Bug 23676 - jhead new security issues CVE-2018-16554 and CVE-2018-17088
Summary: jhead new security issues CVE-2018-16554 and CVE-2018-17088
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 6
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA6-32-OK MGA6-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2018-10-13 00:00 CEST by David Walser
Modified: 2018-11-17 23:24 CET (History)
5 users (show)

See Also:
Source RPM: jhead-3.00-5.mga7.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2018-10-13 00:00:26 CEST
openSUSE has issued an advisory on September 24:
https://lists.opensuse.org/opensuse-updates/2018-09/msg00142.html

Mageia 6 is also affected.
David Walser 2018-10-13 00:00:38 CEST

Whiteboard: (none) => MGA6TOO

Comment 1 David GEIGER 2018-10-13 04:31:59 CEST
Done for Cauldron and mga6!

CC: (none) => geiger.david68210

Comment 2 David Walser 2018-10-13 05:00:26 CEST
Advisory:
========================

Updated jhead package fixes security vulnerability:

The ProcessGpsInfo function may have allowed a remote attacker to cause a
denial-of-service attack or unspecified other impact via a malicious JPEG file,
because of inconsistency between float and double in a sprintf format string
during TAG_GPS_ALT handling (CVE-2018-16554).

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16554
https://lists.opensuse.org/opensuse-updates/2018-09/msg00142.html
========================

Updated packages in core/updates_testing:
========================
jhead-3.00-3.2.mga6

from jhead-3.00-3.2.mga6.src.rpm

Whiteboard: MGA6TOO => (none)
Version: Cauldron => 6
Assignee: bugsquad => qa-bugs

Comment 3 Herman Viaene 2018-10-23 11:20:11 CEST
MGA6-32 MATE on IBM Thinkpad R50e
No installation issues
$ jhead -v p4090005.jpg 
Exif header 24574 bytes long
Exif section in Intel order
(dir has 12 entries)
    ImageDescription = "OLYMPUS DIGITAL CAMERA         "
    Make = "OLYMPUS IMAGING CORP.  "
    Model = "E-500           "
    Orientation = 1
    XResolution = 314/1
    YResolution = 314/1
and loads more

$ jhead -v dsc00107.jpg 
Exif header 15865 bytes long
Exif section in Intel order
(dir has 11 entries)
    ImageDescription = "                               "
    Make = "SONY"
    Model = "DSC-P200"
    Orientation = 1
    XResolution = 72/1
    YResolution = 72/1
etc.....
Looks good

CC: (none) => herman.viaene
Whiteboard: (none) => MGA6-32-OK

Comment 4 David Walser 2018-10-26 19:04:41 CEST
openSUSE has issued an advisory today (October 26):
https://lists.opensuse.org/opensuse-updates/2018-10/msg00198.html

It fixes an additional issue.

CC: (none) => qa-bugs
Assignee: qa-bugs => geiger.david68210
Summary: jhead new security issue CVE-2018-16554 => jhead new security issues CVE-2018-16554 and CVE-2018-17088

Comment 5 David GEIGER 2018-11-11 09:37:56 CET
Fixed both Cauldron and mga6!
Comment 6 David Walser 2018-11-11 19:36:21 CET
Advisory:
========================

Updated jhead package fixes security vulnerability:

The ProcessGpsInfo function may have allowed a remote attacker to cause a
denial-of-service attack or unspecified other impact via a malicious JPEG file,
because of inconsistency between float and double in a sprintf format string
during TAG_GPS_ALT handling (CVE-2018-16554).

The ProcessGpsInfo function may have allowed a remote attacker to cause a
denial-of-service attack or unspecified other impact via a malicious JPEG file,
because there is an integer overflow during a check for whether a location
exceeds the EXIF data length (CVE-2018-17088).

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16554
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17088
https://lists.opensuse.org/opensuse-updates/2018-09/msg00142.html
https://lists.opensuse.org/opensuse-updates/2018-10/msg00198.html
========================

Updated packages in core/updates_testing:
========================
jhead-3.00-3.3.mga6

from jhead-3.00-3.3.mga6.src.rpm

Whiteboard: MGA6-32-OK => (none)
CC: qa-bugs => (none)
Assignee: geiger.david68210 => qa-bugs

Comment 7 Herman Viaene 2018-11-15 11:25:16 CET
MGA6-32 MATE on IBM Thinkpad R50e
No installation issues
At CLI:
$ jhead 34815438.jpg
File name    : 34815438.jpg
File size    : 131213 bytes
File date    : 2016:05:12 19:43:56
Resolution   : 500 x 375
JPEG Quality : 96
this is a file which is the result of various format conversions, so OK for me.

$ jhead p4090007.jpg
File name    : p4090007.jpg
File size    : 4898553 bytes
File date    : 2016:05:12 19:43:57
Camera make  : OLYMPUS IMAGING CORP.  
Camera model : E-500           
Date/Time    : 2006:04:09 15:13:12
Resolution   : 3264 x 2448
Flash used   : No (auto)
Focal length : 24.0mm
Exposure time: 0.167 s  (1/6)
Aperture     : f/4.2
ISO equiv.   : 100
Whitebalance : Auto
Metering Mode: pattern
Exposure     : Creative Program (based towards depth of field)
JPEG Quality : 100
this is a genuine picture downloaded from a camera. OK .

Whiteboard: (none) => MGA6-32-OK

Comment 8 Thomas Andrews 2018-11-16 16:24:12 CET
Installed 64-bit version, then updated it. Package installed cleanly. 

I was going to validate on that basis alone, but decided to give it a quick try on an old photo, anyway.

jhead p4230003.jpg 
File name    : p4230003.jpg
File size    : 377160 bytes
File date    : 2009:04:23 13:40:46
Camera make  : OLYMPUS OPTICAL CO.,LTD
Camera model : C860L,D360L
Date/Time    : 2009:04:23 13:40:46
Resolution   : 1280 x 960
Flash used   : Yes
Focal length :  5.5mm
Exposure time: 0.033 s  (1/30)
Aperture     : f/11.0
ISO equiv.   : 125
Metering Mode: pattern
Exposure     : program (auto)
JPEG Quality : 95

A genuine photo, downloaded years ago, from a camera I no longer use.

OK here for 64-bit. Validating. Advisory in Comment 6.

Whiteboard: MGA6-32-OK => MGA6-32-OK MGA-64-OK
Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Comment 9 Lewis Smith 2018-11-17 21:11:55 CET
Corrected TJ's x64 OK. Advisoried from c6.

Keywords: (none) => advisory
Whiteboard: MGA6-32-OK MGA-64-OK => MGA6-32-OK MGA6-64-OK
CC: (none) => lewyssmith

Comment 10 Thomas Andrews 2018-11-17 21:46:57 CET
Oops.
Comment 11 Mageia Robot 2018-11-17 23:24:33 CET
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0457.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED


Note You need to log in before you can comment on or make changes to this bug.