Mageia Bugzilla – Bug 6758
openjpeg new security issue CVE-2012-3358
Last modified: 2012-07-14 01:08:38 CEST
RedHat has issued an advisory today (July 11): https://rhn.redhat.com/errata/RHSA-2012-1068.html Link to the upstream commit to fix in the RedHat bug: https://bugzilla.redhat.com/show_bug.cgi?id=835767 Mageia 1 and 2 are also affected.
Patched package uploaded for Mageia 1, Mageia 2, and Cauldron. Advisory: ======================== Updated openjpeg packages fix security vulnerability: An input validation flaw, leading to a heap-based buffer overflow, was found in the way OpenJPEG handled the tile number and size in an image tile header. A remote attacker could provide a specially-crafted image file that, when decoded using an application linked against OpenJPEG, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application (CVE-2012-3358). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3358 https://rhn.redhat.com/errata/RHSA-2012-1068.html ======================== Updated packages in core/updates_testing: ======================== libopenjpeg2-1.3-7.1.mga1 libopenjpeg-devel-1.3-7.1.mga1 openjpeg-1.5.0-1.3.mga2 libopenjpeg1-1.5.0-1.3.mga2 libopenjpeg-devel-1.5.0-1.3.mga2 from SRPMS: openjpeg-1.3-7.1.mga1.src.rpm openjpeg-1.5.0-1.3.mga2.src.rpm
If I got everything right, this was fixed in the same commit as this bug: https://bugs.mageia.org/show_bug.cgi?id=6624 But I guess we didn't apply both patches previously? See http://code.google.com/p/openjpeg/source/detail?r=1703 for details, http://code.google.com/p/openjpeg/issues/detail?id=62 for a PoC for this bug. Could anybody check I'm not missing something here? I'm not sure how exactly (or if) this is related to https://bugs.mageia.org/show_bug.cgi?id=6624. Also, the SRPM version of one of the packages here (openjpeg-1.3-7.1.mga1.src.rpm) is identical to the one used here: https://bugs.mageia.org/show_bug.cgi?id=6624 Is this correct?
CVE-2009-5030 from the previous update was fixed in revision 1703. CVE-2012-3358 for this update was fixed in revision 1727: https://bugzilla.redhat.com/show_bug.cgi?id=835767 I did forget to bump the subrel for the Mageia 1 update, thanks for catching. Update for Mageia 1 rebuilt. Advisory: ======================== Updated openjpeg packages fix security vulnerability: An input validation flaw, leading to a heap-based buffer overflow, was found in the way OpenJPEG handled the tile number and size in an image tile header. A remote attacker could provide a specially-crafted image file that, when decoded using an application linked against OpenJPEG, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application (CVE-2012-3358). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3358 https://rhn.redhat.com/errata/RHSA-2012-1068.html ======================== Updated packages in core/updates_testing: ======================== libopenjpeg2-1.3-7.2.mga1 libopenjpeg-devel-1.3-7.2.mga1 openjpeg-1.5.0-1.3.mga2 libopenjpeg1-1.5.0-1.3.mga2 libopenjpeg-devel-1.5.0-1.3.mga2 from SRPMS: openjpeg-1.3-7.2.mga1.src.rpm openjpeg-1.5.0-1.3.mga2.src.rpm
There doesn't seem to be a PoC for this one so just testing it still works with the same procedure as bug 6624
Testing complete mga2 64
Testing complete mga1 64
Testing complete mga1 32
Testing complete mga2 32
Validating, thanks malo Please see comment 3 for advisory and srpms for mga1 and 2 Could sysadmin please push from core/updates_testing to core/updates Thanks!
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0166