Bug 25674 - libexif new security issue CVE-2019-9278
Summary: libexif new security issue CVE-2019-9278
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA7-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2019-11-09 15:12 CET by David Walser
Modified: 2019-11-19 22:18 CET (History)
5 users (show)

See Also:
Source RPM: libexif-0.6.21-14.mga7.src.rpm
CVE: CVE-2019-9278
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2019-11-09 15:12:43 CET 
Chromium fixed an issue in its bundled libexif:
https://www.openwall.com/lists/oss-security/2019/11/07/1

There's a link to the fix in the message above.
David Walser 2019-11-09 15:12:51 CET

Whiteboard: (none) => MGA7TOO

Comment 1 Christiaan Welvaart 2019-11-09 15:19:16 CET 
Note that according to that mail the fix in a bundled libexif is not in chromium but in android.

CC: (none) => cjw

Comment 2 David Walser 2019-11-09 15:34:09 CET 
Thanks for the correction.  I was in a hurry.
Comment 3 Lewis Smith 2019-11-09 22:14:05 CET 
See also bug 25675 (for libvpx). Because...
(In reply to Christiaan Welvaart from comment #1)
> Note that according to that mail the fix in a bundled libexif is not in
> chromium but in android.
is analogous, and you (David) closed that other bug in consequence. I do not want to tread on toes, so please do likewise if appropriate.
OTOH if this bug remains valid, libexif has no maintainer so the bug needs assigning globally to pkg-bugs.

CC: (none) => lewyssmith

Comment 4 Nicolas Salguero 2019-11-13 10:44:28 CET 
Suggested advisory:
========================

The updated packages fix a security vulnerability:

In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. (CVE-2019-9278)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9278
https://www.openwall.com/lists/oss-security/2019/11/07/1
========================

Updated packages in core/updates_testing:
========================
libexif12-common-0.6.21-14.1.mga7
lib(64)exif12-0.6.21-14.1.mga7
lib(64)exif-devel-0.6.21-14.1.mga7

from SRPMS:
libexif-0.6.21-14.1.mga7.src.rpm

Assignee: bugsquad => qa-bugs
Version: Cauldron => 7
Whiteboard: MGA7TOO => (none)
CC: (none) => nicolas.salguero
Status: NEW => ASSIGNED
CVE: (none) => CVE-2019-9278

Comment 5 Lewis Smith 2019-11-13 18:53:20 CET 
Thank you Nicolas for pushing this bug along on the right rails.

CC: lewyssmith => (none)

Comment 6 Herman Viaene 2019-11-18 16:28:03 CET 
MGA7-64 Plasma on Lenovo B50
No installation issues. Installed the exif packageas well, in the hope that exif will use its own libs.
exif /mnt/beelden/Pictures/2019/20190101Nieuwjaar/P1013877.JPG 
EXIF-labels in '/mnt/beelden/Pictures/2019/20190101Nieuwjaar/P1013877.JPG' ('Intel' byte-volgorde):
--------------------+----------------------------------------------------------
Label               |waarde
--------------------+----------------------------------------------------------
Beschrijving van afb|OLYMPUS DIGITAL CAMERA         
Fabrikant           |OLYMPUS IMAGING CORP.  
Model               |E-500           
Oriëntatie          |Linksboven
x-resolutie         |314
x-resolutie         |314
Resolutieeenheid    |Inch
Programmatuur       |Version 1.0                    
Datum en tijd       |2019:01:01 00:22:51
and a lot more
Seems OK.

Whiteboard: (none) => MGA7-64-OK
CC: (none) => herman.viaene

Thomas Backlund 2019-11-19 19:19:39 CET

Keywords: (none) => advisory, validated_update
CC: (none) => tmb, sysadmin-bugs

Comment 7 Mageia Robot 2019-11-19 22:18:56 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2019-0331.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED
Note You need to log in before you can comment on or make changes to this bug.