Bug 24393

Summary: libtiff new security issue CVE-2019-7663
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: critical    
Priority: Normal CC: davidwhodgins, herman.viaene, sysadmin-bugs
Version: 6Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA6-32-OK
Source RPM: libtiff-4.0.10-1.git20190202.1.mga6.src.rpm CVE: CVE-2019-7663
Status comment:

Comment 1 Nicolas Salguero 2019-02-21 09:24:06 CET 
Suggested advisory:
========================

The updated packages fix security vulnerabilities:

An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted tiff file. This is different from CVE-2018-12900. (CVE-2019-7663)

The invertImage() function in tiffcrop.c:9206 allows remote attackers to cause a denial of service (heap buffer overflow) via invert color space.

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7663
http://bugzilla.maptools.org/show_bug.cgi?id=2831
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QLLVSXFUKP2QSOFI6RRTYD737HBS7UGT/
========================

Updated packages in core/updates_testing:
========================
libtiff-progs-4.0.10-1.git20190219.1.mga6
lib(64)tiff5-4.0.10-1.git20190219.1.mga6
lib(64)tiff-devel-4.0.10-1.git20190219.1.mga6
lib(64)tiff-static-devel-4.0.10-1.git20190219.1.mga6

from SRPMS:
libtiff-4.0.10-1.git20190219.1.mga6.src.rpm

Severity: major => critical
Status: NEW => ASSIGNED
CVE: (none) => CVE-2019-7663
Assignee: nicolas.salguero => qa-bugs

Comment 2 Herman Viaene 2019-02-21 17:57:59 CET 
MGA6-32 MATE on IBM Thinkpad R50e
No installation issues.
Tried some commands as per bug 24053 Comment 10 with a set of own tif files of different origins (digital camera or scanner or converted from jpg wih GIMP.
$ tiff2bw 001.tif 001bw.tif
001.tif: Bad samples/pixel 4.
Same as in previous update.
$ tiff2pdf -o 001tif.pdf 001.tif
produces a file with a picture with a quite distinct pinkish cast, but otherwise views OK in atril.
$ tiffdither gray1.tif gray1dit.tif
produces a heavily dithered image. Seems OK.
$ tiffgt rietkleur004.tif 
displays the picture decently.
$ tiffinfo rietkleur004.tif 
TIFFReadDirectory: Warning, Sum of Photometric type-related color channels and ExtraSamples doesn't match SamplesPerPixel. Defining non-color channels as ExtraSamples..
TIFF Directory at offset 0x1a51b08 (27597576)
  Image Width: 2144 Image Length: 3218
  Bits/Sample: 8
  Compression Scheme: None
  Photometric Interpretation: RGB color
  Samples/Pixel: 4
  Planar Configuration: single image plane
Seems OK$ tiffmedian rietkleur007.tif riklmed007.tif
TIFFReadDirectory: Warning, Sum of Photometric type-related color channels and ExtraSamples doesn't match SamplesPerPixel. Defining non-color channels as ExtraSamples..
produces an akward color picture with only a few week but quite different colors. I guess that's what I asked for.

Seems good to go.

CC: (none) => herman.viaene
Whiteboard: (none) => MGA6-32-OK

Dave Hodgins 2019-02-21 20:42:55 CET

Keywords: (none) => advisory, validated_update
CC: (none) => davidwhodgins, sysadmin-bugs

Comment 3 Mageia Robot 2019-02-22 01:36:53 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2019-0101.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED