Bug 31594

Summary: libraw new security issue CVE-2021-32142
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: andrewsfarm, davidwhodgins, herman.viaene, nicolas.salguero, sysadmin-bugs
Version: 8Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA8-64-OK
Source RPM: libraw-0.20.2-1.mga8.src.rpm CVE:
Status comment:

Description David Walser 2023-02-24 20:24:17 CET 
SUSE has issued an advisory today (February 24):
https://lists.suse.com/pipermail/sle-security-updates/2023-February/013886.html

The issue is fixed upstream in 0.21.0/0.21.1:
https://www.libraw.org/news/libraw-0-21-release
https://www.libraw.org/news/libraw-0-21-1-release

Mageia 8 is also affected.
David Walser 2023-02-24 20:24:34 CET

Status comment: (none) => Fixed upstream in 0.21.0
Whiteboard: (none) => MGA8TOO

Comment 1 Lewis Smith 2023-02-26 19:58:08 CET 
No one packager evident for libraw, so assigning this update globally.

Assignee: bugsquad => pkg-bugs

Comment 2 Nicolas Salguero 2023-02-27 15:18:56 CET 
Suggested advisory:
========================

The updated packages fix a security vulnerability:

Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp. (CVE-2021-32142)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32142
https://lists.suse.com/pipermail/sle-security-updates/2023-February/013886.html
========================

Updated packages in core/updates_testing:
========================
lib(64)raw20-0.20.2-1.1.mga8
lib(64)raw_r20-0.20.2-1.1.mga8
lib(64)raw-devel-0.20.2-1.1.mga8
libraw-tools-0.20.2-1.1.mga8

from SRPM:
libraw-0.20.2-1.1.mga8.src.rpm

CC: (none) => nicolas.salguero
Source RPM: libraw-0.20.2-3.mga9.src.rpm => libraw-0.20.2-1.mga8.src.rpm
Version: Cauldron => 8
Status comment: Fixed upstream in 0.21.0 => (none)
Assignee: pkg-bugs => qa-bugs
Status: NEW => ASSIGNED
Whiteboard: MGA8TOO => (none)

Comment 3 Herman Viaene 2023-03-01 12:17:32 CET 
MGA8-64 MATE on Acer Aspire 5253.
No installation issues.
Followed largely lead from bug 26933 (tx Len for his files), except I don't have Fujitsy raw files.
$ multirender_test RAW_NIKON_E5700_SRGB.NEF 
Processing file RAW_NIKON_E5700_SRGB.NEF
Writing file RAW_NIKON_E5700_SRGB.NEF.1.ppm
Writing file RAW_NIKON_E5700_SRGB.NEF.2.ppm
Writing file RAW_NIKON_E5700_SRGB.NEF.3.ppm
Writing file RAW_NIKON_E5700_SRGB.NEF.4.ppm
Writing file RAW_NIKON_E5700_SRGB.NEF.5.ppm
Writing file RAW_NIKON_E5700_SRGB.NEF.6.ppm
Writing file RAW_NIKON_E5700_SRGB.NEF.7.ppm
Writing file RAW_NIKON_E5700_SRGB.NEF.8.ppm
$ postprocessing_benchmark -R 20 RAW_NIKON_E5700_SRGB.NEF 
Processing file RAW_NIKON_E5700_SRGB.NEF

246.3 msec for unpack
Performance: 0.48 Mpix/sec
File: RAW_NIKON_E5700_SRGB.NEF, Frame: 0 5.0 total Mpix, 10293.2 msec
Params:      WB=default Highlight=0 Qual=-1 HalfSize=No Median=0 Wavelet=0
Crop:        0-0:1924x2576, active Mpix: 4.96, 0.1 frames/sec
$ raw-identify  *.ORF
P7212389.ORF is a Olympus E-500 image.
P7212390.ORF is a Olympus E-500 image.
P7212391.ORF is a Olympus E-500 image.
P7212392.ORF is a Olympus E-500 image.
RAW_OLYMPUS_SP350.ORF is a Olympus SP350 image.
$ unprocessed_raw RAW_CANON_EOS_700D.CR2 
Processing file RAW_CANON_EOS_700D.CR2
Image size: 5208x3476
Raw size: 5280x3528
Margins: top=52, left=72
Unpacked....
Stored to file RAW_CANON_EOS_700D.CR2.pgm
displayed all resulting files OK with ristretto
$ unprocessed_raw -g RAW_NI
RAW_NIKON_E5700_SRGB.NEF        RAW_NIKON_E5700_SRGB.NEF.3.ppm  RAW_NIKON_E5700_SRGB.NEF.6.ppm
RAW_NIKON_E5700_SRGB.NEF.1.ppm  RAW_NIKON_E5700_SRGB.NEF.4.ppm  RAW_NIKON_E5700_SRGB.NEF.7.ppm
RAW_NIKON_E5700_SRGB.NEF.2.ppm  RAW_NIKON_E5700_SRGB.NEF.5.ppm  RAW_NIKON_E5700_SRGB.NEF.8.ppm
$ unprocessed_raw -g RAW_NIKON_E5700_SRGB.NEF
Processing file RAW_NIKON_E5700_SRGB.NEF
Image size: 2576x1924
Raw size: 2576x1924
Margins: top=0, left=0
Unpacked....
Gamma-corrected....
Stored to file RAW_NIKON_E5700_SRGB.NEF.pgm
$ gthumb *.ORF

(gthumb:25508): Gtk-WARNING **: 11:58:52.759: Theme parsing error: gtk.css:2:33: Failed to import: Error opening file /home/tester8/.config/gtk-3.0/window_decorations.css: No such file or directory
Segmentation fault (core dumped)
This segmentation fault came on leaving gtumb after I selected one of the files
[tester8@mach7 RawORF]$ gthumb *.ORF

(gthumb:25756): Gtk-WARNING **: 11:59:46.168: Theme parsing error: gtk.css:2:33: Failed to import: Error opening file /home/tester8/.config/gtk-3.0/window_decorations.css: No such file or directory
In this cas I just opened gtumb ald saw all expected files and exited. No segfault.
$ mem_image -6 RAW_CANON_EOS_700D.CR2
Processing RAW_CANON_EOS_700D.CR2
$ simple_dcraw -L | wc -l
1118
One side remark: gwenview displays all other tiff and jpeg and gif's correctly but bombs out at the generated ppm and pgm files from this test. All work out OK with ristretto.
I feel this gwenview issue is no showstopper here.

Whiteboard: (none) => MGA8-64-OK
CC: (none) => herman.viaene

Comment 4 Thomas Andrews 2023-03-01 17:36:10 CET 
Validating. Advisory in comment 2.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

Dave Hodgins 2023-03-01 18:10:35 CET

Keywords: (none) => advisory
CC: (none) => davidwhodgins

Comment 5 Mageia Robot 2023-03-01 22:16:14 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2023-0082.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED