CVE-2017-17725 (https://nvd.nist.gov/vuln/detail/CVE-2017-17725): In Exiv2 0.26, there is an integer overflow leading to a heap-based buffer over-read in the Exiv2::getULong function in types.cpp. Remote attackers can exploit the vulnerability to cause a denial of service via a crafted image file. Note that this vulnerability is different from CVE-2017-14864, which is an invalid memory address dereference.
Backport pending upstream: https://github.com/Exiv2/exiv2/pull/232
merged upstream thanks to Andreas.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1dc8557a38b42c16b34728619c94d0c89476251a commit 1dc8557a38b42c16b34728619c94d0c89476251a Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2018-04-25 17:40:31 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2018-04-25 17:53:27 +0000 media-gfx/exiv2: Add 0.26_p20180319 snapshot Fixing CVE-2017-17669, CVE-2017-17725, CVE-2017-18005, CVE-2018-4868 Bug: https://bugs.gentoo.org/626214 Bug: https://bugs.gentoo.org/643554 Bug: https://bugs.gentoo.org/647808 Bug: https://bugs.gentoo.org/640978 Package-Manager: Portage-2.3.31, Repoman-2.3.9 media-gfx/exiv2/Manifest | 1 + media-gfx/exiv2/exiv2-0.26_p20180319.ebuild | 136 ++++++ .../exiv2-0.26_p20180319-CVE-2017-18005.patch | 484 +++++++++++++++++++++ .../files/exiv2-0.26_p20180319-CVE-2018-4868.patch | 39 ++ 4 files changed, 660 insertions(+)}
Arches, please stabilise.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0a81a58941df3666319fcd943f43b205fb3c58d9 commit 0a81a58941df3666319fcd943f43b205fb3c58d9 Author: Rolf Eike Beer <eike@sf-mail.de> AuthorDate: 2018-04-29 19:11:37 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-04-29 19:41:40 +0000 media-gfx/exiv2: stable 0.26_p20180319 for sparc Bug: https://bugs.gentoo.org/647808 Package-Manager: Portage-2.3.24, Repoman-2.3.6 RepoMan-Options: --include-arches="sparc" media-gfx/exiv2/exiv2-0.26_p20180319.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)}
amd64 stable
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=73e1be3de9849a18e97057c9ab092f4078808dc0 commit 73e1be3de9849a18e97057c9ab092f4078808dc0 Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2018-05-01 07:44:48 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-05-01 08:07:04 +0000 media-gfx/exiv2: stable 0.26_p20180319 for ia64, bug #647808 Bug: https://bugs.gentoo.org/647808 Package-Manager: Portage-2.3.31, Repoman-2.3.9 RepoMan-Options: --include-arches="ia64" media-gfx/exiv2/exiv2-0.26_p20180319.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
x86 stable
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=06fbdeb1f6f84e8a375a850426038ff227a9b280 commit 06fbdeb1f6f84e8a375a850426038ff227a9b280 Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2018-05-11 22:56:24 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-05-11 22:56:24 +0000 media-gfx/exiv2: stable 0.26_p20180319 for ppc, bug #647808 Bug: https://bugs.gentoo.org/647808 Package-Manager: Portage-2.3.36, Repoman-2.3.9 RepoMan-Options: --include-arches="ppc" media-gfx/exiv2/exiv2-0.26_p20180319.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Stable on alpha.
arm stable
ppc64 stable, hppa is not supported, please, cleanup.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=40c32e8333488b1965fa1de32d97a7403786ab0b commit 40c32e8333488b1965fa1de32d97a7403786ab0b Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2018-05-29 12:13:07 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2018-05-29 12:31:09 +0000 media-gfx/exiv2: Drop 0.26_p20171104 (security cleanup) Bug: https://bugs.gentoo.org/647808 Bug: https://bugs.gentoo.org/640978 Bug: https://bugs.gentoo.org/643554 Closes: https://bugs.gentoo.org/626214 Package-Manager: Portage-2.3.40, Repoman-2.3.9 media-gfx/exiv2/Manifest | 1 - media-gfx/exiv2/exiv2-0.26_p20171104.ebuild | 128 ---------------------------- 2 files changed, 129 deletions(-)