Debian-LTS has issued an advisory on January 31: https://www.debian.org/lts/security/2020/dla-2089 Mageia 7 is also affected.
Whiteboard: (none) => MGA7TOO
Suggested advisory: ======================== The updated packages fix a security vulnerability: opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851. (CVE-2020-8112) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8112 https://www.debian.org/lts/security/2020/dla-2089 ======================== Updated packages in core/updates_testing: ======================== openjpeg2-2.3.1-1.3.mga7 lib(64)openjp2_7-2.3.1-1.3.mga7 lib(64)openjpeg2-devel-2.3.1-1.3.mga7 from SRPMS: openjpeg2-2.3.1-1.3.mga7.src.rpm
Assignee: nicolas.salguero => qa-bugsWhiteboard: MGA7TOO => (none)Status: NEW => ASSIGNEDCVE: (none) => CVE-2020-8112Version: Cauldron => 7
Mageia7, x86_64 CVE-2020-8112 https://github.com/uclouvain/openjpeg/issues/1231 $ opj_decompress -i openjpeg_poc2 -o verification.pgm =========================================== The extension of this file is incorrect. FOUND poc2. SHOULD BE .jp2 =========================================== [INFO] Start to read j2k main header (884). [INFO] Main header has been correctly decoded. [INFO] No decoded area parameters, set the decoded area to the whole image [INFO] Header of tile 1 / 1 has been read. Segmentation fault (core dumped) Updated the three packages and tried the PoC. $ opj_decompress -i openjpeg_poc2 -o verification.pgm =========================================== The extension of this file is incorrect. FOUND poc2. SHOULD BE .jp2 =========================================== [INFO] Start to read j2k main header (884). [INFO] Main header has been correctly decoded. [INFO] No decoded area parameters, set the decoded area to the whole image [ERROR] Integer overflow [ERROR] Cannot decode tile, memory error [ERROR] Failed to decode the codestream in the JP2 file ERROR -> opj_decompress: failed to decode image! That seems to have trapped the problem - the heap buffer overflow seems to have triggered an integer overflow. Shall assume that this is within the range of expected outcomes. Ran a quick series of tests on images following the procedure in https://bugs.mageia.org/show_bug.cgi?id=26141 No regressions encountered.
CC: (none) => tarazed25Whiteboard: (none) => MGA7-64-OK
Validating. Advisory in Comment 1.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => tmb
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0074.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED