openSUSE has issued an advisory on May 3: https://lists.opensuse.org/opensuse-updates/2019-05/msg00017.html Mageia 6 is also affected.
Blocks: (none) => 23168Whiteboard: (none) => MGA6TOO
Assigning to our registered jasper maintainer.
Assignee: bugsquad => mageiaCC: (none) => marja11
Fixed both mga6 and Cauldron! Also added the fix for CVE-2016-9398!
CC: (none) => geiger.david68210
Advisory: ======================== Updated jasper packages fix security vulnerabilities: The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors (CVE-2016-9398). A denial of service in jp2_decode (CVE-2018-19542). A denial of service in jas_image_readcmpt (CVE-2018-19539). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9398 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19542 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19539 https://lists.opensuse.org/opensuse-updates/2019-05/msg00017.html ======================== Updated packages in core/updates_testing: ======================== jasper-1.900.23-5.2.mga6 libjasper1-1.900.23-5.2.mga6 libjasper-devel-1.900.23-5.2.mga6 libjasper-static-devel-1.900.23-5.2.mga6 from jasper-1.900.23-5.2.mga6.src.rpm
Whiteboard: MGA6TOO => (none)Version: Cauldron => 6CC: (none) => mageiaAssignee: mageia => qa-bugs
MGA6-32 MATE on IBM Thinkpad R50e No installation issues. Ref bug 23139 Comment 13 for test, starting jpg file created by exporting tif from Gimp. At CLI: $ imginfo -f 1973-024.jpg jpg 3 2904 4208 8 36660096 $ jasper --input 1973-024.jpg --output-format jp2 --output 1973-024.jp2 $ imginfo -f 1973-024.jp2 warning: ignoring invalid option max_samples jp2 3 2904 4208 8 36660096 Resulting jp2 file looks OK in Gimp.
Whiteboard: (none) => MGA6-32-OKCC: (none) => herman.viaene
mga6, x86_64 POC tests: *before update* CVE-2016-9398 https://bugzilla.suse.com/show_bug.cgi?id=1010979&_ga=2.208433362.1398527329.1557324314-55335118.1500933662 $ jasper --input CVE-2016-9398.jasper --output foo.bmp jasper: jpc_math.c:94: jpc_floorlog2: Assertion `x > 0' failed. Aborted (core dumped) CVE-2018-19452 https://bugzilla.suse.com/show_bug.cgi?id=1117505&_ga=2.8860917.1398527329.1557324314-55335118.1500933662 $ jasper --input jasper_bug_4.jp2 --output foo.jpg warning: trailing garbage in marker segment (3 bytes) warning: trailing garbage in marker segment (32 bytes) warning: not enough tile data (109 bytes) warning: number of components mismatch warning: component data type mismatch Segmentation fault (core dumped) CVE-2018-19539 https://bugzilla.suse.com/show_bug.cgi?id=1117511&_ga=2.121011016.1398527329.1557324314-55335118.1500933662 $ jasper --input jasper_bug_2.jp2 --output foo.bmp warning: number of components mismatch Segmentation fault (core dumped) *after update* CVE-2016-9398 $ jasper --input CVE-2016-9398.jasper --output foo.bmp alignment failed jpc_dec_decodepkts failed error: cannot decode code stream error: cannot load image data CVE-2018-19452 $ jasper --input jasper_bug_4.jp2 --output foo.jpg warning: trailing garbage in marker segment (3 bytes) warning: trailing garbage in marker segment (32 bytes) warning: not enough tile data (109 bytes) warning: number of components mismatch warning: component data type mismatch error: invalid MTYP in CMAP box error: cannot load image data CVE-2018-19539 $ jasper --input jasper_bug_2.jp2 --output foo.bmp warning: number of components mismatch error: cannot encode image All three results are tidier.
CC: (none) => tarazed25
Follow on from comment 5: $ jasper --input ht2jk.jpg --output-format jp2 --output riverpan.jp2 Displays OK. $ imginfo -f riverpan.jp2 warning: ignoring invalid option max_samples jp2 3 2816 558 8 4713984 $ diff riverpan.jp2 ht2jk.jpg Binary files riverpan.jp2 and ht2jk.jpg differ $ jasper -f sail.j2k -F sail.bmp -T bmp $ display sail.bmp <OK> $ imginfo -f sail.bmp THE BMP FORMAT IS NOT FULLY SUPPORTED! THAT IS, THE JASPER SOFTWARE CANNOT DECODE ALL TYPES OF BMP DATA. IF YOU HAVE ANY PROBLEMS, PLEASE TRY CONVERTING YOUR IMAGE DATA TO THE PNM FORMAT, AND USING THIS FORMAT INSTEAD. bmp 3 640 480 8 921600 <Nothing new here> $ convert sail.bmp sail.ppm $ imginfo -f sail.ppm warning: ignoring options pnm 3 640 480 8 921600 Looks like jasper still has some rough edges but it can probably go out based on comments 4, 5, 6.
Whiteboard: MGA6-32-OK => MGA6-32-OK MGA6-64-OK
Validating. Advisory in Comment 3.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => tmb
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0167.html
Status: NEW => RESOLVEDResolution: (none) => FIXED