Ubuntu has issued an advisory on September 26: https://ubuntu.com/security/notices/USN-7037-1
Whiteboard: (none) => MGA9TOOCVE: (none) => CVE-2023-39327Status comment: (none) => Patch available from UbuntuSource RPM: (none) => openjpeg2-2.5.2-1.mga10.src.rpm, openjpeg2-2.5.0-1.mga9.src.rpm
This patch link is more adminstriative: https://github.com/uclouvain/openjpeg/pull/1547 This one looks to be the patch: https://github.com/uclouvain/openjpeg/commit/c58bc128b4f770e7c89bc8ba3d0273b9a3904aad Assigning globally.
Assignee: bugsquad => pkg-bugs
Suggested advisory: ======================== The updated packages fix a security vulnerability: Maliciously constructed pictures can cause the program to enter a large loop and continuously print warning messages on the terminal. (CVE-2023-39327) References: https://ubuntu.com/security/notices/USN-7037-1 ======================== Updated packages in core/updates_testing: ======================== lib(64)openjp2_7-2.5.0-1.1.mga9 lib(64)openjpeg2-devel-2.5.0-1.1.mga9 openjpeg2-2.5.0-1.1.mga9 from SRPM: openjpeg2-2.5.0-1.1.mga9.src.rpm
Source RPM: openjpeg2-2.5.2-1.mga10.src.rpm, openjpeg2-2.5.0-1.mga9.src.rpm => openjpeg2-2.5.0-1.mga9.src.rpmWhiteboard: MGA9TOO => (none)Status comment: Patch available from Ubuntu => (none)Version: Cauldron => 9Assignee: pkg-bugs => qa-bugsStatus: NEW => ASSIGNED
Keywords: (none) => advisory
RH x86_64 LC_ALL=C urpmi --auto --auto-update adding 3 new rpms not available in existing hdlist replacing /var/cache/urpmi/partial/synthesis.hdlist.cz with synthesis.hdlist.cz.tmp updating /var/cache/urpmi/partial/MD5SUM updated medium "QA Testing (64-bit)" medium "Core Release (distrib1)" is up-to-date medium "Core Updates (distrib3)" is up-to-date medium "Nonfree Release (distrib11)" is up-to-date medium "Nonfree Updates (distrib13)" is up-to-date medium "Tainted Release (distrib21)" is up-to-date medium "Tainted Updates (distrib23)" is up-to-date medium "Core 32bit Release (distrib31)" is up-to-date medium "Core 32bit Updates (distrib32)" is up-to-date medium "Nonfree 32bit Release (distrib36)" is up-to-date medium "Nonfree 32bit Updates (distrib37)" is up-to-date medium "Tainted 32bit Release (distrib41)" is up-to-date medium "Tainted 32bit Updates (distrib42)" is up-to-date installing lib64openjp2_7-2.5.0-1.1.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64 Preparing... ################################################################################################## 1/1: lib64openjp2_7 ################################################################################################## 1/1: removing lib64openjp2_7-2.5.0-1.mga9.x86_64 ################################################################################################## LC_ALL=C urpmi openjpeg2 installing openjpeg2-2.5.0-1.1.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64 Preparing... ################################################################################################## 1/1: openjpeg2 ################################################################################################## I not test the poc before the update pj_decompress -i bigloop -o te.raw =========================================== The extension of this file is incorrect. FOUND loop. SHOULD BE .j2k or .jpc or .j2c or .jhc =========================================== [INFO] Start to read j2k main header (0). [INFO] Main header has been correctly decoded. [INFO] No decoded area parameters, set the decoded area to the whole image [INFO] Header of tile 1 / 1041 has been read. [WARNING] Not enough space for expected SOP marker [ERROR] Not enough space for required EPH marker [ERROR] Failed to decode. [ERROR] Failed to decode tile 1/1041 ERROR -> opj_decompress: failed to decode image! Looks good to me
RH x86_64 strace chromium-browser contain openat(AT_FDCWD, "/lib64/libopenjp2.so.7", O_RDONLY|O_CLOEXEC) = 3 Tested with chromium-browser from bug#33443
Tried the poc beore updating: to back up katnatek's test. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39327 Points to these links: https://github.com/uclouvain/openjpeg/issues/1472 https://github.com/pic4xiu/pocRep/blob/main/bigloop $ opj_decompress -i bigloop -o te.raw > dumpfile =========================================== The extension of this file is incorrect. FOUND loop. SHOULD BE .j2k or .jpc or .j2c or .jhc =========================================== .... ^C $ ll dumpfile -rw-r--r-- 1 lcl lcl 23167369216 Oct 2 18:01 dumpfile $ head dumpfile [INFO] Start to read j2k main header (0). [INFO] Main header has been correctly decoded. [INFO] No decoded area parameters, set the decoded area to the whole image [INFO] Header of tile 1 / 1041 has been read. [WARNING] Not enough space for expected SOP marker [WARNING] Not enough space for expected EPH marker [WARNING] Not enough space for expected SOP marker [WARNING] Not enough space for expected EPH marker [WARNING] Not enough space for expected SOP marker [WARNING] Not enough space for expected EPH marker ...endless
CC: (none) => tarazed25
Thank you Len
CC: (none) => andrewsfarmWhiteboard: (none) => MGA9-64-OK
Validating.
CC: (none) => sysadmin-bugsKeywords: (none) => validated_update
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0323.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED