Back to bug 30108
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| luigiwalser | 2022-03-02 20:52:25 CET | Status comment | Patches available from Fedora | |
| CC | nicolas.salguero | |||
| Whiteboard | MGA8TOO | |||
| nicolas.salguero | 2022-03-02 21:42:05 CET | Assignee | bugsquad | qa-bugs |
| Status comment | Patches available from Fedora | |||
| Status | NEW | ASSIGNED | ||
| Version | Cauldron | 8 | ||
| Source RPM | libtiff-4.3.0-2.mga9.src.rpm | libtiff-4.2.0-1.1.mga8.src.rpm | ||
| Whiteboard | MGA8TOO | |||
| CVE | CVE-2022-0561, CVE-2022-0562 | |||
| tarazed25 | 2022-03-03 12:35:59 CET | Whiteboard | , .... 29976. No regressions noted but the tifftopnm command has disappeared; likewise pnmtotiff. $ tiff2pdf boats.tif > boats.pdf $ strace -o boats.trace okular boats.pdf $ grep libtiff boats.trace openat(AT_FDCWD, "/lib64/libtiff.so.5" | |
| CC | tarazed25 | |||
| Whiteboard | , O_RDONLY|O_CLOEXEC) = 20 This looks fine but it is bound to come back again., with tiffgt to display TIFF images and ImageMagick otherwise. See bugs 22799 a particular ASAN framework. This confirms an earlier thought that there is little point in QA running pocs, which so often these days need to be tested in a similar environment to the one which exposed the vulnerabilities. Ran the usual image tests, calculating from imagelength. EstimateStripByteCounts: Cannot determine size of unknown tag type 10825. Ran the test after updating the four packages and saw the same result. Cannot read much into that though because the PoC is meant to be run within, Sum of Photometric type-related color channels and ExtraSamples doesn't match SamplesPerPixel. Defining non-color channels as ExtraSamples.. TIFFReadDirectory: Warning, TIFF directory is missing required "StripByteCounts" field, Incorrect count for "PhotometricInterpretation"; tag ignored. TIFFFetchNormalTag: Warning, Incorrect value for "DateTime"; tag ignored. TIFFReadDirectory: Warning, Invalid TIFF directory; tags are not sorted in ascending order. TIFFReadDirectory: Warning, Unknown field with tag 18770 (0x4952) encountered. TIFFFetchNormalTag: Warning mga8, x64 Before updating: Same PoC for both CVEs. CVE-2022-056{1,2} https://gitlab.com/libtiff/libtiff/-/issues/362 $ tiffinfo -f lsb2msb -Dcdjrsz crash.tif TIFFReadDirectoryCheckOrder: Warning | |||
| tarazed25 | 2022-03-03 12:41:16 CET | Whiteboard | , O_RDONLY|O_CLOEXEC) = 20 This looks fine but it is bound to come back again., Incorrect count for "PhotometricInterpretation"; tag ignored. TIFFFetchNormalTag: Warning, Incorrect value for "DateTime"; tag ignored. TIFFReadDirectory: Warning, Invalid TIFF directory; tags are not sorted in ascending order. TIFFReadDirectory: Warning, Unknown field with tag 18770 (0x4952) encountered. TIFFFetchNormalTag: Warning mga8, x64 Before updating: Same PoC for both CVEs. CVE-2022-056{1,2} https://gitlab.com/libtiff/libtiff/-/issues/362 $ tiffinfo -f lsb2msb -Dcdjrsz crash.tif TIFFReadDirectoryCheckOrder: Warning a particular ASAN framework. This confirms an earlier thought that there is little point in QA running pocs, which so often these days need to be tested in a similar environment to the one which exposed the vulnerabilities. Ran the usual image tests, with tiffgt to display TIFF images and ImageMagick otherwise. See bugs 22799, .... 29976. No regressions noted but the tifftopnm command has disappeared; likewise pnmtotiff. $ tiff2pdf boats.tif > boats.pdf $ strace -o boats.trace okular boats.pdf $ grep libtiff boats.trace openat(AT_FDCWD, "/lib64/libtiff.so.5", calculating from imagelength. EstimateStripByteCounts: Cannot determine size of unknown tag type 10825. Ran the test after updating the four packages and saw the same result. Cannot read much into that though because the PoC is meant to be run within, Sum of Photometric type-related color channels and ExtraSamples doesn't match SamplesPerPixel. Defining non-color channels as ExtraSamples.. TIFFReadDirectory: Warning, TIFF directory is missing required "StripByteCounts" field | MGA8-64-OK |
| andrewsfarm | 2022-03-03 21:35:33 CET | CC | andrewsfarm, sysadmin-bugs | |
| Keywords | validated_update | |||
| davidwhodgins | 2022-03-06 01:58:19 CET | CC | davidwhodgins | |
| Keywords | advisory | |||
| bot | 2022-03-06 11:41:32 CET | Resolution | --- | FIXED |
| Status | ASSIGNED | RESOLVED |
Back to bug 30108