Bug 30716

Summary: libtiff new security issue CVE-2022-34526
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: andrewsfarm, davidwhodgins, mageia, sysadmin-bugs, tarazed25
Version: 8Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA8-64-OK
Source RPM: libtiff-4.4.0-2.mga9.src.rpm CVE:
Status comment:

Description David Walser 2022-08-06 15:35:39 CEST 
Fedora has issued an advisory today (August 6):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FC6LWPAEKYJ57LSHX4SBFMLRMLOZTHIJ/

Mageia 8 is also affected.
David Walser 2022-08-06 15:35:52 CEST

Whiteboard: (none) => MGA8TOO
Status comment: (none) => Patch available from Fedora

Comment 1 Nicolas Lécureuil 2022-08-08 13:39:51 CEST 
fixed in mga8/9

src:
    libtiff-4.2.0-1.7.mga8

Assignee: nicolas.salguero => qa-bugs
Whiteboard: MGA8TOO => (none)
Version: Cauldron => 8
Status comment: Patch available from Fedora => (none)
CC: (none) => mageia

Comment 2 David Walser 2022-08-08 15:53:18 CEST 
libtiff-devel-4.2.0-1.7.mga8
libtiff-static-devel-4.2.0-1.7.mga8
libtiff-progs-4.2.0-1.7.mga8
libtiff5-4.2.0-1.7.mga8

from libtiff-4.2.0-1.7.mga8.src.rpm
Comment 3 Len Lawrence 2022-08-11 19:08:51 CEST 
mga8, x64
Clean update.
Referred to bug 30228 for testing.
Played about with a TIFF image in darktable under strace and verified that libtiff5 was being accessed.
$ grep tiff darktable.trace | grep libopenat(AT_FDCWD, "/lib64/libtiff.so.5", O_RDONLY|O_CLOEXEC) = 3
stat("/usr/lib64/darktable/plugins/imageio/format/libtiff.so", {st_mode=S_IFREG|0755, st_size=28056, ...}) = 0
openat(AT_FDCWD, "/usr/lib64/darktable/plugins/imageio/format/libtiff.so", O_RDONLY|O_CLOEXEC) = 27
....

okular displays TIFF format files fine.

Tried conversion from a RAW image as in an earlier test.
$ raw2tiff -w 2864 'KODAK C603 C643 Format 420 CCDI0001.RAW' test_update.tiff
Image height is not specified.
Height is guessed as 2152.
$ tiffgt test_update.tiff
This displayed a greyscale image overlaid with a check pattern as before.  Note that rawtherapee displays a coloured image.
Tried some of the tools:
tiffgt works properly with several TIFF images.
$ tiffdump PIA20966.tif > tiffdump
$ less tiffdump
PIA20966.tif:
Magic: 0x4949 <little-endian> Version: 0x2a <ClassicTIFF>
Directory 0: offset 1048584 (0x100008) next 0 (0)
ImageWidth (256) SHORT (3) 1<1024>
ImageLength (257) SHORT (3) 1<1024>
BitsPerSample (258) SHORT (3) 1<8>
C.....

$ tiffsplit greycombo.tif split
$ ls split*
splitaaa.tif  splitaab.tif  splitaac.tif  splitaad.tif

The individual images looked exactly the same as the original single frames.
$ tifftopnm lena_color.tiff > lena.pnm
tifftopnm: writing PPM file
$ tiffcrop -E top -U px -m 100,100,100,100 SantaMaria.tif cropped.tif
_TIFFVGetField: cropped.tif: Invalid tag "BadFaxLines" (not supported by codec).
_TIFFVGetField: cropped.tif: Invalid tag "BadFaxLines" (not supported by codec).

No regression.
$ tiffgt cropped.tif
displayed the new image, the original with a 100-pixels-width border missing.
Tried a few other utilities, using ImageMagick to display non-tiff files.
No regressions, so this is OK.

Whiteboard: (none) => MGA8-64-OK
CC: (none) => tarazed25

Comment 4 Thomas Andrews 2022-08-12 02:38:58 CEST 
Validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Dave Hodgins 2022-08-12 22:08:31 CEST

CC: (none) => davidwhodgins
Keywords: (none) => advisory

Comment 5 Mageia Robot 2022-08-13 04:33:48 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0284.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED