15926 – dcraw and ufraw new integer overflow security issue (CVE-2015-3885)

Bug 15926 - dcraw and ufraw new integer overflow security issue (CVE-2015-3885)

Summary: dcraw and ufraw new integer overflow security issue (CVE-2015-3885)

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	4
Hardware:	i586 Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:	http://lwn.net/Vulnerabilities/644511/
Whiteboard:	has_procedure advisory mga4-32-ok mga...
Keywords:	validated_update

Depends on:
Blocks:	15910
	Show dependency tree / graph

Reported:	2015-05-13 16:18 CEST by David Walser
Modified:	2015-05-14 17:36 CEST (History)
CC List:	1 user (show)

See Also:
Source RPM:	dcraw, ufraw
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2015-05-13 16:18:55 CEST

+++ This bug was initially created as a clone of Bug #15910 +++

An advisory has been issued today (May 11):
http://www.ocert.org/advisories/ocert-2015-006.html

Patched packages uploaded for Mageia 4 and Cauldron.

Advisory:
========================

Updated dcraw and ufraw packages fix security vulnerability:

The dcraw tool suffers from an integer overflow condition which lead to a
buffer overflow. The vulnerability concerns the 'len' variable, parsed without
validation from opened images, used in the ljpeg_start() function. A
maliciously crafted raw image file can be used to trigger the vulnerability,
causing a Denial of Service condition (CVE-2015-3885).

The ufraw package also contains the affected code.  The dcraw and ufraw
packages have been patched to fix this issue.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3885
http://www.ocert.org/advisories/ocert-2015-006.html
========================

Updated packages in core/updates_testing:
========================
dcraw-9.19-3.1.mga4
dcraw-gimp2.0-9.19-3.1.mga4
ufraw-0.19.2-5.1.mga4
ufraw-batch-0.19.2-5.1.mga4
ufraw-gimp-0.19.2-5.1.mga4

from SRPMS:
dcraw-9.19-3.1.mga4.src.rpm
ufraw-0.19.2-5.1.mga4.src.rpm

Comment 1 claire robinson 2015-05-13 16:46:26 CEST

Can be tested by opening various raw type images.

eg.

$ ufraw

opens a file chooser dialogue and displays the images chosen.

$ dcraw -i *.CR2 *.NEF
_MG_8882.CR2 is a Canon EOS 30D image.
RAW_CANON_450D.CR2 is a Canon EOS 450D image.
RAW_NIKON_D100.NEF is a Nikon D100 image.

or with -v to display more image info.

Whiteboard: (none) => has_procedure

Comment 2 claire robinson 2015-05-13 17:05:28 CEST

Testing complete mga4 64, as comment 1.

Whiteboard: has_procedure => has_procedure mga4-64-ok

Comment 3 claire robinson 2015-05-13 17:11:51 CEST

Testing complete mga4 32

claire robinson 2015-05-13 17:13:22 CEST

Whiteboard: has_procedure mga4-64-ok => has_procedure mga4-32-ok mga4-64-ok

Comment 4 claire robinson 2015-05-13 18:00:07 CEST

Validating. Advisory uploaded.

Please push to 4 updates

Thanks

Keywords: (none) => validated_update
Whiteboard: has_procedure mga4-32-ok mga4-64-ok => has_procedure advisory mga4-32-ok mga4-64-ok
CC: (none) => sysadmin-bugs

Comment 5 Mageia Robot 2015-05-13 19:19:52 CEST

An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2015-0225.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

David Walser 2015-05-14 17:36:06 CEST

URL: (none) => http://lwn.net/Vulnerabilities/644511/

Note You need to log in before you can comment on or make changes to this bug.