FS#58393 - [libraw] arbitrary code execution (CVE-2018-10528)

Attached to Project: Arch Linux
Opened by Remi Gacogne (rgacogne) - Sunday, 29 April 2018, 15:38 GMT
Last edited by Antonio Rojas (arojas) - Thursday, 03 May 2018, 06:46 GMT
Task Type Bug Report
Category Security
Status Closed
Assigned To Antonio Rojas (arojas)
Levente Polyak (anthraxx)
Architecture All
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Summary
=======

Hi,

The package libraw is vulnerable to arbitrary code execution via CVE-2018-10528.

Guidance
========

Since a new version has not been released with the fix yet, we should probably consider backporting the patches to our package. However two patches have been issued for master ([2] and [3]) and the 0.19 (unreleased) branch ([4] and [5]) but only one for the 0.18 branch ([6]), so it might be some work to backport the second one if it is relevant to the 0.18 branch.

References
==========

[0]: https://security.archlinux.org/AVG-681
[1]: https://github.com/LibRaw/LibRaw/issues/144
[2]: https://github.com/LibRaw/LibRaw/commit/895529fc2f2eb8bc633edd6b04b5b237eb4db564
[3]: https://github.com/LibRaw/LibRaw/commit/f0c505a3e5d47989a5f69be2d0d4f250af6b1a6c
[4]: https://github.com/LibRaw/LibRaw/commit/6b08eae24034789b3543a1b66dd6af9c20230029
[5]: https://github.com/LibRaw/LibRaw/commit/6f89e5505b1759b788f15cd14d0958b262b82f97
[6]: https://github.com/LibRaw/LibRaw/commit/efd8cfabb93fd0396266a7607069901657c082e3
This task depends upon

Closed by  Antonio Rojas (arojas)
Thursday, 03 May 2018, 06:46 GMT
Reason for closing:  Fixed
Additional comments about closing:  libraw 0.18.10
Comment by Remi Gacogne (rgacogne) - Sunday, 29 April 2018, 15:59 GMT
Note that the upstream bug report actually covers two issues, CVE-2018-10528 and CVE-2018-10529. The first one can probably lead to remote code execution and is fixed by [2], [5] and [6] depending on the branch, the second one is a DoS or possibly information disclosure and is fixed by [3] and [4].

Loading...