I think this now has no formal maintainer, so assigning globally; CC DavidG for recent maintenance of the pkg.

Assignee: bugsquad => pkg-bugs
CC: (none) => geiger.david68210

Updated packages uploaded by Nicolas.  Advisory to come later.

libopencv_core3.4-3.4.5-2.1.mga7
libopencv_imgcodecs3.4-3.4.5-2.1.mga7
libopencv_imgproc3.4-3.4.5-2.1.mga7
libopencv_highgui3.4-3.4.5-2.1.mga7
libopencv_ml3.4-3.4.5-2.1.mga7
libopencv_flann3.4-3.4.5-2.1.mga7
libopencv_calib3d3.4-3.4.5-2.1.mga7
libopencv_features2d3.4-3.4.5-2.1.mga7
libopencv_video3.4-3.4.5-2.1.mga7
libopencv_objdetect3.4-3.4.5-2.1.mga7
libopencv_dnn3.4-3.4.5-2.1.mga7
libopencv_photo3.4-3.4.5-2.1.mga7
libopencv_shape3.4-3.4.5-2.1.mga7
libopencv_stitching3.4-3.4.5-2.1.mga7
libopencv_videoio3.4-3.4.5-2.1.mga7
libopencv_videostab3.4-3.4.5-2.1.mga7
libopencv_superres3.4-3.4.5-2.1.mga7
libopencv_aruco3.4-3.4.5-2.1.mga7
libopencv_bgsegm3.4-3.4.5-2.1.mga7
libopencv_bioinspired3.4-3.4.5-2.1.mga7
libopencv_ccalib3.4-3.4.5-2.1.mga7
libopencv_datasets3.4-3.4.5-2.1.mga7
libopencv_dnn_objdetect3.4-3.4.5-2.1.mga7
libopencv_dpm3.4-3.4.5-2.1.mga7
libopencv_freetype3.4-3.4.5-2.1.mga7
libopencv_fuzzy3.4-3.4.5-2.1.mga7
libopencv_hfs3.4-3.4.5-2.1.mga7
libopencv_img_hash3.4-3.4.5-2.1.mga7
libopencv_line_descriptor3.4-3.4.5-2.1.mga7
libopencv_optflow3.4-3.4.5-2.1.mga7
libopencv_phase_unwrapping3.4-3.4.5-2.1.mga7
libopencv_plot3.4-3.4.5-2.1.mga7
libopencv_reg3.4-3.4.5-2.1.mga7
libopencv_rgbd3.4-3.4.5-2.1.mga7
libopencv_saliency3.4-3.4.5-2.1.mga7
libopencv_stereo3.4-3.4.5-2.1.mga7
libopencv_structured_light3.4-3.4.5-2.1.mga7
libopencv_surface_matching3.4-3.4.5-2.1.mga7
libopencv_text3.4-3.4.5-2.1.mga7
libopencv_tracking3.4-3.4.5-2.1.mga7
libopencv_ximgproc3.4-3.4.5-2.1.mga7
libopencv_xobjdetect3.4-3.4.5-2.1.mga7
libopencv_xphoto3.4-3.4.5-2.1.mga7
opencv-devel-3.4.5-2.1.mga7
python2-opencv-3.4.5-2.1.mga7
python3-opencv-3.4.5-2.1.mga7
opencv-samples-3.4.5-2.1.mga7

from opencv-3.4.5-2.1.mga7.src.rpm

Assignee: pkg-bugs => qa-bugs
Version: Cauldron => 7
Whiteboard: MGA7TOO => (none)
CC: (none) => nicolas.salguero

openSUSE has issued an advisory for this on December 11:
https://lists.opensuse.org/opensuse-updates/2019-12/msg00073.html

Suggested advisory:
========================

The updated packages fix security vulnerabilities:

An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read in the function cv::predictOrdered<cv::HaarEvaluator> in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service. (CVE-2019-14491)

An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read/write in the function HaarEvaluator::OptFeature::calc in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service. (CVE-2019-14492)

An issue was discovered in OpenCV 4.1.0. There is a divide-by-zero error in cv::HOGDescriptor::getDescriptorSize in modules/objdetect/src/hog.cpp. (CVE-2019-15939)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14491
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14492
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15939
http://lists.suse.com/pipermail/sle-security-updates/2019-December/006214.html
https://lists.opensuse.org/opensuse-updates/2019-12/msg00073.html

Status: NEW => ASSIGNED
CVE: (none) => CVE-2019-14491, CVE-2019-14492, CVE-2019-15939
Source RPM: opencv-3.4.7-2.mga8.src.rpm => opencv-3.4.5-2.mga7.src.rpm

I synched to my repo and cannot find this out there.  Tried a different repo and the same.  Can you confirm this was replicated out to the US repos?

CC: (none) => brtians1

Yes, mirrors.kernel.org has it.

MGA7-64 Plasma on Lenovo B50
No installation issues.
Tried to replicate the test in bug 10815Cmment 12, but ....
$ g++ -lopencv_core -lopencv_imgproc -lopencv_highgui -o edge /usr/share/OpenCV/samples/cpp/edge.cpp
/usr/bin/ld: /tmp/ccyugjKM.o: undefined reference to symbol '_ZN2cv6imreadERKNS_6StringEi'
/usr/bin/ld: /usr/lib64/libopencv_imgcodecs.so.3.4: error adding symbols: DSO missing from command line
collect2: error: ld retuned exit-status 1

Try this (you'll need opencv-devel installed):
g++ $(pkg-config --libs opencv) -o edge /usr/share/OpenCV/samples/cpp/edge.cpp

Fedora reference for one of the CVEs from December 2:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HPFLN6QAX6SUA4XR4NMKKXX26H3TYCVQ/

Severity: normal => major

Having a look at the CVEs for this.
First results, before updates.

Mageia7, x86_64

Installed all the packages and dependencies.

$ g++ $(pkg-config --libs opencv) -o edge /usr/share/OpenCV/samples/cpp/edge.cpp
$ file edge
edge: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=3dae70f7264983d2b57440cc608362a5c8478d4d, for GNU/Linux 3.2.0, with debug_info, not stripped
$ ./edge

This sample demonstrates Canny edge detection
Call:
    /.edge [image_name -- Default is fruits.jpg]

[ WARN:0] cv::samples::findFile('fruits.jpg') => '/usr/share/OpenCV/samples/data/fruits.jpg'

This generated a couple of interactive gui frames showing textured slices of citrus fruit with different line colours.  The sliders change the threshold, which alters the visibility of the objects.

CVE-2019-14991
https://github.com/opencv/opencv/issues/15125
gunzip, untar PoC file.
Compile the classifier script.
$ g++ $(pkg-config --libs opencv) -o classifier classifier.cc
$ ./classifier appname.bmp @@
Load haarcascade_eye.xml failed!
The upstream asan test ends with an ABORT>

CC: (none) => tarazed25

*Before updates*

CVE-2019-14991
Following on from comment 11:

Not properly awake - the PoC test lacked the PoC file!
Repeating:
$ ./classifier appname.bmp 'int@cascadedetect.hpp:515-17___out-of-bounds-read'
Segmentation fault (core dumped)

CVE-2019-14492
https://github.com/opencv/opencv/issues/15124
The PoC uses the same C++ and bitmap files as before - checked that with diff - so the compilation is probably redundant.
$ g++ $(pkg-config --libs opencv) -o classifier classifier.cc
$ ./classifier appname.bmp 'cv::HaarEvaluator::OptFeature::calc@cascadedetect.hpp:395-29___out-of-bounds-read'
<No obvious problem>

CVE-2019-15939
https://github.com/OpenCV/opencv/issues/15287
$ g++ $(pkg-config --libs opencv) -o hog hog.cc
$ ./hog timg.jpeg getDescriptorSize__FPE
Floating point exception (core dumped)

Updated everything and ran the PoC tests again.
Recompiled the test scripts.

*After updates*

CVE-2019-14991
$ ./classifier appname.bmp 'int@cascadedetect.hpp:515-17___out-of-bounds-read'
terminate called after throwing an instance of 'cv::Exception'
  what():  OpenCV(3.4.5) /home/iurt/rpmbuild/BUILD/opencv-3.4.5/modules/objdetect/src/cascadedetect.cpp:568: error: (-2:Unspecified error) in function 'bool cv::HaarEvaluator::Feature::read(const cv::FileNode&, const Size&)'
> Invalid HAAR feature (expected: 'rw.r.x < W'), where
>     'rw.r.x' is 2147483647
> must be less than
>     'W' is 20

Aborted (core dumped)
<different>

CVE-2019-14492
$ ./classifier appname.bmp 'cv::HaarEvaluator::OptFeature::calc@cascadedetect.hpp:395-29___out-of-bounds-read'
terminate called after throwing an instance of 'cv::Exception'
  what():  OpenCV(3.4.5) /home/iurt/rpmbuild/BUILD/opencv-3.4.5/modules/objdetect/src/cascadedetect.cpp:568: error: (-2:Unspecified error) in function 'bool cv::HaarEvaluator::Feature::read(const cv::FileNode&, const Size&)'
> Invalid HAAR feature (expected: 'rw.r.x < W'), where
>     'rw.r.x' is 2147483647
> must be less than
>     'W' is 20

Aborted (core dumped)
<Also different>

CVE-2019-15939
$ ./hog timg.jpeg getDescriptorSize__FPE
terminate called after throwing an instance of 'cv::Exception'
  what():  OpenCV(3.4.5) /home/iurt/rpmbuild/BUILD/opencv-3.4.5/modules/objdetect/src/hog.cpp:157: error: (-215:Assertion failed) !cellSize.empty() in function 'read'

Aborted (core dumped)
<different>

The tests afterwards seem to produce more detail and the applications crash but perhaps there is no need for a test script to exit gracefully.


Recompiled edge.cc and ran it.  It works just as before.
With apologies for standing on Herman's foot, passing this for 64-bits.

Whiteboard: (none) => MGA7-64-OK

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2020-0030.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED