安全公告详情

NS-SA-2019-0229

2019-12-27 14:15:31

简介

moderate: python/exiv2 security update

严重级别

moderate

主题

An update for python/exiv2 is now available for NewStart CGSL MAIN 5.05/CGSL CORE 5.05.
NewStart Security has rated this update as having a security impact of moderate. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

python: This package contains runtime libraries for use by Python: - the libpython dynamic library, for use by applications that embed Python as a scripting language, and by the main "python" executable - the Python standard library
exiv2: A command line utility to access image metadata, allowing one to: * print the Exif metadata of Jpeg images as summary info, interpreted values, or the plain data for each tag * print the Iptc metadata of Jpeg images * print the Jpeg comment of Jpeg images * set, add and delete Exif and Iptc metadata of Jpeg images * adjust the Exif timestamp (that's how it all started...) * rename Exif image files according to the Exif timestamp * extract, insert and delete Exif metadata (including thumbnails), Iptc metadata and Jpeg comments


Security Fix(es):
python: A null pointer dereference vulnerability was found in the certificate parsing code in Python. This causes a denial of service to applications when parsing specially crafted certificates. This vulnerability is unlikely to be triggered if application enables SSL/TLS certificate validation and accepts certificates only from trusted root certificate authorities.(CVE-2019-5010)
python: urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.(CVE-2019-9948)
python: An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command.(CVE-2019-9740)
python: An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue.(CVE-2019-9947)
python: Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by contructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM.(CVE-2018-14647)
python: bugfix
exiv2: An out-of-bounds read vulnerability has been discovered in IptcData::printStructure in iptc.cpp file of Exiv2 0.26. An attacker could cause a crash or an information leak by providing a crafted image.(CVE-2018-9305)
exiv2: An integer underflow, leading to heap-based out-of-bound read, was found in the way Exiv2 library prints IPTC Photo Metadata embedded in an image. By persuading a victim to open a crafted image, a remote attacker could crash the application or possibly retrieve a portion of memory.(CVE-2017-17724)
exiv2: An issue was discovered in Exiv2 v0.26. The function Exiv2::DataValue::copy in value.cpp has a NULL pointer dereference.(CVE-2018-17282)
exiv2: There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.27-RC1. A crafted input will lead to a remote denial of service attack.(CVE-2018-18915)
exiv2: ffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service.(CVE-2018-17581)
exiv2: In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader) may suffer from a denial of service (heap-based buffer over-read) caused by an integer overflow via a crafted PSD image file.(CVE-2018-19107)
exiv2: In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service (infinite loop) caused by an integer overflow via a crafted PSD image file.(CVE-2018-19108)
exiv2: In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunk_int.cpp may cause a denial of service (application crash due to a heap-based buffer over-read) via a crafted PNG file.(CVE-2018-19535)
exiv2: isoSpeed in easyaccess.cpp in Exiv2 v0.27-RC2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.(CVE-2018-19607)
exiv2: There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.(CVE-2018-20097)
exiv2: There is an infinite loop in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.(CVE-2018-20099)
exiv2: 0.26 has integer overflows in LoaderTiff::getData() in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp.(CVE-2018-12264)
exiv2: 0.26 has an integer overflow in the LoaderExifJpeg class in preview.cpp, leading to an out-of-bounds read in Exiv2::MemIo::read in basicio.cpp.(CVE-2018-12265)
exiv2: In types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal::PngChunk::zlibUncompress call.(CVE-2018-10958)
exiv2: An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp allows remote attackers to cause a denial of service (SIGABRT) by triggering an incorrect Safe::add call.(CVE-2018-10998)
exiv2: The tEXtToDataBuf function in pngimage.cpp in Exiv2 through 0.26 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.(CVE-2018-10772)
exiv2: In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial of service (image.cpp Exiv2::Internal::stringFormat out-of-bounds read) via a crafted file.(CVE-2018-8976)
exiv2: In Exiv2 0.26, the Exiv2::Internal::printCsLensFFFF function in canonmn_int.cpp allows remote attackers to cause a denial of service (invalid memory access) via a crafted file.(CVE-2018-8977)
exiv2: 0.26 has a heap-based buffer over-read in WebPImage::decodeChunks in webpimage.cpp.(CVE-2018-14046)
exiv2: In Exiv2 0.26, the Exiv2::PngImage::printStructure function in pngimage.cpp allows remote attackers to cause an information leak via a crafted file.(CVE-2018-11037)
exiv2: There is a heap-based buffer over-read in the Exiv2::tEXtToDataBuf function of pngimage.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.(CVE-2018-20096)
exiv2: There is a heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.(CVE-2018-20098)
exiv2: An issue was discovered in Exiv2 0.26. The Exiv2::Internal::PngChunk::parseTXTChunk function has a heap-based buffer over-read.(CVE-2018-10999)
exiv2: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 5.05.F7.

影响组件

  • python
  • exiv2

影响产品

  • CGSL MAIN 5.05
  • CGSL CORE 5.05

更新包

{"fix":[{"product":"CGSL MAIN 5.05","pkgs":[{"binary":["python-libs-2.7.5-86.el7.cgslv5_5.0.1.gb73d78f.x86_64.rpm","python-debug-2.7.5-86.el7.cgslv5_5.0.1.gb73d78f.x86_64.rpm","python-debuginfo-2.7.5-86.el7.cgslv5_5.0.1.gb73d78f.x86_64.rpm","python-devel-2.7.5-86.el7.cgslv5_5.0.1.gb73d78f.x86_64.rpm","python-test-2.7.5-86.el7.cgslv5_5.0.1.gb73d78f.x86_64.rpm","python-2.7.5-86.el7.cgslv5_5.0.1.gb73d78f.x86_64.rpm","python-tools-2.7.5-86.el7.cgslv5_5.0.1.gb73d78f.x86_64.rpm","tkinter-2.7.5-86.el7.cgslv5_5.0.1.gb73d78f.x86_64.rpm"],"source":"python-2.7.5-86.el7.cgslv5_5.0.1.gb73d78f.src.rpm"},{"binary":["exiv2-0.27.0-2.el7_6.x86_64.rpm","exiv2-debuginfo-0.27.0-2.el7_6.x86_64.rpm","exiv2-devel-0.27.0-2.el7_6.x86_64.rpm","exiv2-doc-0.27.0-2.el7_6.noarch.rpm","exiv2-libs-0.27.0-2.el7_6.x86_64.rpm"],"source":"exiv2-0.27.0-2.el7_6.src.rpm"}]},{"product":"CGSL CORE 5.05","pkgs":[{"binary":["python-2.7.5-86.el7.cgslv5_5.0.1.g224a68e.lite.x86_64.rpm","python-test-2.7.5-86.el7.cgslv5_5.0.1.g224a68e.lite.x86_64.rpm","python-tools-2.7.5-86.el7.cgslv5_5.0.1.g224a68e.lite.x86_64.rpm","python-libs-2.7.5-86.el7.cgslv5_5.0.1.g224a68e.lite.x86_64.rpm","tkinter-2.7.5-86.el7.cgslv5_5.0.1.g224a68e.lite.x86_64.rpm","python-debug-2.7.5-86.el7.cgslv5_5.0.1.g224a68e.lite.x86_64.rpm","python-debuginfo-2.7.5-86.el7.cgslv5_5.0.1.g224a68e.lite.x86_64.rpm","python-devel-2.7.5-86.el7.cgslv5_5.0.1.g224a68e.lite.x86_64.rpm"],"source":"python-2.7.5-86.el7.cgslv5_5.0.1.g224a68e.lite.src.rpm"},{"binary":["exiv2-0.27.0-2.el7_6.x86_64.rpm","exiv2-debuginfo-0.27.0-2.el7_6.x86_64.rpm","exiv2-devel-0.27.0-2.el7_6.x86_64.rpm","exiv2-doc-0.27.0-2.el7_6.noarch.rpm","exiv2-libs-0.27.0-2.el7_6.x86_64.rpm"],"source":"exiv2-0.27.0-2.el7_6.src.rpm"}]}]}

CVE

参考