Bug 654376 (CVE-2018-10528, CVE-2018-10529)

Summary:	<media-libs/libraw-0.18.11: multiple vulnerabilities
Product:	Gentoo Security	Reporter:	D'juan McDonald (domhnall) <flopwiki>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	graphics+disabled
Priority:	Normal	Flags:	stable-bot: sanity-check+
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://github.com/LibRaw/LibRaw/issues/144
Whiteboard:	B3 [noglsa cve]
Package list:	media-libs/libraw-0.18.11	Runtime testing required:	---

Description D'juan McDonald (domhnall) 2018-04-29 21:36:06 UTC

(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10528):
An issue was discovered in LibRaw 0.18.9. There is a stack-based buffer overflow in the utf2char function in libraw_cxx.cpp.

https://github.com/LibRaw/LibRaw/commit/895529fc2f2eb8bc633edd6b04b5b237eb4db564
https://github.com/LibRaw/LibRaw/issues/144 

(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10529):
An issue was discovered in LibRaw 0.18.9. There is an out-of-bounds read affecting the X3F property table list implementation in libraw_x3f.cpp and libraw_cxx.cpp. 

https://github.com/LibRaw/LibRaw/commit/f0c505a3e5d47989a5f69be2d0d4f250af6b1a6c
https://github.com/LibRaw/LibRaw/issues/144


Upstream states "[fix]To be reflected in Changelog on 0.18.10 release"

Comment 1 D'juan McDonald (domhnall) 2018-05-11 03:17:22 UTC

Update:

LibRaw 0.18.11 (update: was 0.18.3...0.18.10)
https://www.libraw.org/news/libraw-0-18-11

Comment 2 Larry the Git Cow gentoo-dev

2018-05-22 14:32:42 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=60f04b5bbe482a9bfa026b7c1d49df2e13ee3ff4

commit 60f04b5bbe482a9bfa026b7c1d49df2e13ee3ff4
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2018-05-22 14:16:30 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2018-05-22 14:32:22 +0000

    media-libs/libraw: Bump to version 0.18.11
    
    Bug: https://bugs.gentoo.org/654376
    Closes: https://bugs.gentoo.org/655144
    Package-Manager: Portage-2.3.38, Repoman-2.3.9

 media-libs/libraw/Manifest              |  1 +
 media-libs/libraw/libraw-0.18.11.ebuild | 66 +++++++++++++++++++++++++++++++++
 2 files changed, 67 insertions(+)

Comment 3 Mikle Kolyada (RETIRED) archtester

2018-05-22 14:49:15 UTC

Arches, go ahead.

Comment 4 Larry the Git Cow gentoo-dev

2018-05-23 10:04:49 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0dfc7b064706870f676e1f69642d77e668ed6e4d

commit 0dfc7b064706870f676e1f69642d77e668ed6e4d
Author:     Agostino Sarubbo <ago@gentoo.org>
AuthorDate: 2018-05-23 10:04:36 +0000
Commit:     Agostino Sarubbo <ago@gentoo.org>
CommitDate: 2018-05-23 10:04:36 +0000

    media-libs/libraw: amd64 stable wrt bug #654376
    
    Bug: https://bugs.gentoo.org/654376
    Package-Manager: Portage-2.3.24, Repoman-2.3.6
    RepoMan-Options: --include-arches="amd64"
    Committed-with: The-Ultimate-Committer-0.1

 media-libs/libraw/libraw-0.18.11.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comment 5 Agostino Sarubbo gentoo-dev

2018-05-23 10:05:08 UTC

amd64 stable

Comment 6 Larry the Git Cow gentoo-dev

2018-05-23 19:03:59 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8ce45ea1c6a29ad3cf1c1bc186b3d41797397a9d

commit 8ce45ea1c6a29ad3cf1c1bc186b3d41797397a9d
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2018-05-23 19:03:38 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-05-23 19:03:48 +0000

    media-libs/libraw: stable 0.18.11 for ia64, bug #654376
    
    Bug: https://bugs.gentoo.org/654376
    Package-Manager: Portage-2.3.38, Repoman-2.3.9
    RepoMan-Options: --include-arches="ia64"

 media-libs/libraw/libraw-0.18.11.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comment 7 Thomas Deutschmann (RETIRED) gentoo-dev

2018-05-26 00:00:47 UTC

x86 stable

Comment 8 Markus Meier gentoo-dev

2018-05-29 04:41:32 UTC

arm stable

Comment 9 Tobias Klausmann (RETIRED) gentoo-dev

2018-06-21 07:28:55 UTC

Stable on alpha.

Comment 10 Larry the Git Cow gentoo-dev

2018-07-15 10:25:06 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7f4476a4804dae2a2e7efa271dec893ea3e6f12d

commit 7f4476a4804dae2a2e7efa271dec893ea3e6f12d
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2018-07-15 10:00:34 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-07-15 10:24:32 +0000

    media-libs/libraw: stable 0.18.11 for ppc, bug #654376
    
    Bug: https://bugs.gentoo.org/654376
    Package-Manager: Portage-2.3.42, Repoman-2.3.9
    RepoMan-Options: --include-arches="ppc"

 media-libs/libraw/libraw-0.18.11.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=30c2784981bd15f85aad3a7de4accadcb58cf786

commit 30c2784981bd15f85aad3a7de4accadcb58cf786
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2018-07-15 09:51:19 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-07-15 10:24:28 +0000

    media-libs/libraw: stable 0.18.11 for ppc64, bug #654376
    
    Bug: https://bugs.gentoo.org/654376
    Package-Manager: Portage-2.3.42, Repoman-2.3.9
    RepoMan-Options: --include-arches="ppc64"

 media-libs/libraw/libraw-0.18.11.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comment 11 Larry the Git Cow gentoo-dev

2018-09-15 02:31:17 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=11672b476e8d21c6485b89119a9179d899ccbaab

commit 11672b476e8d21c6485b89119a9179d899ccbaab
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2018-09-14 18:50:24 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2018-09-15 02:30:29 +0000

    media-libs/libraw: Security cleanup
    
    Bug: https://bugs.gentoo.org/654376
    Package-Manager: Portage-2.3.49, Repoman-2.3.10

 media-libs/libraw/Manifest                         |  4 --
 .../libraw/files/libraw-0.18.4-glibc-2.27.patch    | 14 -----
 media-libs/libraw/libraw-0.18.4.ebuild             | 67 ----------------------
 media-libs/libraw/libraw-0.18.8.ebuild             | 63 --------------------
 4 files changed, 148 deletions(-)

Comment 12 Andreas Sturmlechner gentoo-dev

2018-09-30 16:59:47 UTC

ping sec.

Comment 13 Aaron Bauman (RETIRED) gentoo-dev

2018-11-24 22:26:24 UTC

tree is clean