CVE-2020-0181: "In exif_data_load_data_thumbnail of exif-data.c, there is a possible denial of service due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation." CVE-2020-0198: "In exif_data_load_data_content of exif-data.c, there is a possible UBSAN abort due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation." CVE-2020-0452: "In exif_entry_get_value of exif-entry.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if a third party app used this library to process remote image data with no additional execution privileges needed. User interaction is not needed for exploitation." Fedora's patches: https://src.fedoraproject.org/rpms/libexif/c/49ff63ac9aaff59aba793760540355817e2b3987?branch=master Both CVE-2020-0181 and CVE-2020-0198 are fixed together upstream by: https://github.com/libexif/libexif/commit/ce03ad7ef4e8aeefce79192bf5b6f69fae396f0c CVE-2020-0452 is fixed by: https://github.com/libexif/libexif/commit/9266d14b5ca4e29b970fa03272318e5f99386e06.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2a59b09f96fe636adc1fa857c1fa7d52d6c6f28b commit 2a59b09f96fe636adc1fa857c1fa7d52d6c6f28b Author: Sam James <sam@gentoo.org> AuthorDate: 2020-11-15 09:24:15 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-11-15 09:24:24 +0000 media-libs/libexif: security bump to 20201105 snapshot Bug: https://bugs.gentoo.org/754681 Package-Manager: Portage-3.0.8, Repoman-3.0.2 Signed-off-by: Sam James <sam@gentoo.org> media-libs/libexif/Manifest | 1 + media-libs/libexif/libexif-0.6.22_p20201105.ebuild | 55 ++++++++++++++++++++++ 2 files changed, 56 insertions(+)
Unable to check for sanity: > no match for package: media-libs/libexif-20201105
>>> Configuring source in /tmp/portage/media-libs/libexif-0.6.22_p20201105/work/libexif-9266d14b5ca4e29b970fa03272318e5f99386e06 ... * abi_x86_32.x86: running multilib-minimal_abi_src_configure * ERROR: media-libs/libexif-0.6.22_p20201105::gentoo failed (configure phase): * no configure script found * * Call stack: * ebuild.sh, line 125: Called src_configure * environment, line 1633: Called multilib-minimal_src_configure * environment, line 1085: Called multilib_foreach_abi 'multilib-minimal_abi_src_configure' * environment, line 1338: Called multibuild_foreach_variant '_multilib_multibuild_wrapper' 'multilib-minimal_abi_src_configure' * environment, line 1015: Called _multibuild_run '_multilib_multibuild_wrapper' 'multilib-minimal_abi_src_configure' * environment, line 1013: Called _multilib_multibuild_wrapper 'multilib-minimal_abi_src_configure' * environment, line 400: Called multilib-minimal_abi_src_configure * environment, line 1079: Called multilib_src_configure *
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4487f6ef155fc063b80ca2c6fa56f02d1436d11b commit 4487f6ef155fc063b80ca2c6fa56f02d1436d11b Author: Sam James <sam@gentoo.org> AuthorDate: 2020-11-15 10:41:37 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-11-15 10:41:37 +0000 media-libs/libexif: fix multilib build Bug: https://bugs.gentoo.org/754681 Package-Manager: Portage-3.0.8, Repoman-3.0.2 Signed-off-by: Sam James <sam@gentoo.org> media-libs/libexif/libexif-0.6.22_p20201105.ebuild | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-)
(In reply to Ivan Grynko from comment #3) > >>> Configuring source in /tmp/portage/media-libs/libexif-0.6.22_p20201105/work/libexif-9266d14b5ca4e29b970fa03272318e5f99386e06 ... > * abi_x86_32.x86: running multilib-minimal_abi_src_configure > * ERROR: media-libs/libexif-0.6.22_p20201105::gentoo failed (configure > phase): > * no configure script found Thanks to both you and josef64!
amd64 done
arm64 done
arm done
This issue was resolved and addressed in GLSA 202011-19 at https://security.gentoo.org/glsa/202011-19 by GLSA coordinator Aaron Bauman (b-man).
re-opened for final arches and cleanup.
sparc done
ppc done
ppc64 stable
x86 done
hppa stable
Please cleanup.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f4b670bf10be44aa2a4108c8e0bb79662aa2421c commit f4b670bf10be44aa2a4108c8e0bb79662aa2421c Author: John Helmert III <jchelmert3@posteo.net> AuthorDate: 2020-12-27 08:51:06 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2020-12-27 09:29:03 +0000 media-libs/libexif: security cleanup (drop <0.6.22_p20201105) Bug: https://bugs.gentoo.org/754681 Package-Manager: Portage-3.0.12, Repoman-3.0.2 Signed-off-by: John Helmert III <jchelmert3@posteo.net> Closes: https://github.com/gentoo/gentoo/pull/18828 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> media-libs/libexif/Manifest | 1 - media-libs/libexif/libexif-0.6.22.ebuild | 49 -------------------------------- 2 files changed, 50 deletions(-)
Tree is clean, all done!