Univention Bugzilla – Bug 51714
libexif: Multiple issues (4.4)
Last modified: 2020-07-29 16:50:47 CEST
New Debian libexif 0.6.21-2+deb9u4 fixes: This update addresses the following issues: * Integer overflow in parsing MNOTE entry data of the input file (CVE-2016-6328) * Out-of-bounds heap read in exif_data_save_data_entry function (CVE-2017-7544) * Input validation issue resulting in a denial of service (CVE-2018-20030) * out of bounds read due to a missing bounds check in exif_data_save_data_entry function in exif-data.c (CVE-2020-0093) * out of bounds read due to a missing bounds check in exif_entry_get_value function in exif-entry.c (CVE-2020-0182) * integer overflow in exif_data_load_data_content function in exif-data.c (CVE-2020-0198) * divide-by-zero in exif_entry_get_value function in exif-entry.c (CVE-2020-12767) * several buffer over-reads in EXIF MakerNote handling can lead to information disclosure and DoS (CVE-2020-13112) * use of uninitialized memory in EXIF Makernote handling can lead to crashes and use-after-free (CVE-2020-13113) * unrestricted size in handling Canon EXIF MakerNote data can lead to consumption of large amounts of compute time for decoding EXIF data (CVE-2020-13114)
--- mirror/ftp/4.4/unmaintained/4.4-4/source/libexif_0.6.21-2+deb9u1.dsc +++ apt/ucs_4.4-0-errata4.4-5/source/libexif_0.6.21-2+deb9u4.dsc @@ -1,3 +1,40 @@ +0.6.21-2+deb9u4 [Wed, 24 Jun 2020 23:25:22 +1000] Hugh McMaster <hugh.mcmaster@outlook.com>: + + * Add upstream patches to fix two security issues: + - Fix a buffer read overflow in exif_entry_get_value() (CVE-2020-0182). + - Fix an unsigned integer overflow in libexif/exif-data.c (CVE-2020-0198) + (Closes: #962345). + +0.6.21-2+deb9u3 [Mon, 25 May 2020 21:28:10 +1000] Hugh McMaster <hugh.mcmaster@outlook.com>: + + * Add upstream patches to fix multiple security issues: + - cve-2020-13112.patch: Fix MakerNote tag size overflow issues at + read time (CVE-2020-13112) (Closes: #961407). + - cve-2020-13113.patch: Ensure MakerNote data pointers are + NULL-initialized (CVE-2020-13113) (Closes: #961409). + - cve-2020-13114.patch: Add a failsafe on the maximum number of + Canon MakerNote subtags to catch extremely large values in tags + (CVE-2020-13114) (Closes: #961410). + +0.6.21-2+deb9u2 [Thu, 21 May 2020 11:22:40 +0200] Mike Gabriel <sunweaver@debian.org>: + + [ Mike Gabriel ] + * Sponsored upload. + * debian/patches: trivial rebasing of several patches. + + [ Hugh McMaster ] + * Team upload. + * Add upstream patches to fix multiple security issues: + - cve-2016-6328.patch: Fix an integer overflow while parsing the MNOTE + entry data of the input file (CVE-2016-6328) (Closes: #873022). + - cve-2017-7544.patch: Fix an out-of-bounds heap read in the function + exif_data_save_data_entry() (CVE-2017-7544) (Closes: #876466). + - cve-2018-20030.patch: Improve deep recursion detection in the function + exif_data_load_data_content() (CVE-2018-20030) (Closes: #918730). + - cve-2020-12767.patch: Prevent some possible division-by-zero errors + in exif_entry_get_value() (CVE-2020-12767) (Closes: #960199). + - cve-2020-0093.patch: Prevent read buffer overflow (CVE-2020-0093). + 0.6.21-2+deb9u1 [Sat, 01 Feb 2020 21:54:38 +0100] Salvatore Bonaccorso <carnil@debian.org>: * Non-maintainer upload by the Security Team. <http://10.200.17.11/4.4-5/#555202617153888112>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-5] 314a160e5a Bug #51714: libexif 0.6.21-2+deb9u4 doc/errata/staging/libexif.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) [4.4-5] a5fd818740 Bug #51714: libexif 0.6.21-2+deb9u4 doc/errata/staging/libexif.yaml | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x663>