openSUSE has issued an advisory today (March 18): https://lists.opensuse.org/opensuse-updates/2018-03/msg00064.html The issues are fixed upstream in 2.4.5. Bug 17877 says that exiv2 bundles exempi, but SUSE, RedHat, and Ubuntu haven't made mention of that times time, so I don't know whether or not it is affected. Mageia 5 and Mageia 6 are also affected.
Whiteboard: (none) => MGA6TOO
Version: Cauldron => 6Whiteboard: MGA6TOO => (none)CVE: (none) => CVE-2018-7728 CVE-2018-7730CC: (none) => smelrorAssignee: bugsquad => smelror
Cauldron updated to version 2.4.5.
Advisory ======== Exempi has been updated to fix two security issues. CVE-2018-7728: Specially crafted TIFF images could have been used to cause a denial of service via a heap-based buffer overflow CVE-2018-7730: Specially crafted Excel files could have been used cause a denial of service via a heap-based buffer overflow References ========== https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-7728 https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-7730 Files ===== Uploaded to core/updates_testing: lib64exempi-devel-2.2.2-16.1.mga6.x86_64.rpm lib64exempi3-2.2.2-16.1.mga6.x86_64.rpm from exempi-2.2.2-16.1.mga6.src.rpm
Assignee: smelror => qa-bugs
Stig-Ørjan, did you investigate if exiv2 is affected?
MGA5-32 on Dell Latitude D600 Mate No installation issues Found libexempi required by eom. Checked with strace that libexempi is called by eom, and could open metadata of picture correctly.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA6-32-OK
To test: M6/64 It seems as if CVE-2018-7728 has a PoC: https://bugs.freedesktop.org/show_bug.cgi?id=105205 also CVE-2018-7730: https://bugs.freedesktop.org/show_bug.cgi?id=105204 I will try these shortly, just in case they show something +ve. Advisory done from c2 + ref from c0.
Keywords: (none) => advisory
Testing M6/64 BEFORE update: lib64exempi3-2.2.2-16.mga6 Trying the PoCs. $ exempi -x exempi-MD5-152-overflow processing file exempi-MD5-152-overflow dump_xmp for file exempi-MD5-152-overflow EOF in data block $ exempi -x exempi-PSD_Handler-166-overflow processing file exempi-PSD_Handler-166-overflow dump_xmp for file exempi-PSD_Handler-166-overflow Segmentation fault (core dumped) AFTER update: lib64exempi3-2.2.2-16.1.mga6 $ exempi -x exempi-MD5-152-overflow Same output as before... $ exempi -x exempi-PSD_Handler-166-overflow processing file exempi-PSD_Handler-166-overflow dump_xmp for file exempi-PSD_Handler-166-overflow <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Exempi + XMP Core 5.1.2"> lots of correct looking XML </x:xmpmeta> which *is* proof +ve. Trying on some TIF images, $ exempi -x <filename> always output correct XML data. This does use the library: $ strace exempi -x start.tif 2>&1 | grep libexempi open("/lib64/libexempi.so.3", O_RDONLY|O_CLOEXEC) = 3 Following Herman's lead, viewers using this library are: eog, eom, xviewer I installed both eog & eom, but *neither* recognised TIF files at all. I reverted the library, same result; so that was not due to the update. But what are they missing? OKing the update anyway.
Whiteboard: MGA6-32-OK => MGA6-32-OK MGA6-64-OKKeywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0183.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED