openSUSE has issued an advisory today (November 30): https://lists.opensuse.org/opensuse-updates/2017-11/msg00097.html Ubuntu has issued an advisory for the second issue on November 27: https://usn.ubuntu.com/usn/usn-3495-1/ Mageia 5 and Mageia 6 are also affected.
Whiteboard: (none) => MGA6TOO, MGA5TOOCC: (none) => dan
Assigning to the registered optipng maintainer.
CC: (none) => marja11Assignee: bugsquad => dan
Patches have been applied in Cauldron and the issue is fixed in optipng-0.7.6-2.mga7. Test procedure to ensure bugs have been fixed: curl -o CVE-2017-1000229.tiff https://sourceforge.net/p/optipng/bugs/65/attachment/poc.tiff curl -o CVE-2017-16938.gif https://sourceforge.net/p/optipng/bugs/69/attachment/poc.gif Run: optipng CVE-2017-16938.gif Unpatched will show: Error: Error reading file or unexpected end of file Patched will show: Error: GIF/LZW error: circular table Run: optipng CVE-2017-1000229.tiff Unpatched i386 will show: Segmentation fault Unpatched x86_64 will show: Error: Out of memory (it's not easy to reproduce the failure on 64 bit arch with the standard optipng) Patched will show: Error: Out of memory To verify that it still optimizes normal png files: Run: cp /usr/share/icons/firefox.png /tmp; optipng /tmp/firefox.png Output should show (on mga6): 97 bytes = 3.92% decrease
Whiteboard: MGA6TOO, MGA5TOO => MGA6TOO, MGA5TOO, has_procedure
Update for mga5 is building and will be in core/updates_testing: optipng-0.7.6-1.1.mga5 Update for mga6 is building and will be in core/updates_testing: optipng-0.7.6-1.1.mga6 Suggested advisory: ======================== Updated optipng package to fix security vulnerabilities: - CVE-2017-1000229: Fix integer overflow bug in function minitiff_read_info() allows an attacker to remotely execute code or cause denial of service. - CVE-2017-16938: Fix a global buffer overflow that allows attackers to cause DoS via a maliciously crafted GIF file. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000229 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16938 https://sourceforge.net/p/optipng/bugs/65/ https://sourceforge.net/p/optipng/bugs/69/ Updated packages in core/updates: optipng-0.7.6-1.1.mga5 optipng-0.7.6-1.1.mga6 Source RPMs: optipng-0.7.6-1.1.mga6.src.rpm
Assignee: dan => qa-bugs
System MGA5::x86_64 (vmware) Unpatched: $ optipng CVE-2017-16938.gif ** Processing: CVE-2017-16938.gif Warning: Bogus data in GIF Warning: Pixel value out of range Error: Error reading file or unexpected end of file ** Status report 1 file(s) have been processed. 1 error(s) have been encountered. Unpatched: $ optipng CVE-2017-1000229.tiff ** Processing: CVE-2017-1000229.tiff Error: Out of memory ** Status report 1 file(s) have been processed. 1 error(s) have been encountered. The firefox.png test showd a 3.92% decrease. Patched: $ optipng CVE-2017-16938.gif ** Processing: CVE-2017-16938.gif Warning: Bogus data in GIF Error: GIF/LZW error: circular table ** Status report 1 file(s) have been processed. 1 error(s) have been encountered. Patched: $ optipng CVE-2017-1000229.tiff 1 ↵ ** Processing: CVE-2017-1000229.tiff Error: Out of memory ** Status report 1 file(s) have been processed. 1 error(s) have been encountered. The firefox.png test shows a 3.92% decrease. Cheers, Stig
CC: (none) => smelror
System MGA6::x86_64 (real hardware) Unpatched: $ optipng CVE-2017-16938.gif ** Processing: CVE-2017-16938.gif Warning: Bogus data in GIF Warning: Pixel value out of range Error: Error reading file or unexpected end of file ** Status report 1 file(s) have been processed. 1 error(s) have been encountered. Unpatched: $ optipng CVE-2017-1000229.tiff ** Processing: CVE-2017-1000229.tiff Error: Error reading TIFF file ** Status report 1 file(s) have been processed. 1 error(s) have been encountered. The firefox.png shows a 3.92% decrease. Patched: $ optipng CVE-2017-16938.gif ** Processing: CVE-2017-16938.gif Warning: Bogus data in GIF Error: GIF/LZW error: circular table ** Status report 1 file(s) have been processed. 1 error(s) have been encountered. Patched: $ optipng CVE-2017-1000229.tiff ** Processing: CVE-2017-1000229.tiff Error: Error reading TIFF file ** Status report 1 file(s) have been processed. 1 error(s) have been encountered. The firefox.png test shows a 3.92% decrease. Cheers, Stig
Thanks Stig. Adding the OKs on the basis of your reports in comments 4 and 5. Normally the tester would do this themselves unless the bug requires testing on a range of systems.
CC: (none) => tarazed25Whiteboard: MGA6TOO, MGA5TOO, has_procedure => MGA6TOO, MGA5TOO, has_procedure MGA5-64-OK MGA6-64-OK
System MGA6::i586 (vmware) Unpatched: $ optipng CVE-2017-16938.gif ** Processing: CVE-2017-16938.gif Warning: Bogus data in GIF Warning: Pixel value out of range Error: Error reading file or unexpected end of file ** Status report 1 file(s) have been processed. 1 error(s) have been encountered. Unpatched: $ optipng CVE-2017-1000229.tiff ** Processing: CVE-2017-1000229.tiff [1] 2335 segmentation fault (core dumped) optipng CVE-2017-1000229.tiff The firefox.png test shows a 3.92% decrease. Patched: $ optipng CVE-2017-16938.gif ** Processing: CVE-2017-16938.gif Warning: Bogus data in GIF Error: GIF/LZW error: circular table ** Status report 1 file(s) have been processed. 1 error(s) have been encountered. Patched: $ optipng CVE-2017-1000229.tiff 1 ↵ ** Processing: CVE-2017-1000229.tiff Error: Out of memory ** Status report 1 file(s) have been processed. 1 error(s) have been encountered. The firefox.png test shows a 3.92% decrease. Cheers, Stig
System MGA5::i586 Unpatched: $ optipng CVE-2017-16938.gif ** Processing: CVE-2017-16938.gif Warning: Bogus data in GIF Warning: Pixel value out of range Error: Error reading file or unexpected end of file ** Status report 1 file(s) have been processed. 1 error(s) have been encountered. Unpatched: $ optipng CVE-2017-16938.gif ** Processing: CVE-2017-16938.gif Warning: Bogus data in GIF Warning: Pixel value out of range Error: Error reading file or unexpected end of file ** Status report 1 file(s) have been processed. 1 error(s) have been encountered. [stig@localhost optipng]$ optipng CVE-2017-1000229.tiff ** Processing: CVE-2017-1000229.tiff Segmentation fault The firefox.png test shows a 3.92% decrease. Patched: $ optipng CVE-2017-16938.gif ** Processing: CVE-2017-16938.gif Warning: Bogus data in GIF Error: GIF/LZW error: circular table ** Status report 1 file(s) have been processed. 1 error(s) have been encountered. Patched: $ optipng CVE-2017-16938.gif ** Processing: CVE-2017-16938.gif Warning: Bogus data in GIF Error: GIF/LZW error: circular table ** Status report 1 file(s) have been processed. 1 error(s) have been encountered. [stig@localhost optipng]$ optipng CVE-2017-1000229.tiff ** Processing: CVE-2017-1000229.tiff Error: Out of memory ** Status report 1 file(s) have been processed. 1 error(s) have been encountered. The firefox.png test shows a 3.92% decrease. Cheers, Stig
The last test was done in vmware.
Stig-Ørjan couldn't have tested the update candidate, since the build system *just* uploaded it (it was broken).
Version: Cauldron => 6Whiteboard: MGA6TOO, MGA5TOO, has_procedure MGA5-64-OK MGA6-64-OK => MGA5TOO has_procedure
(In reply to David Walser from comment #10) > Stig-Ørjan couldn't have tested the update candidate, since the build system > *just* uploaded it (it was broken). Thanks for the pointer. I downloaded from mgarepo, compiled and did the tests thinking it was the same. Will do the tests again when the package has been uploaded to my local repo. Cheers, Stig
I'll try again. System MGA6::x86_64 (real hardware) $ rpm -qa | grep optipng optipng-0.7.6-1.1.mga6 Patched: $ optipng CVE-2017-16938.gif ** Processing: CVE-2017-16938.gif Warning: Bogus data in GIF Error: GIF/LZW error: circular table ** Status report 1 file(s) have been processed. 1 error(s) have been encountered. Patched: $ optipng CVE-2017-1000229.tiff 1 ↵ ** Processing: CVE-2017-1000229.tiff Error: Error reading TIFF file ** Status report 1 file(s) have been processed. 1 error(s) have been encountered. The firefox.png test shows a 3.92% decrease. Cheers, Stig
System MGA6::i586 (vmware) $ rpm -qa | grep optipng 1 ↵ optipng-0.7.6-1.1.mga6 Patched: $ optipng CVE-2017-16938.gif ** Processing: CVE-2017-16938.gif Warning: Bogus data in GIF Error: GIF/LZW error: circular table ** Status report 1 file(s) have been processed. 1 error(s) have been encountered. Patched: $ optipng CVE-2017-1000229.tiff ** Processing: CVE-2017-1000229.tiff Error: Out of memory ** Status report 1 file(s) have been processed. 1 error(s) have been encountered. The firefox.png test shows a 3.92% decrease. Cheers, Stig
System MGA5::x86_64 (vmware) $ rpm -qa | grep optipng optipng-0.7.6-1.mga5 Patched: $ optipng CVE-2017-16938.gif ** Processing: CVE-2017-16938.gif Warning: Bogus data in GIF Warning: Pixel value out of range Error: Error reading file or unexpected end of file ** Status report 1 file(s) have been processed. 1 error(s) have been encountered. Patched: $ optipng CVE-2017-1000229.tiff ** Processing: CVE-2017-1000229.tiff Error: Out of memory ** Status report 1 file(s) have been processed. 1 error(s) have been encountered. The firefox.png test shows a 3.92% decrease. Cheers, Stig
System MGA5::i586 (vmware) $ rpm -qa | grep optipng optipng-0.7.6-1.1.mga5 Patched: $ optipng CVE-2017-16938.gif ** Processing: CVE-2017-16938.gif Warning: Bogus data in GIF Error: GIF/LZW error: circular table ** Status report 1 file(s) have been processed. 1 error(s) have been encountered. Patched: $ optipng CVE-2017-1000229.tiff ** Processing: CVE-2017-1000229.tiff Error: Out of memory ** Status report 1 file(s) have been processed. 1 error(s) have been encountered. The firefox.png test shows a 3.92% decrease. Cheers, Stig
(In reply to Stig-Ørjan Smelror from comment #14) > System MGA5::x86_64 (vmware) > > $ rpm -qa | grep optipng > optipng-0.7.6-1.mga5 > > Patched: > $ optipng CVE-2017-16938.gif > ** Processing: CVE-2017-16938.gif > Warning: Bogus data in GIF > Warning: Pixel value out of range > Error: Error reading file or unexpected end of file > > ** Status report > 1 file(s) have been processed. > 1 error(s) have been encountered. > > Patched: > $ optipng CVE-2017-1000229.tiff > ** Processing: CVE-2017-1000229.tiff > Error: Out of memory > > ** Status report > 1 file(s) have been processed. > 1 error(s) have been encountered. > > The firefox.png test shows a 3.92% decrease. > > Cheers, > Stig This one is invalid as it is the old package. Will redo now. Cheers, Stig
System MGA5::x86_64 (vmware) $ rpm -qa | grep optipng optipng-0.7.6-1.1.mga5 Patched: $ optipng CVE-2017-16938.gif ** Processing: CVE-2017-16938.gif Warning: Bogus data in GIF Error: GIF/LZW error: circular table ** Status report 1 file(s) have been processed. 1 error(s) have been encountered. Patched: $ optipng CVE-2017-1000229.tiff ** Processing: CVE-2017-1000229.tiff Error: Out of memory ** Status report 1 file(s) have been processed. 1 error(s) have been encountered. The firefox.png test shows a 3.92% decrease. Cheers, Stig
Whiteboard: MGA5TOO has_procedure => MGA5TOO has_procedure MGA5-32-OK MGA5-64-OK MGA6-32-OK MGA6-64-OK
CC: (none) => sysadmin-bugsKeywords: (none) => validated_update
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2017-0447.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED
*** Bug 22884 has been marked as a duplicate of this bug. ***
CC: (none) => fri
*** Bug 23563 has been marked as a duplicate of this bug. ***