Bug 1853478
Summary: | CVE-2020-15503 LibRaw: lack of thumbnail size range check can lead to buffer overflow [fedora-all] | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Guilherme de Almeida Suckevicz <gsuckevi> |
Component: | LibRaw | Assignee: | Gwyn Ciesla <gwync> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 32 | CC: | debarshir, dingyichen, gwync, hobbes1069, siddharth.kde, siddhesh |
Target Milestone: | --- | Keywords: | Reopened, Security, SecurityTracking |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | LibRaw-0.19.5-3.fc32 LibRaw-0.19.5-3.fc31 LibRaw-0.19.5-4.fc32 LibRaw-0.19.5-4.fc31 | Doc Type: | No Doc Update |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2020-08-18 01:10:15 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1853477 |
Description
Guilherme de Almeida Suckevicz
2020-07-02 18:57:28 UTC
Use the following template to for the 'fedpkg update' request to submit an update for this issue as it contains the top-level parent bug(s) as well as this tracking bug. This will ensure that all associated bugs get updated when new packages are pushed to stable. ===== # bugfix, security, enhancement, newpackage (required) type=security # low, medium, high, urgent (required) severity=medium # testing, stable request=testing # Bug numbers: 1234,9876 bugs=1853477,1853478 # Description of your update notes=Security fix for [PUT CVEs HERE] # Enable request automation based on the stable/unstable karma thresholds autokarma=True stable_karma=3 unstable_karma=-3 # Automatically close bugs when this marked as stable close_bugs=True # Suggest that users restart after update suggest_reboot=False ====== Additionally, you may opt to use the bodhi web interface to submit updates: https://bodhi.fedoraproject.org/updates/new Fixed in Rawhide, does not apply to <=f32 Does apply to f32 and f31. FEDORA-2020-f421eea477 has been submitted as an update to Fedora 32. https://bodhi.fedoraproject.org/updates/FEDORA-2020-f421eea477 FEDORA-2020-f407db0e65 has been pushed to the Fedora 31 testing repository. In short time you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-f407db0e65` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-f407db0e65 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-2020-f421eea477 has been pushed to the Fedora 32 testing repository. In short time you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-f421eea477` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-f421eea477 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-2020-f421eea477 has been pushed to the Fedora 32 stable repository. If problem still persists, please make note of it in this bug report. FEDORA-2020-f407db0e65 has been pushed to the Fedora 31 stable repository. If problem still persists, please make note of it in this bug report. Reopening. The patch was included, but didn't actually get applied. FEDORA-2020-ed284fd64b has been submitted as an update to Fedora 32. https://bodhi.fedoraproject.org/updates/FEDORA-2020-ed284fd64b FEDORA-2020-c6fa12cfb1 has been submitted as an update to Fedora 31. https://bodhi.fedoraproject.org/updates/FEDORA-2020-c6fa12cfb1 FEDORA-2020-c6fa12cfb1 has been pushed to the Fedora 31 testing repository. In short time you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-c6fa12cfb1` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-c6fa12cfb1 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-2020-ed284fd64b has been pushed to the Fedora 32 testing repository. In short time you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-ed284fd64b` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-ed284fd64b See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-2020-ed284fd64b has been pushed to the Fedora 32 stable repository. If problem still persists, please make note of it in this bug report. FEDORA-2020-c6fa12cfb1 has been pushed to the Fedora 31 stable repository. If problem still persists, please make note of it in this bug report. |