| Summary: | freeimage new security issues CVE-2023-47995 and CVE-2023-47997 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Nicolas Salguero <nicolas.salguero> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, sysadmin-bugs |
| Version: | 9 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA9-64-OK | ||
| Source RPM: | freeimage-3.18.0-10.mga9.src.rpm | CVE: | CVE-2023-47995, CVE-2023-47997 |
| Status comment: | |||
|
Description
Nicolas Salguero
2024-03-20 09:56:22 CET
Nicolas Salguero
2024-03-20 09:57:13 CET
Whiteboard:
(none) =>
MGA9TOO [ 1 ] Bug #2257661 - CVE-2023-47995 freeimage: Buffer Overflow vulnerability in FreeImage_AllocateBitmap [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2257661 http://bugzilla.redhat.com/show_bug.cgi?id=2257652 https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47995 just documents the fault in code detail, but offers no cure yet. [ 2 ] Bug #2257665 - CVE-2023-47997 freeimage: infinite loop exits in Load in PluginTIFF.cpp [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2257665 http://bugzilla.redhat.com/show_bug.cgi?id=2257654 https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47997 Same scenario: ends up documenting the fault in code detail, but no fix offered yet. So what do we do? CC:
(none) =>
lewyssmith BUT, re the CVEs, the advisory does say: "Add downstream fixes for CVE-2023-47995 and CVE-2023-47997. -------------------------------------------------------------------------------- ChangeLog: * Sun Mar 10 2024 Sandro Mani <manisandro(a)gmail.com> - 3.19.0-0.23.svn1909 - Add downstream patches for CVE-2023-47997, CVE-2023-47995 "This update can be installed with the "dnf" update program." So there is a fix lurking somewhere... I could find nothing on the project site. The Fedora advisory mentions two parallel issues: [ 3 ] Bug #2257666 - CVE-2023-47995 mingw-freeimage: FreeImage: Buffer Overflow vulnerability in FreeImage_AllocateBitmap [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2257666 [ 4 ] Bug #2257670 - CVE-2023-47997 mingw-freeimage: FreeImage: infinite loop exits in Load in PluginTIFF.cpp [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2257670 We do not seem to have these mingw things. CC:
lewyssmith =>
(none) Suggested advisory: ======================== The updated packages fix security vulnerabilities: Buffer Overflow vulnerability in FreeImage_AllocateBitmap. (CVE-2023-47995) Infinite loop exits in Load in PluginTIFF.cpp. (CVE-2023-47997) References: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VLDUDJOWZAKBQMQ7XYNJTRCFPOB56BOE/ ======================== Updated packages in core/updates_testing: ======================== lib(64)freeimage3-3.18.0-10.1.mga9 lib(64)freeimage-devel-3.18.0-10.1.mga9 lib(64)freeimageplus3-3.18.0-10.1.mga9 from SRPM: freeimage-3.18.0-10.1.mga9.src.rpm Status:
NEW =>
ASSIGNED
katnatek
2024-03-22 19:56:22 CET
Keywords:
(none) =>
advisory RH mageia 9 x86_64
LC_ALL=C urpmi --auto --auto-update
medium "QA Testing (32-bit)" is up-to-date
medium "QA Testing (64-bit)" is up-to-date
medium "Core Release (distrib1)" is up-to-date
medium "Core Updates (distrib3)" is up-to-date
medium "Nonfree Release (distrib11)" is up-to-date
medium "Nonfree Updates (distrib13)" is up-to-date
medium "Tainted Release (distrib21)" is up-to-date
medium "Tainted Updates (distrib23)" is up-to-date
medium "Core 32bit Release (distrib31)" is up-to-date
medium "Core 32bit Updates (distrib32)" is up-to-date
medium "Nonfree 32bit Release (distrib36)" is up-to-date
medium "Tainted 32bit Release (distrib41)" is up-to-date
medium "Tainted 32bit Updates (distrib42)" is up-to-date
installing lib64freeimageplus3-3.18.0-10.1.mga9.x86_64.rpm lib64freeimage3-3.18.0-10.1.mga9.x86_64.rpm lib64freeimage-devel-3.18.0-10.1.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64
Preparing... ######################################################################################
1/3: lib64freeimage3 ######################################################################################
2/3: lib64freeimageplus3 ######################################################################################
3/3: lib64freeimage-devel ######################################################################################
1/3: removing lib64freeimage-devel-1:3.18.0-10.mga9.x86_64
######################################################################################
2/3: removing lib64freeimageplus3-1:3.18.0-10.mga9.x86_64
######################################################################################
3/3: removing lib64freeimage3-1:3.18.0-10.mga9.x86_64
######################################################################################
writing /var/lib/rpm/installed-through-deps.list
The following packages:
libimath3_1_29-3.1.6-3.mga9.i586
libjxr-devel-1.1-6.mga9.i586
libjxr0-1.1-6.mga9.i586
are now orphaned, if you wish to remove them, you can use "urpme --auto-orphans"
Not sure why the orphans
urpmq --whatrequires lib64freeimage3
lib64abydos0.2-plugins
lib64abydos0.2-plugins
lib64cegui0_2
lib64freeimage-devel
lib64freeimage3
lib64freeimageplus3
lib64harbour-freeimage3
lib64ogre1.9.1
megasync
navit
nvidia-cuda-toolkit-samples-bins
photoqt
posterazor
slade
Test posterazor not issues detected
katnatek
2024-03-23 18:55:06 CET
CC:
(none) =>
andrewsfarm
katnatek
2024-03-23 18:57:06 CET
Whiteboard:
(none) =>
MGA9-64-OK Save me of myself if the test is not enough Looks OK to me. Validating. Keywords:
(none) =>
validated_update An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0087.html Status:
ASSIGNED =>
RESOLVED |