Fedora has issued an advisory on February 15: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SVC5KUWUCW5SKSBJOLGYSLCWLZE54JC4/ Patched packages uploaded for Mageia 6 and Cauldron. Advisory: ======================== Updated libexif packages fix security vulnerability: It was found that specially crafted XIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags could be used for a denial of service (CVE-2018-20030). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20030 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SVC5KUWUCW5SKSBJOLGYSLCWLZE54JC4/ ======================== Updated packages in core/updates_testing: ======================== libexif12-common-0.6.21-9.3.mga6 libexif12-0.6.21-9.3.mga6 libexif-devel-0.6.21-9.3.mga6 from libexif-0.6.21-9.3.mga6.src.rpm
mga6, x86_64 Installed the current packages. CVE-2018-20030 DOS vulnerability. No POC available. $ strace -o trace eom Sutherland_1.jpg Manipulated the image. $ grep exif trace open("/lib64/libexif.so.12", O_RDONLY|O_CLOEXEC) = 3 open("/usr/lib64/libexif.so.12.3.3", O_RDONLY) = 3 $ strace -o trace eog LochCluanie_10.jpg Rotated the image then browsed other images. $ grep exif trace open("/lib64/libexif.so.12", O_RDONLY|O_CLOEXEC) = 3 open("/usr/lib64/libexif.so.12.3.3", O_RDONLY) = 3 open("/usr/share/locale/en_GB.UTF-8/LC_MESSAGES/libexif-12.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en_GB.utf8/LC_MESSAGES/libexif-12.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en_GB/LC_MESSAGES/libexif-12.mo", O_RDONLY) = 11 Ran caja and selected an imaged directory and clicked on an image, which was displayed via eom. Ran the GIMP under strace, selected an image, scaled it, changed contrast and brightness and saved it as an xcf file. $ grep exif trace write(13, "\0\0\0\35plug-in-metadata-decode-exif"..., 512) = 512 read(10, "plug-in-metadata-decode-exif\0", 29) = 29 read(10, "plug-in-metadata-decode-exif\0", 29) = 29 read(10, "plug-in-metadata-decode-exif\0", 29) = 29 read(10, "plug-in-metadata-decode-exif\0", 29) = 29 Does that relate to libexif? Installed feh and ran that under strace. Displayed an image, switched fullscreen and back, rotated the image and showed information. $ grep exif trace open("/lib64/libexif.so.12", O_RDONLY|O_CLOEXEC) = 3 Looks like it is working fine.
CC: (none) => tarazed25Whiteboard: (none) => MGA6-64-OK
Keywords: (none) => advisory, validated_updateCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0095.html
Status: NEW => RESOLVEDResolution: (none) => FIXED