Fedora has issued an advisory today (June 15): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TXPMLRJZPD2OEFKNQJZNDLRUZ37DJX5M/
CC: (none) => nicolas.salgueroWhiteboard: (none) => MGA6TOO
0.18.13 fixes two more security issues: https://www.libraw.org/download - fixed possible stack overrun while reading zero-sized strings - fixed possible integer overflow Fedora has issued an advisory for this today (July 24): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SAILUJLX73GTMC4BTJPFRXMDQIFLWFMV/
Summary: libraw minor security fixes upstream in 0.18.12 => libraw minor security fixes upstream in 0.18.13
0.18.12 fixed CVE-2018-5815: https://bugzilla.suse.com/show_bug.cgi?id=1103206 openSUSE has issued an advisory for this today (August 10): https://lists.opensuse.org/opensuse-updates/2018-08/msg00068.html
0.18.12 fixed CVE-2018-5816: https://bugzilla.redhat.com/show_bug.cgi?id=1610156
Pushed 0.8.13 to both Cauldron and MGA6. Suggested advisory : Several security fixes have been done in libraw version 0.18.13. Version 0.18.12 also fixed CVE-2018-5815 and CVE-2018-5816. Ref: https://bugzilla.suse.com/show_bug.cgi?id=1103206 https://bugzilla.redhat.com/show_bug.cgi?id=1610156 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SAILUJLX73GTMC4BTJPFRXMDQIFLWFMV/ SRPM: libraw-0.18.13-1.mga6.srpm RPMS : libraw-tools-0.18.13-1.mga6.i586.rpm libraw16-0.18.13-1.mga6.i586.rpm libraw_r16-0.18.13-1.mga6.i586.rpm libraw-devel-0.18.13-1.mga6.i586.rpm
Whiteboard: MGA6TOO => (none)Assignee: lists.jjorge => qa-bugsCC: (none) => lists.jjorgeVersion: Cauldron => 6Status: NEW => ASSIGNED
Mageia 6, x86_64 Could find no discussion on reproducing the integer overflow for CVE-2018-5815 so went ahead and updated the packages and tested them against a set of local raw camera image files. $ 4channels RAW_NIKON_D1.NEF Processing file RAW_NIKON_D1.NEF Black level (unscaled)=0 Writing file RAW_NIKON_D1.NEF.R.tiff Writing file RAW_NIKON_D1.NEF.G.tiff Writing file RAW_NIKON_D1.NEF.B.tiff Writing file RAW_NIKON_D1.NEF.G2.tiff $ multirender_test RAW_NIKON_D1.NEF Processing file RAW_NIKON_D1.NEF Writing file RAW_NIKON_D1.NEF.1.ppm [...] Writing file RAW_NIKON_D1.NEF.8.ppm The individual PPM frames rendered as valid images in ImageMagick display. $ postprocessing_benchmark -R 20 RAW_NIKON_D1.NEF Processing file RAW_NIKON_D1.NEF 18.2 msec for unpack Performance: 8.52 Mpix/sec File: RAW_NIKON_D1.NEF, Frame: 0 2.7 total Mpix, 312.6 msec Params: WB=default Highlight=0 Qual=-1 HalfSize=No Median=0 Wavelet=0 Crop: 0-0:2012x1324, active Mpix: 2.66, 3.2 frames/sec $ raw-identify RAW_OLYMPUS* RAW_OLYMPUS_C8080.ORF is a Olympus C8080WZ image. Cannot decode RAW_OLYMPUS_C8080.ORF.ppm: Unsupported file format or not RAW file Cannot decode RAW_OLYMPUS_C8080.ORF.thumb.jpg: Unsupported file format or not RAW file RAW_OLYMPUS_E420.ORF is a Olympus E-420 image. RAW_OLYMPUS_E5.ORF is a Olympus E-5 image. RAW_OLYMPUS_E-PL7.ORF is a Olympus E-PL7 image. RAW_OLYMPUS_SP350.ORF is a Olympus SP350 image. $ unprocessed_raw RAW_CANON_D60_ARGB.CRW Processing file RAW_CANON_D60_ARGB.CRW Image size: 3088x2056 Raw size: 3152x2068 Margins: top=12, left=64 Unpacked.... Stored to file RAW_CANON_D60_ARGB.CRW.pgm $ display RAW_CANON_D60_ARGB.CRW.pgm That displayed a completely black frame. $ nomacs RAW_CANON_D60_ARGB.CRW [INFO] Hi there [WARNING] QObject::connect: Cannot connect (null)::runPlugin(DkViewPortInterface*, bool) to nmc::DkControlWidget::setPluginWidget(DkViewPortInterface*, bool) [WARNING] QObject::connect: Cannot connect (null)::applyPluginChanges(bool) to nmc::DkControlWidget::applyPluginChanges(bool) [WARNING] QObject::connect: Cannot connect (null)::runPlugin(DkPluginContainer*, const QString&) to nmc::DkViewPort::applyPlugin(DkPluginContainer*, const QString&) [INFO] local client created in: 3 ms [INFO] CSS loaded from: ":/nomacs/stylesheet.css" [INFO] LAN client created in: 0 ms [INFO] Initialization takes: 47 ms invalid type value detected in Image::printIFDStructure: 0 Warning: Directory Canon, entry 0x0000 has unknown Exif (TIFF) type 0; setting type size 1. [INFO] "/home/lcl/qa/libraw/RAW_CANON_D60_ARGB.CRW" loaded in 23 ms The nomacs command displayed the original as a valid image. This is not a regression when compared with earlier tests. $ unprocessed_raw -g RAW_CANON_D60_ARGB.CRW Processing file RAW_CANON_D60_ARGB.CRW Image size: 3088x2056 Raw size: 3152x2068 Margins: top=12, left=64 Unpacked.... Gamma-corrected.... Stored to file RAW_CANON_D60_ARGB.CRW.pgm RAW_CANON_D60_ARGB.CRW.pgm displayed as a greyscale image of low surface brightness. $ unprocessed_raw -g -A -T RAW_CANON_D60_ARGB.CRW Processing file RAW_CANON_D60_ARGB.CRW Image size: 3088x2056 Raw size: 3152x2068 Margins: top=12, left=64 Unpacked.... Scaling with multiplier=23 (max=2771) Gamma-corrected.... Stored to file RAW_CANON_D60_ARGB.CRW.tiff $ display RAW_CANON_D60_ARGB.CRW.tiff A greyscale image again but brighter. Used nomacs to click through the RAW images - all displayed fine. $ nomacs *RAW* $ mem_image -6 'KODAK C603 C643 Format 420 CCDI0001.RAW' This created a PPM image which looked good in display or nomacs. $ simple_dcraw -L | wc -l 931 That is the number of supported cameras. $ simple_dcraw -T *RAW* This created a series of TIFF images of the originals - the default is ppm or pgm. This all looks good so far.
CC: (none) => tarazed25Whiteboard: (none) => MGA6-64-OK
Validating, on the basis of Len's extensive tests. Suggested advisory in Comment 4.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
More verbose advisory (added to svn): type: security subject: Updated libraw packages fix security vulnerabilities CVE: - CVE-2018-5815 - CVE-2018-5816 src: 6: core: - libraw-0.18.13-1.mga6 description: | This update provides libraw 0.18.13 fixing atleast the following security issues: LibRaw versions prior to 0.18.12 are vulnerable to an integer overflow in the internal/dcraw_common.cpp:parse_qt() function. An attacker could exploit this to cause an infinite loop via a specially crafted Apple QuickTime file (CVE-2018-5815). LibRaw versions prior to 0.18.12 are vulnerable to an integer overflow in the internal/dcraw_common.cpp:identify() function. An attacker could exploit this to cause an divide-by-zero and resultant denial of service via a specially crafted NOKIARAW file (CVE-2018-5816). libraw 0.18.13 adds fixes for: * possible stack overrun while reading zero-sized strings * possible integer overflow references: - https://bugs.mageia.org/show_bug.cgi?id=23186 - https://bugzilla.suse.com/show_bug.cgi?id=1103206 - https://bugzilla.redhat.com/show_bug.cgi?id=1610156 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SAILUJLX73GTMC4BTJPFRXMDQIFLWFMV/
Keywords: (none) => advisoryCC: (none) => tmb
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0356.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED