| Summary: | jhead new security issues CVE-2020-6624 CVE-2020-6625 CVE-2021-3496 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | andrewsfarm, herman.viaene, sysadmin-bugs |
| Version: | 8 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA7TOO MGA7-64-OK MGA8-64-OK | ||
| Source RPM: | jhead-3.04-2.mga8.src.rpm | CVE: | |
| Status comment: | Fixed upstream in 3.06.0.1 | ||
|
Description
David Walser
2021-05-30 23:36:58 CEST
David Walser
2021-05-30 23:37:11 CEST
Whiteboard:
(none) =>
MGA7TOO Pushed the following pkgs to core/updates_testing: jhead-3.06.0.1-1.mga7 jhead-3.06.0.1-1.mga8 Assignee:
jani.valimaa =>
qa-bugs PoC's: https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1858744 https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1858746 https://github.com/Matthias-Wandel/jhead/issues/33 Advisory: ======================== Updated jhead package fixes security vulnerabilities: jhead through 3.04 has a heap-based buffer over-read in process_DQT in jpgqguess.c (CVE-2020-6624). jhead through 3.04 has a heap-based buffer over-read in Get32s when called from ProcessGpsInfo in gpsinfo.c (CVE-2020-6625). A heap-based buffer overflow was found in jhead in version 3.06 in Get16u() in exif.c when processing a crafted file (CVE-2021-3496). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6624 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6625 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3496 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SCW5XBSBEM6OUDLCSLS5UW7BSRNESS4J/ https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JPTEPBJVJFSKKHSTZER2JVIMRP7MGN2C/ MGA7-64 Plasma on Lenovo B50 No installation issues. This is a toot to read EXIF from jpg $ jhead gedraaid.jpg File name : gedraaid.jpg File size : 1342848 bytes File date : 2021:06:23 15:18:47 Camera make : Canon Camera model : Canon IXUS 240 HS Date/Time : 2014:01:19 14:55:48 Resolution : 3456 x 4608 Flash used : No Focal length : 15.4mm (35mm equivalent: 90mm) CCD width : 6.17mm Exposure time: 0.125 s (1/8) Aperture : f/5.6 Focus dist. : 1.53m ISO equiv. : 1600 Whitebalance : Auto Metering Mode: pattern JPEG Quality : 75 Looks OK CC:
(none) =>
herman.viaene $ jhead ~/Download/whatididntlearninschool.jpg File name : /home/<user>/Download/whatididntlearninschool.jpg File size : 48621 bytes File date : 2015:08:22 06:24:23 Resolution : 500 x 500 Jpeg process : Progressive JPEG Quality : 71 ======= IPTC data: ======= OriginalTransmissionReference: PxkB_AgQm20tlacYorZI Spec. Instr. : FBMD01000abe03000043110000882a0000822b0000dc2c0000c44d0000ec7300001e770000d4790000257d0000edbd0000 Looks OK on x86_64. Whiteboard:
MGA7TOO MGA7-64-OK =>
MGA7TOO MGA7-64-OK MGA8-64-OK Validating. Advisory in Comment 2. Keywords:
(none) =>
validated_update
Thomas Backlund
2021-07-10 12:11:58 CEST
Keywords:
(none) =>
advisory An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0328.html Resolution:
(none) =>
FIXED This update also fixed CVE-2021-2827[68]: https://ubuntu.com/security/notices/USN-6098-1 (In reply to David Walser from comment #7) > This update also fixed CVE-2021-2827[68]: > https://ubuntu.com/security/notices/USN-6098-1 as well as CVE-2020-26208. (In reply to David Walser from comment #7) > This update also fixed CVE-2021-2827[68]: > https://ubuntu.com/security/notices/USN-6098-1 as well as CVE-2021-2827[57]: https://ubuntu.com/security/notices/USN-6110-1 |