Bug 47530 - exiv2: Multiple issues (4.2)
exiv2: Multiple issues (4.2)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.2
All Linux
: P3 normal (vote)
: UCS 4.2-4-errata
Assigned To: Quality Assurance
Philipp Hahn
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-08-09 10:18 CEST by Quality Assurance
Modified: 2018-08-15 16:20 CEST (History)
0 users

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score: 3.3 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Quality Assurance univentionstaff 2018-08-09 10:18:09 CEST
New Debian exiv2 0.24-4.1+deb8u1 fixes:
This update addresses the following issue(s):
* 
CVE_2017-9239 is open
CVE_2017-11591 is open
CVE_2017-11683 is open
CVE_2017-14859 is open
CVE_2017-14862 is open
CVE_2017-14864 is open
CVE_2017-17669 is open
CVE_2017-17723 is open
CVE_2017-17725 is open
CVE_2017-18005 is open
CVE_2017-1000128 is open
CVE_2018-8976 is open
CVE_2018-9144 is open
CVE_2018-9145 is undetermined
CVE_2018-10780 is undetermined
* In types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal::PngChunk::zlibUncompress call. (CVE-2018-10958)
* An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp allows remote attackers to cause a denial of service (SIGABRT) by triggering an incorrect Safe::add call. (CVE-2018-10998)
* An issue was discovered in Exiv2 0.26. The Exiv2::Internal::PngChunk::parseTXTChunk function has a heap-based buffer over-read. (CVE-2018-10999)
CVE_2018-11037 is open
* Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp. (CVE-2018-11531)
* Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp. (CVE-2018-12264)
* Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in preview.cpp, leading to an out-of-bounds read in Exiv2::MemIo::read in basicio.cpp. (CVE-2018-12265)
CVE_2018-14338 is open

0.24-4.1+deb8u1 (Wed, 27 Jun 2018 08:09:34 -0400) * Non-maintainer upload by the LTS Security Team. * CVE-2018-10958: denial of service through memory exhaustion and application crash by a crafted PNG image. * CVE-2018-10999: a heap-based buffer over-read via a crafted PNG image. * CVE-2018-10998: denial of service through memory exhaustion and application crash by a crafted image. * CVE-2018-11531: a heap-based buffer overflow and application crash by a crafted image. * CVE-2018-12264: integer overflow leading to out of bounds read by a * CVE-2018-12265: integer overflow leading to out of bounds read by a
* CVE-2018-10958 exiv2: SIGABRT caused by memory allocation in types.cpp:Exiv2::Internal::PngChunk::zlibUncompress() (CVE-2018-10958)
* CVE-2018-10998 exiv2: SIGABRT by triggering an incorrect Safe::add call (CVE-2018-10998)
* CVE-2018-10999 exiv2: heap-based buffer over-read in parseTXTChunk function (CVE-2018-10999)
* CVE-2018-11531 exiv2: heap-based buffer overflow in getData in preview.cpp (CVE-2018-11531)
* CVE-2018-12264 exiv2: integer overflow in getData function in preview.cpp (CVE-2018-12264)
* CVE-2018-12265 exiv2: integer overflow in the LoaderExifJpeg class in preview.cpp (CVE-2018-12265)
Comment 1 Quality Assurance univentionstaff 2018-08-09 18:44:19 CEST
--- mirror/ftp/4.2/unmaintained/4.2-0/source/exiv2_0.24-4.1.dsc
+++ apt/ucs_4.2-0-errata4.2-4/source/exiv2_0.24-4.1+deb8u1.dsc
@@ -1,3 +1,18 @@
+0.24-4.1+deb8u1 [Wed, 27 Jun 2018 08:09:34 -0400] Roberto C. Sanchez <roberto@debian.org>:
+
+  * Non-maintainer upload by the LTS Security Team.
+  * CVE-2018-10958: denial of service through memory exhaustion and
+    application crash by a crafted PNG image.
+  * CVE-2018-10999: a heap-based buffer over-read via a crafted PNG image.
+  * CVE-2018-10998: denial of service through memory exhaustion and
+    application crash by a crafted image.
+  * CVE-2018-11531: a heap-based buffer overflow and application crash by a
+    crafted image.
+  * CVE-2018-12264: integer overflow leading to out of bounds read by a
+    crafted image. (Closes: #901707)
+  * CVE-2018-12265: integer overflow leading to out of bounds read by a
+    crafted image. (Closes: #901706)
+
 0.24-4.1 [Wed, 07 Jan 2015 20:25:48 +0100] Salvatore Bonaccorso <carnil@debian.org>:
 
   * Non-maintainer upload.

<http://10.200.17.11/4.2-4/#557510456599570449>
Comment 2 Philipp Hahn univentionstaff 2018-08-10 11:14:04 CEST
OK: yaml
OK: errata-announce
OK: patch
OK: piuparts

[4.2-4] 8c23d8b96e Bug #47530: exiv2 0.24-4.1+deb8u1
 doc/errata/staging/exiv2.yaml | 42 +++++++++---------------------------------
 1 file changed, 9 insertions(+), 33 deletions(-)

[4.2-4] c58d64ad6a Bug #47530: exiv2 0.24-4.1+deb8u1
 doc/errata/staging/exiv2.yaml | 48 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)
Comment 3 Arvid Requate univentionstaff 2018-08-15 16:20:08 CEST
<http://errata.software-univention.de/ucs/4.2/447.html>