| Summary: | libtiff new security issues CVE-2022-0865, CVE-2022-0891, CVE-2022-090[89], CVE-2022-0924 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | andrewsfarm, davidwhodgins, nicolas.salguero, sysadmin-bugs |
| Version: | 8 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA8-64-OK | ||
| Source RPM: | libtiff-4.2.0-1.2.mga8.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2022-03-26 17:11:00 CET
David Walser
2022-03-26 17:11:21 CET
Status comment:
(none) =>
Patches available from upstream and Debian Suggested advisory: ======================== The updated packages fix security vulnerabilities: Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. (CVE-2022-0865) A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact. (CVE-2022-0891) Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file. (CVE-2022-0908) Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. (CVE-2022-0909) Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. (CVE-2022-0924) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924 https://www.debian.org/security/2022/dsa-5108 ======================== Updated packages in core/updates_testing: ======================== lib(64)tiff5-4.2.0-1.3.mga8 lib(64)tiff-devel-4.2.0-1.3.mga8 lib(64)tiff-static-devel-4.2.0-1.3.mga8 libtiff-progs-4.2.0-1.3.mga8 from SRPM: libtiff-4.2.0-1.3.mga8.src.rpm Whiteboard:
MGA8TOO =>
(none)
Nicolas Salguero
2022-03-26 22:04:01 CET
Source RPM:
libtiff-4.3.0-3.mga9.src.rpm =>
libtiff-4.2.0-1.2.mga8.src.rpm i5-2500, Intel graphics, MGA8-64 Plasma system. No installation issues. It just so happens that I just finished testing a graphicsmagick update, and urpmq indicates that uses lib64tiff5, so I used some of the commands found on https://wiki.mageia.org/en/QA_procedure:GraphicsMagick to test this. I was able to convert a jpg image to tiff, though it complained about a "tag" being illegal for the codec. (normal. that happened with another image when testing graphicsmagick with the old lib64tiff5) I was able to display the image, flip it, and convert it to a png. All looks OK. Validating. Advisory in Comment 1. CC:
(none) =>
andrewsfarm, sysadmin-bugs
Dave Hodgins
2022-03-28 16:00:30 CEST
Keywords:
(none) =>
advisory An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0119.html Resolution:
(none) =>
FIXED This update also fixed CVE-2022-1056, according to: https://bugs.mageia.org/show_bug.cgi?id=30440#c1 |