15910 – libraw, dcraw, ufraw, rawtherapee, kodi, darktable new integer overflow security issue (CVE-2015-3885)

Bug 15910 - libraw, dcraw, ufraw, rawtherapee, kodi, darktable new integer overflow security issue (CVE-2015-3885)

Summary: libraw, dcraw, ufraw, rawtherapee, kodi, darktable new integer overflow secur...

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	4
Hardware:	i586 Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	Mageia Bug Squad
QA Contact:	Sec team

URL:	http://lwn.net/Vulnerabilities/644511/
Whiteboard:
Keywords:

Depends on:	15915 15925 15926 15927 15928
Blocks:
	Show dependency tree / graph

Reported:	2015-05-11 21:13 CEST by David Walser
Modified:	2015-05-14 17:35 CEST (History)
CC List:	5 users (show)

See Also:
Source RPM:	libraw, dcraw, ufraw, rawtherapee, kodi, darktable
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2015-05-11 21:13:04 CEST

An advisory has been issued today (May 11):
http://www.ocert.org/advisories/ocert-2015-006.html

We have another monster libraw bug like Bug 11149.

I have committed the libraw 0.16.1 update in Cauldron and asked for a freeze push.

Reproducible: 

Steps to Reproduce:

David Walser 2015-05-11 21:13:32 CEST

CC: (none) => anssi.hannula, fundawang, jani.valimaa, rverschelde, shlomif
Whiteboard: (none) => MGA5TOO, MGA4TOO

Comment 1 David Walser 2015-05-11 23:46:55 CEST

Just for future reference, libraw-0.16.1 is pushed in mga5/Cauldron.  Plenty more work to go :o)

Comment 2 Shlomi Fish 2015-05-12 13:30:01 CEST

I applied a patch to it in dcraw-9.22-4.mga5.src.rpm but it still needs to be pushed.

Rémi Verschelde 2015-05-12 14:44:20 CEST

Blocks: (none) => 15915

Rémi Verschelde 2015-05-12 14:44:41 CEST

Blocks: 15915 => (none)
Depends on: (none) => 15915

Comment 3 David Walser 2015-05-12 22:40:26 CEST

dcraw-9.22-4.mga5 and darktable-1.6.6-1.mga5 uploaded for Cauldron.

Comment 4 David Walser 2015-05-12 23:15:09 CEST

CVE-2015-3885 has been assigned:
http://openwall.com/lists/oss-security/2015/05/12/8

Summary: libraw, dcraw, ufraw, rawtherapee, kodi, darktable new integer overflow security issue => libraw, dcraw, ufraw, rawtherapee, kodi, darktable new integer overflow security issue (CVE-2015-3885)

Comment 5 David Walser 2015-05-13 00:18:38 CEST

Patches checked into Mageia 4 and Cauldron SVN for ufraw and rawtherapee.  Freeze pushes requested.

Comment 6 David Walser 2015-05-13 00:24:39 CEST

Patch checked into Mageia 4 SVN for libraw.

Everything is at least patched in SVN and freeze push requested except for kodi.

Comment 7 David Walser 2015-05-13 15:39:03 CEST

ufraw-0.19.2-10.mga5 and rawtherapee-4.1-4.mga5 uploaded for Cauldron.

David Walser 2015-05-13 16:18:47 CEST

Depends on: (none) => 15925

David Walser 2015-05-13 16:18:55 CEST

Depends on: (none) => 15926

David Walser 2015-05-13 16:19:03 CEST

Depends on: (none) => 15927

David Walser 2015-05-13 16:21:35 CEST

Depends on: (none) => 15928

Comment 8 David Walser 2015-05-13 16:22:33 CEST

Solved for everything except for xbmc/kodi.

Version: Cauldron => 4
Whiteboard: MGA5TOO, MGA4TOO => (none)

Comment 9 David Walser 2015-05-13 20:28:03 CEST

I'm going to close the tracker since we have all we need in Bugzilla in the remaining xbmc/kodi bug.

Status: NEW => RESOLVED
Resolution: (none) => FIXED

David Walser 2015-05-14 17:35:54 CEST

URL: (none) => http://lwn.net/Vulnerabilities/644511/

Note You need to log in before you can comment on or make changes to this bug.