g w £ S e S ---------------- Not very useful really - can only assume that it is very fussy about fonts. No time to experiment. Updated the two libraries. $ tesseract abc.jpg abc --psm 5 Tesseract Open Source OCR Engine v4.0.0 with Leptonica Warning: Invalid resolution 0 dpi. Using 70 instead. $ cat abc.txt g - - Sel ---------------- The PNG image renedered the same text as before as well. So no obvious regression. Passing this for mga7. CC:
(none) =>
tarazed25 Addendum to comment 3. The application does work in some circumstances - tried an old test file and got near perfect results. $ tesseract test.tiff test1 --psm 4 Tesseract Open Source OCR Engine v4.0.0 with Leptonica Page 1 $ cat test1.txt 6. MAINTENANCE AND ADJUSTMENTS 6-1. GENERAL INFORMATION Notos Your transceiver has been factory aligned and 1. Record the date of purchase, serial number and tested to specification before shipment. Under dealer from whom purchased. _ normal circumstances the transceiver will operate 2. For your own information, retain a written record in accordance with these operating instructions. All of any maintenance performed on the unit. adjustable trimmers and coils in your transceiver 3. When claiming warranty service, please include were preset at the factory and should only be a photocopy of _the bill of sale, or other proof of readjusted by a qualified technician with proper purchase showing the date of sale. test equipment. Attempting service or alignment without factory authorization can void the transceiver's warranty. 6-3. CLEANING ----------------------------------------------------------------- Alignment is not preserved but that should not be expected because text was arranged in separate non-aligned blocks in two different font sizes. It is good anyway. Created attachment 12820 [details]
Test image for OCR
Validating. Advisory in Comment 2. CC:
(none) =>
andrewsfarm, sysadmin-bugs Advisory: ======================== Updated leptonica packages fix security vulnerabilities Leptonica before 1.80.0 allows a denial of service (application crash) via an incorrect left shift in pixConvert2To8 in pixconv.c (CVE-2020-36277). Leptonica before 1.80.0 allows a heap-based buffer over-read in findNextBorderPixel in ccbord.c (CVE-2020-36278). Leptonica before 1.80.0 allows a heap-based buffer over-read in rasteropGeneralLow, related to adaptmap_reg.c and adaptmap.c (CVE-2020-36279). Leptonica before 1.80.0 allows a heap-based buffer over-read in pixReadFromTiffStream, related to tiffio.c (CVE-2020-36280). Leptonica before 1.80.0 allows a heap-based buffer over-read in pixFewColorsOctcubeQuantMixed in colorquant1.c (CVE-2020-36281). References: - https://bugs.mageia.org/show_bug.cgi?id=28994 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36277 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36278 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36279 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36280 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36281 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JQUEA2X6UTH4DMYCMZAWE2QQLN5YANUA/ - https://www.debian.org/lts/security/2021/dla-2612 ======================== Updated packages in core/updates_testing: ======================== lib(64)leptonica5-1.80.0-1.mga7 lib(64)leptonica-devel-1.80.0-1.mga7 leptonica-debugsource-1.80.0-1.mga7 lib(64)leptonica5-debuginfo-1.80.0-1.mga7 from SRPM: leptonica-1.80.0-1.mga7 CVE:
(none) =>
CVE-2020-3627[7-9] and CVE-2020-3628[0-1]
Aurelien Oudelet
2021-06-28 21:12:31 CEST
Keywords:
(none) =>
advisory An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0290.html Resolution:
(none) =>
FIXED |