[Bug 1144354] New: VUL-1: CVE-2019-1010302: jhead: incorrect access control in iptc.c Line 122 show_IPTC() causing denial of service
http://bugzilla.suse.com/show_bug.cgi?id=1144354 Bug ID: 1144354 Summary: VUL-1: CVE-2019-1010302: jhead: incorrect access control in iptc.c Line 122 show_IPTC() causing denial of service Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.0 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: sbrabec@suse.com Reporter: atoptsoglou@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- CVE-2019-1010302 jhead 3.03 is affected by: Incorrect Access Control. The impact is: Denial of service. The component is: iptc.c Line 122 show_IPTC(). The attack vector is: the victim must open a specially crafted JPEG file. References http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010302 https://bugzilla.redhat.com/show_bug.cgi?id=1679978 https://bugzilla.redhat.com/show_bug.cgi?id=1735703 http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-1010302.html -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1144354 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P4 - Low -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1144354 Alexandros Toptsoglou <atoptsoglou@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Version|Leap 15.0 |Leap 15.1 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1144354 https://bugzilla.suse.com/show_bug.cgi?id=1144354#c1 Petr Gajdos <pgajdos@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |pgajdos@suse.com --- Comment #1 from Petr Gajdos <pgajdos@suse.com> --- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010302 https://bugzilla.redhat.com/show_bug.cgi?id=1679978 https://lists.debian.org/debian-lts-announce/2019/12/msg00037.html https://salsa.debian.org/debian/jhead/commit/a2727e82c2a8c5a51a1a7f2a90380b3... It is fixed in TW/jhead-3.06.0.1. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1144354 https://bugzilla.suse.com/show_bug.cgi?id=1144354#c2 --- Comment #2 from Petr Gajdos <pgajdos@suse.com> --- Fixed in 15.2 by version update to 3.06.0.1 . Let me know whether a submission in Backports is needed. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1144354 https://bugzilla.suse.com/show_bug.cgi?id=1144354#c3 Petr Gajdos <pgajdos@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|sbrabec@suse.com |security-team@suse.de --- Comment #3 from Petr Gajdos <pgajdos@suse.com> --- Submitted into 15.2/jhead. I believe all fixed. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1144354 https://bugzilla.suse.com/show_bug.cgi?id=1144354#c5 --- Comment #5 from Swamp Workflow Management <swamp@suse.de> --- openSUSE-SU-2021:0743-1: An update that fixes 9 vulnerabilities is now available. Category: security (moderate) Bug References: 1144316,1144354,1160544,1160547 CVE References: CVE-2016-3822,CVE-2018-16554,CVE-2018-17088,CVE-2018-6612,CVE-2019-1010301,CVE-2019-1010302,CVE-2020-6624,CVE-2020-6625,CVE-2021-3496 JIRA References: Sources used: openSUSE Leap 15.2 (src): jhead-3.06.0.1-lp152.7.6.1 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1144354 https://bugzilla.suse.com/show_bug.cgi?id=1144354#c6 --- Comment #6 from Swamp Workflow Management <swamp@suse.de> --- openSUSE-SU-2021:0752-1: An update that fixes 9 vulnerabilities is now available. Category: security (moderate) Bug References: 1144316,1144354,1160544,1160547 CVE References: CVE-2016-3822,CVE-2018-16554,CVE-2018-17088,CVE-2018-6612,CVE-2019-1010301,CVE-2019-1010302,CVE-2020-6624,CVE-2020-6625,CVE-2021-3496 JIRA References: Sources used: openSUSE Backports SLE-15-SP2 (src): jhead-3.06.0.1-bp152.4.6.1 -- You are receiving this mail because: You are on the CC list for the bug.
participants (2)
-
bugzilla_noreply@novell.com -
bugzilla_noreply@suse.com