Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 658624 (CVE-2018-1152, CVE-2018-11813) - <media-libs/libjpeg-turbo-1.5.3-r2: multiple vulnerabilities (CVE-2018-{1152,11813})
Summary: <media-libs/libjpeg-turbo-1.5.3-r2: multiple vulnerabilities (CVE-2018-{1152,...
Status: RESOLVED FIXED
Alias: CVE-2018-1152, CVE-2018-11813
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://github.com/libjpeg-turbo/libj...
Whiteboard: B3 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2018-06-21 05:30 UTC by Florian Schuhmacher
Modified: 2019-07-31 23:30 UTC (History)
2 users (show)

See Also:
Package list:
media-libs/libjpeg-turbo-1.5.3-r2
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Florian Schuhmacher 2018-06-21 05:30:02 UTC
libjpeg-turbo through version 1.5.90 is vulnerable to a divide by zero flaw in the rdbmp.c:start_input_bmp() function. An attacker could exploit this to cause a denial of service via crafted BMP image.

Gentoo Security Scout
Florian Schuhmacher
Comment 1 Larry the Git Cow gentoo-dev 2018-06-21 13:45:37 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a6fd7dd5d9d605685ff7f62bebf6f56fd4dbb8b9

commit a6fd7dd5d9d605685ff7f62bebf6f56fd4dbb8b9
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2018-06-21 13:40:08 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2018-06-21 13:45:31 +0000

    media-libs/libjpeg-turbo: Revbump to fix division by zero.
    
    Bug: https://bugs.gentoo.org/658624
    Package-Manager: Portage-2.3.40, Repoman-2.3.9

 .../files/libjpeg-turbo-1.5.3-divzero_fix.patch    |  18 ++++
 .../files/libjpeg-turbo-1.5.90-divzero_fix.patch   |  41 +++++++
 .../libjpeg-turbo/libjpeg-turbo-1.5.3-r1.ebuild    | 120 +++++++++++++++++++++
 ....5.90.ebuild => libjpeg-turbo-1.5.90-r1.ebuild} |   8 +-
 4 files changed, 185 insertions(+), 2 deletions(-)
Comment 2 Lars Wendler (Polynomial-C) gentoo-dev 2018-06-21 13:47:11 UTC
I suggest to stabilize =media-libs/libjpeg-turbo-1.5.3-r1
Comment 3 Larry the Git Cow gentoo-dev 2018-08-16 11:02:43 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0ba1f0cf1f00c16bd2efcf96fcba79f17dffc0ee

commit 0ba1f0cf1f00c16bd2efcf96fcba79f17dffc0ee
Author:     Jason Zaman <perfinion@gentoo.org>
AuthorDate: 2018-08-16 11:01:30 +0000
Commit:     Jason Zaman <perfinion@gentoo.org>
CommitDate: 2018-08-16 11:02:03 +0000

    media-libs/libjpeg-turbo-1.5.3-r2: Fix CVE-2018-11813
    
    libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF
    
    https://nvd.nist.gov/vuln/detail/CVE-2018-11813
    
    Bug: https://bugs.gentoo.org/658624
    Package-Manager: Portage-2.3.40, Repoman-2.3.9

 .../files/libjpeg-turbo-1.5.3-cve-2018-11813.patch | 45 ++++++++++++++++++++++
 ...5.3-r1.ebuild => libjpeg-turbo-1.5.3-r2.ebuild} |  1 +
 2 files changed, 46 insertions(+)
Comment 4 Jason Zaman gentoo-dev 2018-08-16 11:07:11 UTC
I backported another patch and updated to -r2. Can someone check if more things in the bug need updating
Comment 5 Jason Zaman gentoo-dev 2018-08-16 12:48:14 UTC
amd64 stable
Comment 6 Mart Raudsepp gentoo-dev 2018-08-16 13:37:52 UTC
arm64 stable
Comment 7 Rolf Eike Beer 2018-08-16 20:18:00 UTC
sparc done.
Comment 8 Thomas Deutschmann gentoo-dev Security 2018-08-18 22:34:41 UTC
x86 stable
Comment 9 Sergei Trofimovich gentoo-dev 2018-08-18 22:47:50 UTC
ia64 stable
Comment 10 Sergei Trofimovich gentoo-dev 2018-08-18 22:51:03 UTC
ppc stable
Comment 11 Sergei Trofimovich gentoo-dev 2018-08-21 19:43:26 UTC
ppc64 stable
Comment 12 Markus Meier gentoo-dev 2018-08-21 20:14:27 UTC
arm stable
Comment 13 Markus Meier gentoo-dev 2018-08-21 20:21:02 UTC
not yet stabilized for arm, sorry for the noise.
Comment 14 Markus Meier gentoo-dev 2018-08-22 04:56:03 UTC
arm stable
Comment 15 Matt Turner gentoo-dev 2018-09-12 03:57:07 UTC
alpha stable. all archs stable
Comment 16 Sergei Trofimovich gentoo-dev 2018-10-06 22:31:23 UTC
hppa stable
Comment 17 Lars Wendler (Polynomial-C) gentoo-dev 2019-07-31 12:13:36 UTC
Security cleanup:

commit 1ee86697389926cb234fcac5f250cfba1fc289f5
Author: Lars Wendler <polynomial-c@gentoo.org>
Date:   Thu Feb 28 11:42:45 2019

    media-libs/libjpeg-turbo: Removed old.

    Package-Manager: Portage-2.3.62, Repoman-2.3.12
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
Comment 18 Thomas Deutschmann gentoo-dev Security 2019-07-31 23:30:33 UTC
All done, repository is clean.

GLSA Vote: No!