Bug 22277 - libexif new security issue CVE-2016-6328
Summary: libexif new security issue CVE-2016-6328
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 6
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA5TOO MGA5-32-OK MGA6-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2017-12-28 14:24 CET by David Walser
Modified: 2018-01-03 16:51 CET (History)
3 users (show)

See Also:
Source RPM: libexif-0.6.21-9.mga6.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2017-12-28 14:24:11 CET
Fedora has issued an advisory today (December 28):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JIGG5FKK6ZHUBJDSP7RIETVHWRZBTPRO/

Patched packages uploaded for Mageia 5, Mageia 6, and Cauldron.

Advisory:
========================

Updated libexif packages fix security vulnerability:

A vulnerability was found in libexif. The vulnerability is caused by an
integer overflow. In some cases, the integer overflow can cause Heap
Out-of-Bounds Read, i.e. Heap Buffer Overflow vulnerability. In some other
cases, the integer overflow can cause use of uninitialized pointer variable,
i.e. Use of Uninitialized Variable Vulnerability. The vulnerability happens
when parsing MNOTE entry data of the input file. The vulnerability can cause
Denial-of-Service (DoS) and Information Disclosure (disclosing some critical
heap chunk metadata, even other applications’ private data) (CVE-2016-6328).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6328
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JIGG5FKK6ZHUBJDSP7RIETVHWRZBTPRO/
========================

Updated packages in core/updates_testing:
========================
libexif12-common-0.6.21-8.1.mga5
libexif12-0.6.21-8.1.mga5
libexif-devel-0.6.21-8.1.mga5
libexif12-common-0.6.21-9.1.mga6
libexif12-0.6.21-9.1.mga6
libexif-devel-0.6.21-9.1.mga6

from SRPMS:
libexif-0.6.21-8.1.mga5.src.rpm
libexif-0.6.21-9.1.mga6.src.rpm
David Walser 2017-12-28 14:24:18 CET

Whiteboard: (none) => MGA5TOO

Comment 1 Herman Viaene 2017-12-30 11:48:44 CET
MGA5-32 on Dell Latitude D600 Xfce
No installation issues
# urpmq --whatrequires libexif12
lists a.o. exif, so
$ exif P1151653.JPG 
EXIF-labels in 'P1151653.JPG' ('Intel' byte-volgorde):
--------------------+----------------------------------------------------------
Label               |waarde
--------------------+----------------------------------------------------------
Beschrijving van afb|OLYMPUS DIGITAL CAMERA         
Fabrikant           |OLYMPUS IMAGING CORP.  
Model               |E-500           
Oriëntatie          |Linksboven
x-resolutie         |72
x-resolutie         |72
Resolutieeenheid    |Inch
Programmatuur       |GIMP 2.6.7
Datum en tijd       |2011:01:17 17:24:26
YCbCr-positionering |naast elkaar
PRINT-afbeeldingsver|528 bytes onbekende gegevens
Compressie          |JPEG-compressie
x-resolutie         |72
x-resolutie         |72
Resolutieeenheid    |Inch
Belichtingstijd     |1/100 sec.
F-getal             |f/3,5
Belichtingsprogramma|Sluitertijd heeft prioriteit
ISO-snelheidsgetal  |200
Exif-versie         |Exif-versie 2.21
Datum en tijdstip (o|2011:01:15 20:55:44
Datum en tijdstip (v|2011:01:15 20:55:44
Configuratie van com|Y Cb Cr -
Belichtingscompensat|0,00 EV
Maximale diafragmawa|3,61 EV (f/3,5)
Meetwijze           |Punt
Lichtbron           |Onbekend
Flits               |Geflitst, altijd-flitsen-modus.
Brandpuntsafstand   |40,0 mm
Fabrikantennotitie  |2310 bytes onbekende gegevens
Gebruikerscommentaar|                                                          
FlashPixVersion     |FlashPix versie 1.0
Kleurruimte         |sRGB
X-afmeting pixel    |2448
Y-afmeting pixel    |3264
Bestandsbron        |DSC
Handmatig gerenderd |Normaal proces
Belichtingsmodus    |Automatische belichting
Witbalans           |Handmatige witbalans
Digitale zoomverhoud|1,00
Opnametype van scène|Standaard
Versterkingsregeling|Lage versterking
Contrast            |Normaal
Verzadiging         |Hoge verzadiging
Scherpte            |Normaal
Interoperabiliteitsi|R98
Interoperabiliteitsv|0100
--------------------+----------------------------------------------------------
EXIF-gegevens bevatten een miniatuur (5106 bytes).
Looks OK for me.

Whiteboard: MGA5TOO => MGA5TOO MGA5-32-OK
CC: (none) => herman.viaene

Dave Hodgins 2018-01-01 08:22:43 CET

CC: (none) => davidwhodgins
Keywords: (none) => advisory

Comment 2 Dave Hodgins 2018-01-03 14:59:49 CET
wget http://www.exiv2.org/include/img_1771.jpg

exif displays the info ok.

Keywords: (none) => validated_update
Whiteboard: MGA5TOO MGA5-32-OK => MGA5TOO MGA5-32-OK MGA6-64-OK
CC: (none) => sysadmin-bugs

Comment 3 Mageia Robot 2018-01-03 16:51:47 CET
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0051.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.