| Summary: | libtiff security update CVE-2019-17546 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Zombie Ryushu <zombie.ryushu> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, luigiwalser, nicolas.salguero, sysadmin-bugs, tarazed25, tmb |
| Version: | 7 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://linuxsecurity.com/advisories/deblts/debian-lts-dla-2009-1-tiff-security-update-17-24-54 | ||
| Whiteboard: | MGA7-64-OK | ||
| Source RPM: | libtiff-4.0.10-6.git20190508.1.mga7.src.rpm | CVE: | CVE-2019-17546 |
| Status comment: | |||
|
Description
Zombie Ryushu
2019-11-28 13:48:04 CET
Jani Välimaa
2019-11-28 15:38:32 CET
QA Contact:
(none) =>
security Hi, CVE-2017-17095 was fixed in bug 22120. CVE-2018-12900 was fixed in bug 24053. CVE-2018-18661 was fixed in bug 23788. CVE-2019-6128 was fixed in bug 24343. CVE-2019-17546 is not fixed already. Best regards, Nico. Source RPM:
libtiff =>
libtiff-4.0.10-6.git20190508.1.mga7.src.rpm Suggested advisory: ======================== The updated packages fix a security vulnerability: tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition. (CVE-2019-17546) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17546 https://linuxsecurity.com/advisories/deblts/debian-lts-dla-2009-1-tiff-security-update-17-24-54 ======================== Updated packages in core/updates_testing: ======================== libtiff-progs-4.1.0-2.git20191120.1.mga7 lib(64)tiff5-4.1.0-2.git20191120.1.mga7 lib(64)tiff-devel-4.1.0-2.git20191120.1.mga7 lib(64)tiff-static-devel-4.1.0-2.git20191120.1.mga7 from SRPMS: libtiff-4.1.0-2.git20191120.1.mga7.src.rpm Assignee:
nicolas.salguero =>
qa-bugs Just changing to the actual advisory link in the references. Suggested advisory: ======================== The updated packages fix a security vulnerability: tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition (CVE-2019-17546). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17546 https://www.debian.org/lts/security/2019/dla-2009 Mageia7, x86_64 CVE-2019-17456 The clusterfuzz testcase referred to https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16443 cannot be used because it requires a testing framework to be set up locally. Outside QA's remit. List of tools, excluding fax: pal2rgb ppm2tiff raw2tiff rgb2cbcr thumbnail tiff2bw tiff2pdf tiff2ps tiff2rgba tiffcmp tiffcp tiffcrop tiffdither tiffdump tiffinfo tiffmedian tiffset tiffsplit $ ppm2tiff ikapati.ppm ikapati.tif $ tiffgt ikapati.tif Displays the converted image. $ tiff2bw anna.tiff AnnaPopplewell_grey.tif $ tiffdither -r 4 -c packbits -t 64 jessica_grey.tif jessica_dither.tif $ tiffmedian -r 4 -C 128 -f TatianaMaslany.tif Tatiana.tif $ tiffgt Tatiana.tif Leads to a few patches of grey on a coloured image. 8 rows with 256 colours gives slightly better results. $ tiffcp glenshiel.tiff scottishglen.tif $ tiffcp glenshiel.tiff scottishglen.tif _TIFFVGetField: scottishglen.tif: Invalid tag "Predictor" (not supported by codec). _TIFFVGetField: scottishglen.tif: Invalid tag "BadFaxLines" (not supported by codec). _TIFFVGetField: scottishglen.tif: Invalid tag "Predictor" (not supported by codec). _TIFFVGetField: scottishglen.tif: Invalid tag "BadFaxLines" (not supported by codec). $ tiffcmp glenshiel.tif scottishglen.tif Compression: 8 7 $ ppm2tiff jessica.ppm jess.tif $ tiffgt jess.tif $ tiffdump SantaMaria.tif > dump.txt $ less dump.txt SantaMaria.tif: Magic: 0x4949 <little-endian> Version: 0x2a <ClassicTIFF> Directory 0: offset 1971016 (0x1e1348) next 0 (0) ImageWidth (256) SHORT (3) 1<1638> ImageLength (257) SHORT (3) 1<1410> BitsPerSample (258) SHORT (3) 3<8 8 8> [...] YResolution (283) RATIONAL (5) 1<495.063> PlanarConfig (284) SHORT (3) 1<1> ResolutionUnit (296) SHORT (3) 1<2> PageNumber (297) SHORT (3) 2<0 1> Predictor (317) SHORT (3) 1<2> Whitepoint (318) RATIONAL (5) 2<0.3127 0.329> PrimaryChromaticities (319) RATIONAL (5) 6<0.64 0.33 0.3 0.6 0.15 0.06> BadFaxLines (326) LONG (4) 1<2707030018> $ tiff2ps -O macbeth.ps macbethcolourscan.tif lcl@difda:images $ gs macbeth.ps GPL Ghostscript 9.27 (2019-04-04) ..... <displayed colour chart OK> $ tiff2pdf -o crater.pdf SantaMaria.tif That showed fine in okular. This should be enough to show that everything is working. The success of tiffgt is to be noted in comparison with earlier bug tests. Whiteboard:
(none) =>
MGA7-64-OK Thanks, Len. Validating. Corrected advisory in Comment 3. CC:
(none) =>
andrewsfarm, sysadmin-bugs
Thomas Backlund
2019-12-06 14:24:20 CET
Keywords:
(none) =>
advisory An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0366.html Status:
ASSIGNED =>
RESOLVED This update also fixed CVE-2019-14973: http://lists.suse.com/pipermail/sle-security-updates/2019-November/006177.html (In reply to David Walser from comment #8) > This update also fixed CVE-2019-14973: > http://lists.suse.com/pipermail/sle-security-updates/2019-November/006177. > html Another reference: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ADNPG7JJTRRK22GUVTAFH3GJ6WGKUZJB/ This update also fixed CVE-2020-19131, CVE-2020-19144: https://www.debian.org/lts/security/2021/dla-2777 |