Bug 27922 - pngcheck new security issue rhbz#1902806 (CVE-2020-35511)
Summary: pngcheck new security issue rhbz#1902806 (CVE-2020-35511)
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA7-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2020-12-24 16:44 CET by David Walser
Modified: 2022-10-06 14:57 CEST (History)
5 users (show)

See Also:
Source RPM: pngcheck-2.3.0-4.1.mga7.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2020-12-24 16:44:24 CET
Fedora has issued an advisory on December 23:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JII3RE2ULIVFVHUICD6G6VSJHJGEZBX7/

Mageia 7 is also affected.
David Walser 2020-12-24 16:44:41 CET

Whiteboard: (none) => MGA7TOO

Comment 1 Nicolas Lécureuil 2020-12-25 22:37:24 CET
cauldron does not seems to be affected:

"pngcheck versions 2.4.0 and earlier have a number of buffer-overrun bugs, most (but not all) of which are related to the -f option ("force continued parsing after major errors"). As such, the option has been removed altogether in version 3.0.0 (which is the reason for the major-version bump), released on 12 December 2020. All known vulnerabilities are fixed in this version, but the code is pretty crufty, so it would be safest to assume there are still some problems hidden in there. As always, use at your own risk. "

CC: (none) => mageia

Comment 2 Nicolas Lécureuil 2020-12-25 22:41:12 CET
new version in mga7:

src:
    pngcheck-3.0.0-1.mga7

Assignee: zen25000 => qa-bugs
Version: Cauldron => 7
Whiteboard: MGA7TOO => (none)

Comment 3 David Walser 2020-12-26 16:49:35 CET
Advisory:
========================

Updated pngcheck package fixes security vulnerabilities:

Multiple buffer overflow flaws were found in pngcheck 2.4.0 and older
(rhbz#1902806).

References:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JII3RE2ULIVFVHUICD6G6VSJHJGEZBX7/
========================

Updated packages in core/updates_testing:
========================
pngcheck-3.0.0-1.mga7

from pngcheck-3.0.0-1.mga7.src.rpm
Comment 4 Len Lawrence 2020-12-28 12:04:01 CET
mga7, x64

Ran pngcheck without arguments on a collection of 80 PNG images, most of which passed.  There were a few with errors, all of this sort:
Tatiana.png  illegal (unless recently approved) unknown, public chunk eXIf
ERROR: Tatiana.png

Updated the package.

Ran the previous test:
$ pngcheck *.png
OK: audio.png (48x48, 32-bit RGB+alpha, non-interlaced, 53.7%).
OK: bg.png (512x400, 32-bit RGB+alpha, non-interlaced, 83.8%).
OK: bugz.png (566x357, 24-bit RGB, non-interlaced, 94.4%).
[...]
OK: xa4.png (512x512, 8-bit grayscale, non-interlaced, 38.9%).

No errors were detected in 80 of the 80 files tested.

$ pngcheck -p OrphanBlack.png
File: OrphanBlack.png (959909 bytes)
OK: OrphanBlack.png (1080x761, 24-bit RGB, non-interlaced, 61.1%).
$ pngcheck -t loch.png
File: loch.png (3259663 bytes)
JPEG-Quality:
    75
JPEG-Colorspace:
    2
JPEG-Colorspace-Name:
    RGB
JPEG-Sampling-factors:
    2x2,1x1,1x1
EXIF:Orientation:
    1
OK: loch.png (2000x1500, 24-bit RGB, non-interlaced, 63.8%).

Good enough.

Whiteboard: (none) => MGA7-64-OK
CC: (none) => tarazed25

Comment 5 Thomas Andrews 2020-12-28 22:07:18 CET
Validating. Advisory in Comment 3.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

Comment 6 Aurelien Oudelet 2020-12-29 11:04:20 CET
Advisory pushed to SVN.

Keywords: (none) => advisory
CC: (none) => ouaurelien

Comment 7 Mageia Robot 2020-12-29 12:58:51 CET
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2020-0479.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED

Comment 8 David Walser 2022-10-06 14:57:50 CEST
This is CVE-2020-35511:
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4HVZNA3VAYHKC5NXBYOOMUZSZNOXRCF7/

Summary: pngcheck new security issue rhbz#1902806 => pngcheck new security issue rhbz#1902806 (CVE-2020-35511)


Note You need to log in before you can comment on or make changes to this bug.