Debian-LTS has issued an advisory on June 13: https://www.debian.org/lts/security/2020/dla-2249 Mageia 7 is also affected.
Ubuntu has issued an advisory for this on June 16: https://usn.ubuntu.com/4396-1/
Whiteboard: (none) => MGA7TOO
This has no regular maintainer, so assigning it globally. But CC'ing both Nicolas' who have committed it recently.
CC: (none) => mageia, nicolas.salgueroAssignee: bugsquad => pkg-bugs
Suggested advisory: ======================== The updated packages fix a security vulnerability: In exif_data_load_data_content of exif-data.c, there is a possible UBSAN abort due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. (CVE-2020-0198) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0198 https://www.debian.org/lts/security/2020/dla-2249 https://usn.ubuntu.com/4396-1/ ======================== Updated packages in core/updates_testing: ======================== libexif12-common-0.6.22-1.1.mga7 lib(64)exif12-0.6.22-1.1.mga7 lib(64)exif-devel-0.6.22-1.1.mga7 from SRPMS: libexif-0.6.22-1.1.mga7.src.rpm
CVE: (none) => CVE-2020-0198Version: Cauldron => 7Status: NEW => ASSIGNEDWhiteboard: MGA7TOO => (none)Assignee: pkg-bugs => qa-bugs
mga7, x86_64 No PoC listed for CVE-2020-0198. Working with JPEG and raw RAF format images before update. Updated libexif12-common To satisfy dependencies, the following packages are going to be installed: Package Version Release Arch (medium "Core Updates Testing (distrib5)") lib64exif-devel 0.6.22 1.1.mga7 x86_64 lib64exif12 0.6.22 1.1.mga7 x86_64 libexif12-common 0.6.22 1.1.mga7 x86_64 RAW .RAF files rely on JPEG compression. $ exif RAW_FUJI_S5PRO_V106.RAF EXIF tags in 'RAW_FUJI_S5PRO_V106.RAF' ('Intel' byte order): --------------------+---------------------------------------------------------- Tag |Value --------------------+---------------------------------------------------------- Manufacturer |FUJIFILM Model |FinePix S5Pro Orientation |Top-left X-Resolution |72 Y-Resolution |72 Resolution Unit |Inch Software |Digital Camera FinePix S5Pro Ver1.06 Date and Time |2007:05:27 13:55:17 [...] Gamma |2.2 GPS Tag Version |2.2.0.0 Interoperability Ind|R03 Interoperability Ver|0100 --------------------+---------------------------------------------------------- EXIF data contains a thumbnail (9330 bytes). $ exif GlenShiel.jpg EXIF tags in 'GlenShiel.jpg' ('Intel' byte order): --------------------+---------------------------------------------------------- Tag |Value --------------------+---------------------------------------------------------- Manufacturer |Panasonic Model |DMC-FZ28 Orientation |Top-left X-Resolution |180 Y-Resolution |180 ... $ exif glenShiel.j2k Corrupt data The data provided does not follow the specification. ExifLoader: The data supplied does not seem to contain EXIF data. $ exif GlenShiel.tif Corrupt data The data provided does not follow the specification. ExifLoader: The data supplied does not seem to contain EXIF data. Those messages are expected. ristretto is an application which uses libexif. Browsed an image folder: $ strace -o astro.trace ristretto /data/astro $ grep exif astro.trace openat(AT_FDCWD, "/lib64/libexif.so.12", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/usr/lib64/libexif.so.12.3.4", O_RDONLY) = 3 openat(AT_FDCWD, "/usr/share/locale/en_GB.UTF-8/LC_MESSAGES/libexif-12.mo", O_RDONLY) = -1 ENOENT (No such file or directory) $ strace -o exif.trace darktable LairigGhru_4.jpg $ grep libexif exif.trace openat(AT_FDCWD, "/lib64/libexif.so.12", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/usr/lib64/libexif.so.12.3.4", O_RDONLY) = 3 Good enough.
Whiteboard: (none) => MGA7-64-OKCC: (none) => tarazed25
Validating. Advisory in Comment 3.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0273.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED
*** Bug 27561 has been marked as a duplicate of this bug. ***
(In reply to David Walser from comment #7) > *** Bug 27561 has been marked as a duplicate of this bug. *** This update also fixed CVE-2020-0181, and CVE-2020-0182 was fixed in 0.6.22.
Status: RESOLVED => UNCONFIRMEDEver confirmed: 1 => 0Resolution: FIXED => (none)
Status of this bug report?
CC: (none) => ouaurelienWhiteboard: MGA7-64-OK => (none)Keywords: advisory, validated_update => NEEDINFO
Keywords: NEEDINFO => feedback
Whiteboard: (none) => MGA7-64-OKKeywords: feedback => advisory, validated_update
I have no idea why marking a duplicate re-opened this bug.
Status: UNCONFIRMED => RESOLVEDResolution: (none) => FIXED