RedHat has issued an advisory today (January 28): https://access.redhat.com/errata/RHSA-2020:0262 Mageia 7 is also affected.
Whiteboard: (none) => MGA7TOO
Patched packages uploaded by Nicolas. Advisory: ======================== Updated openjpeg2 packages fix security vulnerability: OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in libopenjp2.so (CVE-2020-6851). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6851 https://access.redhat.com/errata/RHSA-2020:0262 ======================== Updated packages in core/updates_testing: ======================== openjpeg2-2.3.1-1.2.mga7 libopenjp2_7-2.3.1-1.2.mga7 libopenjpeg2-devel-2.3.1-1.2.mga7 from openjpeg2-2.3.1-1.2.mga7.src.rpm
Whiteboard: MGA7TOO => (none)CC: (none) => nicolas.salgueroVersion: Cauldron => 7Assignee: nicolas.salguero => qa-bugs
Mageia7, x86_64 CVE-2020-6851 PoC available. https://github.com/uclouvain/openjpeg/issues/1228 $ opj_decompress -i openjpeg_poc.jp2 -o image_verification.png[INFO] Start to read j2k main header (1277). [INFO] Main header has been correctly decoded. [INFO] No decoded area parameters, set the decoded area to the whole image [INFO] Header of tile 1 / 33 has been read. free(): invalid pointer Aborted (core dumped) That is expected. Continuing this tomorrow.
CC: (none) => tarazed25
Updated the packages. $ opj_decompress -i openjpeg_poc.jp2 -o image_verification.png [INFO] Start to read j2k main header (1277). [INFO] Main header has been correctly decoded. [INFO] No decoded area parameters, set the decoded area to the whole image [ERROR] Image coordinates above INT_MAX are not supported ERROR -> opj_decompress: failed to set the decoded area Looks like it has been caught. Used the image utilities to transform some files. $ opj_compress -i piuva.ppm -o piuva.jp2 [INFO] tile number 1 / 1 [INFO] Generated outfile piuva.jp2 encode time: 52 ms <The jp2 image displayed correctly> $ opj_dump -i piuva.jp2 [INFO] Start to read j2k main header (85). [INFO] Main header has been correctly decoded. Image info { x0=0, y0=0 x1=320, y1=340 [...] type=0xff64, pos=171, len=39 } } No luck trying to convert local PNG files to openjpeg format although PNG is supposed to be supported. We should probably ignore this because maybe only certain PNG formats are supported. Some already have built-in compression which would be flagged in the image header. That is an unknown anyway. $ opj_compress -i GlenShiel.pnm -o glenshiel.j2k [INFO] tile number 1 / 1 [INFO] Generated outfile glenshiel.j2k encode time: 1187 ms $ opj_compress -i ikapati.ppm -o ikapati.jp2 [INFO] tile number 1 / 1 [INFO] Generated outfile ikapati.jp2 encode time: 207 ms $ opj_compress -i barbara.bmp -o barbara.j2k [INFO] tile number 1 / 1 [INFO] Generated outfile barbara.j2k encode time: 48 ms `gm display` and `display` show the output images fine but none of the popular image browsers tried have caught up with open jpeg yet. This looks good for 64-bits.
Whiteboard: (none) => MGA7-64-OK
Sorry, omitted decompress tests in comment 3. $ opj_decompress -i ikapati.jp2 -o ikapati.bmp [INFO] Start to read j2k main header (85). [INFO] Main header has been correctly decoded. [INFO] No decoded area parameters, set the decoded area to the whole image [INFO] Header of tile 1 / 1 has been read. [INFO] Stream reached its end ! [INFO] Generated Outfile ikapati.bmp decode time: 105 ms $ opj_decompress -i piuva.jp2 -o piuva2.pnm [INFO] Start to read j2k main header (85). [INFO] Main header has been correctly decoded. [INFO] No decoded area parameters, set the decoded area to the whole image [INFO] Header of tile 1 / 1 has been read. [INFO] Stream reached its end ! [INFO] Generated Outfile piuva2.pnm decode time: 30 ms There are many modifiers for both compress and decompress, which have not been tested.
Validating. Advisory in Comment 1.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Created attachment 11492 [details] Shortlist of dependent applications
Keywords: (none) => advisoryCC: (none) => tmb
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0071.html
Status: NEW => RESOLVEDResolution: (none) => FIXED