openSUSE has issued an advisory today (February 10): https://lists.opensuse.org/opensuse-updates/2018-02/msg00037.html Mageia 6 is also affected.
Whiteboard: (none) => MGA6TOO
Status comment: (none) => Debian and openSUSE have patches
Assigning to the registered maintainer.
Assignee: bugsquad => jani.valimaaCC: (none) => marja11
Pushed fixed version to cauldron and mga6 core/updates_testing. mga6 RPM and SRPM: jhead-3.00-3.1.mga6
Assignee: jani.valimaa => qa-bugs
Whiteboard: MGA6TOO => (none)Version: Cauldron => 6CC: (none) => tmb
Advisory: ======================== Updated jhead package fixes security vulnerability: An integer underflow bug in the process_EXIF function of the exif.c file of jhead 3.00 raises a heap-based buffer over-read when processing a malicious JPEG file, which may allow a remote attacker to cause a denial-of-service attack or unspecified other impact (CVE-2018-6612). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6612 https://lists.opensuse.org/opensuse-updates/2018-02/msg00037.html
Status comment: Debian and openSUSE have patches => (none)
MGA6-32 on Dell Latitude D600 No installation issues At CLI: $ jhead P7212393.jpeg File name : P7212393.jpeg File size : 9573842 bytes File date : 2013:11:11 08:46:16 Camera make : OLYMPUS IMAGING CORP. Camera model : E-500 Date/Time : 2012:07:21 15:04:00 Resolution : 3340 x 2504 Flash used : No Focal length : 31.0mm Exposure time: 0.0100 s (1/100) Aperture : f/18.0 ISO equiv. : 100 Whitebalance : Manual Metering Mode: spot Exposure : shutter priority (semi-auto) JPEG Quality : 100 is OK.
Whiteboard: (none) => MGA6-32-OKCC: (none) => herman.viaene
Testing complete mga6 64. Validating. PoC here https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889272 Before ------ $ jhead poc Nonfatal Error : 'poc' Suspicious offset of first Exif IFD value Segmentation fault (core dumped) After ----- $ jhead poc Nonfatal Error : 'poc' invalid offset for first Exif IFD value Nonfatal Error : 'poc' Extraneous 32 padding bytes before section 5C Error : Premature end of file? in file 'poc'
Keywords: (none) => has_procedure, validated_updateWhiteboard: MGA6-32-OK => MGA6-32-OK mga6-64-okCC: (none) => sysadmin-bugs
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0146.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED