Bug 33134

Summary: jasper new security issue CVE-2024-31744
Product: Mageia Reporter: Nicolas Salguero <nicolas.salguero>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: andrewsfarm, dan, sysadmin-bugs
Version: 9Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA9-64-OK
Source RPM: jasper-4.2.1-1.mga10.src.rpm CVE: CVE-2024-31744
Status comment: Fixed upstream in 4.2.3 and patch available from upstream

Description Nicolas Salguero 2024-04-23 16:12:42 CEST 
SUSE has issued an advisory on April 23:
https://lwn.net/Articles/970881/

The problem is fixed in version 4.2.3 or with the following commit:
https://github.com/jasper-software/jasper/commit/6d084c53a77762f41bb5310713a5f1872fef55f5

Mageia 9 is also affected.
Nicolas Salguero 2024-04-23 16:13:18 CEST

Whiteboard: (none) => MGA9TOO
Source RPM: (none) => jasper-4.2.1-1.mga10.src.rpm
Status comment: (none) => Fixed upstream in 4.2.3 and patch available from upstream
CVE: (none) => CVE-2024-31744

Comment 1 Lewis Smith 2024-04-24 21:10:10 CEST 
Assigning to DavidG as you put up jasper v4.2.1, and generally maintain it.

Assignee: bugsquad => geiger.david68210

Comment 2 David GEIGER 2024-04-25 00:34:55 CEST 
Assigning to QA,

Packages in 9/Core/Updates_testing:
======================
jasper-3.0.6-1.1.mga9
libjasper-devel-3.0.6-1.1.mga9
libjasper6-3.0.6-1.1.mga9
lib64jasper-devel-3.0.6-1.1.mga9
lib64jasper6-3.0.6-1.1.mga9

From SRPMS:
jasper-3.0.6-1.1.mga9.src.rpm

Whiteboard: MGA9TOO => (none)
Version: Cauldron => 9
Assignee: geiger.david68210 => qa-bugs

katnatek 2024-04-25 00:57:19 CEST

Keywords: (none) => advisory

Comment 3 katnatek 2024-04-25 01:21:09 CEST 
RH mageia 9 x86_64

Download the poc from
https://github.com/jasper-software/jasper/issues/381
Extract the file
Run the command

jasper --input-format png --input-option verbose=true --output-format jp2 --output-option quality=90 --input poc --output /tmp/file0.jp2
warning: ignoring invalid input format png
warning: ignoring invalid option verbose
warning: trailing garbage in marker segment (6 bytes)
warning: ignoring unknown marker segment (0xff67)
warning: trailing garbage in marker segment (32 bytes)
warning: not enough tile data (7 bytes)
jasper: /home/iurt/rpmbuild/BUILD/jasper-3.0.6/src/libjasper/jpc/jpc_dec.c:2407: jpc_streamlist_remove: Assertion `streamno < streamlist->numstreams' failed.
Abortado (`core' generado)      

LC_ALL=C urpmi --auto --auto-update
medium "QA Testing (32-bit)" is up-to-date
medium "QA Testing (64-bit)" is up-to-date
medium "Core Release (distrib1)" is up-to-date
medium "Core Updates (distrib3)" is up-to-date
medium "Nonfree Release (distrib11)" is up-to-date
medium "Nonfree Updates (distrib13)" is up-to-date
medium "Tainted Release (distrib21)" is up-to-date
medium "Tainted Updates (distrib23)" is up-to-date
medium "Core 32bit Release (distrib31)" is up-to-date
medium "Core 32bit Updates (distrib32)" is up-to-date
medium "Nonfree 32bit Release (distrib36)" is up-to-date
medium "Tainted 32bit Release (distrib41)" is up-to-date
medium "Tainted 32bit Updates (distrib42)" is up-to-date


installing lib64jasper6-3.0.6-1.1.mga9.x86_64.rpm jasper-3.0.6-1.1.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64
Preparing...                     ##################################################################################################
      1/2: lib64jasper6          ##################################################################################################
      2/2: jasper                ##################################################################################################
      1/2: removing jasper-3.0.6-1.mga9.x86_64
                                 ##################################################################################################
      2/2: removing lib64jasper6-3.0.6-1.mga9.x86_64
                                 ##################################################################################################

jasper --input-format png --input-option verbose=true --output-format jp2 --output-option quality=90 --input poc --output /tmp/file0.jp2
warning: ignoring invalid input format png
warning: ignoring invalid option verbose
warning: trailing garbage in marker segment (6 bytes)
warning: ignoring unknown marker segment (0xff67)
warning: trailing garbage in marker segment (32 bytes)
warning: not enough tile data (7 bytes)
alignment failed
jpc_dec_decodepkt failed
jpc_dec_decodepkts failed
jas_image_decode: decode operation failed
error: cannot load image data
katnatek 2024-04-25 01:21:25 CEST

CC: (none) => andrewsfarm

katnatek 2024-04-25 01:21:39 CEST

Whiteboard: (none) => MGA9-64-OK

Comment 4 Thomas Andrews 2024-04-25 13:26:07 CEST 
Validating.

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 5 Dan Fandrich 2024-04-25 20:22:36 CEST 
This was pushed to updates while Bugzilla was down.
https://advisories.mageia.org/MGASA-2024-0144.html

Resolution: (none) => FIXED
CC: (none) => dan
Status: NEW => RESOLVED

Comment 6 Mageia Robot 2024-04-26 08:47:54 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2024-0144.html