Bug 6758

Patched package uploaded for Mageia 1, Mageia 2, and Cauldron.

Advisory:
========================

Updated openjpeg packages fix security vulnerability:

An input validation flaw, leading to a heap-based buffer overflow, was
found in the way OpenJPEG handled the tile number and size in an image
tile header. A remote attacker could provide a specially-crafted image
file that, when decoded using an application linked against OpenJPEG,
would cause the application to crash or, potentially, execute arbitrary
code with the privileges of the user running the application
(CVE-2012-3358).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3358
https://rhn.redhat.com/errata/RHSA-2012-1068.html
========================

Updated packages in core/updates_testing:
========================
libopenjpeg2-1.3-7.1.mga1
libopenjpeg-devel-1.3-7.1.mga1
openjpeg-1.5.0-1.3.mga2
libopenjpeg1-1.5.0-1.3.mga2
libopenjpeg-devel-1.5.0-1.3.mga2

from SRPMS:
openjpeg-1.3-7.1.mga1.src.rpm
openjpeg-1.5.0-1.3.mga2.src.rpm

Version: Cauldron => 2
Assignee: bugsquad => qa-bugs
Whiteboard: MGA2TOO, MGA1TOO => MGA1TOO

If I got everything right, this was fixed in the same commit as this bug: https://bugs.mageia.org/show_bug.cgi?id=6624
But I guess we didn't apply both patches previously?

See http://code.google.com/p/openjpeg/source/detail?r=1703 for details, http://code.google.com/p/openjpeg/issues/detail?id=62 for a PoC for this bug.

Could anybody check I'm not missing something here? I'm not sure how exactly (or if) this is related to https://bugs.mageia.org/show_bug.cgi?id=6624.

Also, the SRPM version of one of the packages here (openjpeg-1.3-7.1.mga1.src.rpm) is identical to the one used here: https://bugs.mageia.org/show_bug.cgi?id=6624
Is this correct?

CC: (none) => wassi

CVE-2009-5030 from the previous update was fixed in revision 1703.

CVE-2012-3358 for this update was fixed in revision 1727:
https://bugzilla.redhat.com/show_bug.cgi?id=835767

I did forget to bump the subrel for the Mageia 1 update, thanks for catching.

Update for Mageia 1 rebuilt.

Advisory:
========================

Updated openjpeg packages fix security vulnerability:

An input validation flaw, leading to a heap-based buffer overflow, was
found in the way OpenJPEG handled the tile number and size in an image
tile header. A remote attacker could provide a specially-crafted image
file that, when decoded using an application linked against OpenJPEG,
would cause the application to crash or, potentially, execute arbitrary
code with the privileges of the user running the application
(CVE-2012-3358).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3358
https://rhn.redhat.com/errata/RHSA-2012-1068.html
========================

Updated packages in core/updates_testing:
========================
libopenjpeg2-1.3-7.2.mga1
libopenjpeg-devel-1.3-7.2.mga1
openjpeg-1.5.0-1.3.mga2
libopenjpeg1-1.5.0-1.3.mga2
libopenjpeg-devel-1.5.0-1.3.mga2

from SRPMS:
openjpeg-1.3-7.2.mga1.src.rpm
openjpeg-1.5.0-1.3.mga2.src.rpm

Severity: normal => major

There doesn't seem to be a PoC for this one so just testing it still works with the same procedure as bug 6624

Testing complete mga2 64

Hardware: i586 => All
Whiteboard: MGA1TOO => MGA1TOO mga2-64-OK

Testing complete mga1 64

Whiteboard: MGA1TOO mga2-64-OK => MGA1TOO mga2-64-OK mga1-64-OK

Testing complete mga1 32

Whiteboard: MGA1TOO mga2-64-OK mga1-64-OK => MGA1TOO mga2-64-OK mga1-64-OK mga1-32-OK

Testing complete mga2 32

CC: (none) => malo
Whiteboard: MGA1TOO mga2-64-OK mga1-64-OK mga1-32-OK => MGA1TOO mga2-64-OK mga1-64-OK mga1-32-OK mga2-32-OK

Validating, thanks malo

Please see comment 3 for advisory and srpms for mga1 and 2

Could sysadmin please push from core/updates_testing to core/updates

Thanks!

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0166

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED