[Bug 1144316] New: VUL-1: CVE-2019-1010301: jhead: Stack buffer overflow in gpsinfo.c when running jhead
http://bugzilla.suse.com/show_bug.cgi?id=1144316 Bug ID: 1144316 Summary: VUL-1: CVE-2019-1010301: jhead: Stack buffer overflow in gpsinfo.c when running jhead Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.0 Hardware: Other OS: Other Status: NEW Severity: Minor Priority: P5 - None Component: Security Assignee: sbrabec@suse.com Reporter: atoptsoglou@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- CVE-2019-1010301 jhead 3.03 is affected by: Buffer Overflow. The impact is: Denial of service. The component is: gpsinfo.c Line 151 ProcessGpsInfo(). The attack vector is: Open a specially crafted JPEG file. References https://bugzilla.redhat.com/show_bug.cgi?id=1679952 https://nvd.nist.gov/vuln/detail/CVE-2019-1010301 http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-1010301.html -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1144316 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P4 - Low -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1144316 Alexandros Toptsoglou <atoptsoglou@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Version|Leap 15.0 |Leap 15.1 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1144316 https://bugzilla.suse.com/show_bug.cgi?id=1144316#c1 Petr Gajdos <pgajdos@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |pgajdos@suse.com --- Comment #1 from Petr Gajdos <pgajdos@suse.com> --- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010301 https://bugzilla.redhat.com/show_bug.cgi?id=167995 https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1838251 https://salsa.debian.org/debian/jhead/commit/bf330c777cc911b9f8509ffec745895... It is fixed in TW/jhead-3.06.0.1. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1144316 https://bugzilla.suse.com/show_bug.cgi?id=1144316#c2 --- Comment #2 from Petr Gajdos <pgajdos@suse.com> --- Fixed in 15.2 by version update to 3.06.0.1 . Let me know whether a submission in Backports is needed. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1144316 https://bugzilla.suse.com/show_bug.cgi?id=1144316#c3 Petr Gajdos <pgajdos@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|sbrabec@suse.com |security-team@suse.de --- Comment #3 from Petr Gajdos <pgajdos@suse.com> --- Submitted into 15.2/jhead. I believe all fixed. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1144316 https://bugzilla.suse.com/show_bug.cgi?id=1144316#c5 --- Comment #5 from Swamp Workflow Management <swamp@suse.de> --- openSUSE-SU-2021:0743-1: An update that fixes 9 vulnerabilities is now available. Category: security (moderate) Bug References: 1144316,1144354,1160544,1160547 CVE References: CVE-2016-3822,CVE-2018-16554,CVE-2018-17088,CVE-2018-6612,CVE-2019-1010301,CVE-2019-1010302,CVE-2020-6624,CVE-2020-6625,CVE-2021-3496 JIRA References: Sources used: openSUSE Leap 15.2 (src): jhead-3.06.0.1-lp152.7.6.1 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1144316 https://bugzilla.suse.com/show_bug.cgi?id=1144316#c6 --- Comment #6 from Swamp Workflow Management <swamp@suse.de> --- openSUSE-SU-2021:0752-1: An update that fixes 9 vulnerabilities is now available. Category: security (moderate) Bug References: 1144316,1144354,1160544,1160547 CVE References: CVE-2016-3822,CVE-2018-16554,CVE-2018-17088,CVE-2018-6612,CVE-2019-1010301,CVE-2019-1010302,CVE-2020-6624,CVE-2020-6625,CVE-2021-3496 JIRA References: Sources used: openSUSE Backports SLE-15-SP2 (src): jhead-3.06.0.1-bp152.4.6.1 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1144316 https://bugzilla.suse.com/show_bug.cgi?id=1144316#c7 Kristyna Streitova <kstreitova@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED CC| |kstreitova@suse.com Resolution|--- |FIXED --- Comment #7 from Kristyna Streitova <kstreitova@suse.com> --- Backports received the update from Leap 15.2. All is fixed so closing. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1144316 https://bugzilla.suse.com/show_bug.cgi?id=1144316#c8 Kristyna Streitova <kstreitova@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|FIXED |--- --- Comment #8 from Kristyna Streitova <kstreitova@suse.com> --- Reassigning to the security team -- You are receiving this mail because: You are on the CC list for the bug.
participants (2)
-
bugzilla_noreply@novell.com -
bugzilla_noreply@suse.com