Debian has issued an advisory on March 31: https://www.debian.org/security/2017/dsa-3825 Mageia 5 is also affected.
Whiteboard: (none) => MGA5TOO
Keywords: (none) => TriagedCC: (none) => marja11Assignee: bugsquad => jani.valimaa
Fixed in cauldron[1] and in mga5[2] core/updates_testing. [1] jhead-3.00-3.mga6 [2] jhead-2.97-4.1.mga5
CC: (none) => jani.valimaaAssignee: jani.valimaa => qa-bugs
No POC image provided, so just testing that the update installs cleanly and a basic function works. $ jhead /usr/share/doc/fontforge/htdocs/MetalType.jpeg|grep Comment Comment : Created with The GIMP Same output on Mageia 5 i586, x86_64, both before and after the update. Validating the update. Advisory loaded to svn with ... $ cat 20616.adv type: security subject: Updated jhead packages fix security vulnerability CVE: - CVE-2016-3822 src: 5: core: - jhead-2.97-4.1.mga5 description: | It was discovered that jhead, a tool to manipulate the non-image part of EXIF compliant JPEG files, is prone to an out-of-bounds access vulnerability, which may result in denial of service or, potentially, the execution of arbitrary code if an image with specially crafted EXIF data is processed. references: - https://bugs.mageia.org/show_bug.cgi?id=20616 - https://www.debian.org/security/2017/dsa-3825 - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858213
Keywords: (none) => validated_updateWhiteboard: MGA5TOO => MGA5TOO advisory MGA5-64-OK MGA5-32-OKCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0105.html
Status: NEW => RESOLVEDResolution: (none) => FIXED