Mageia Bugzilla – Bug 10768
[Security update candidate] libkdcraw
Last modified: 2014-05-08 18:04:41 CEST
libkdcraw has an embded copies of libraw which is affected by a security issue, this update add a patch to fix this issue
src.rpm : libkdcraw-4.8.5-1.2.mga2.src.rpm
Files on x86_64 :
Files on i586 :
Proposal Advisory :
« This update fix a security issue affecting due to a possible double-free() on error recovery on damaged full-color (Foveon, sRAW) files. (CVE 2013-2126)
You can read http://secunia.com/advisories/53547/ for more information
Steps to Reproduce:
No poc, so just need to ensure programs like kphotoalbum, krita, and showfoto
all work, with various image types.
Testing complete mga2 64
Opened several raw format photos (Cannon CR2, Nikon CR2 & an NEF)in showfoto under strace.
It displas information on each image after loading. Grep for kdcraw shows it loading the library files.
Testing complete mga2 32
It's actually two different Canon CR2's and a Nikon NEF raw format images.
Validating. Advisory from comment 0 already uploaded.
Could sysadmin please push from 2 core/updates_testing to core/updates