| Summary: | libtiff new security issues CVE-2022-2519, CVE-2022-252[01], CVE-2022-2953, CVE-2022-3570, and CVE-2022-3598 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | andrewsfarm, davidwhodgins, nicolas.salguero, sysadmin-bugs, tarazed25 |
| Version: | 8 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA8-64-OK | ||
| Source RPM: | libtiff-4.2.0-1.8.mga8.src.rpm | CVE: | |
| Status comment: | |||
| Bug Depends on: | |||
| Bug Blocks: | 31091 | ||
|
Description
David Walser
2022-10-21 19:49:55 CEST
David Walser
2022-10-21 19:50:13 CEST
Status comment:
(none) =>
Patches available from upstream and openSUSE This SRPM is NicolasS's baby, so assigning to you. Assignee:
bugsquad =>
nicolas.salguero Ubuntu has issued an advisory on October 27: https://ubuntu.com/security/notices/USN-5705-1 It fixes two new issues. Mageia 8 is also affected. Summary:
libtiff new security issues CVE-2022-2519 and CVE-2022-252[01] =>
libtiff new security issues CVE-2022-2519, CVE-2022-252[01], CVE-2022-3570, and CVE-2022-3598 For Cauldron, the issues are fixed. Whiteboard:
MGA8TOO =>
(none) For Mageia 8, I added the patch from openSUSE for CVE-2022-2519, CVE-2022-252[01]. Suggested advisory: ======================== The updated packages fix security vulnerabilities: There is a double free or corruption in rotateImage() at tiffcrop.c:8839 found in libtiff 4.4.0rc1. (CVE-2022-2519) A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage() at tiffcrop.c:8621 that can cause program crash when reading a crafted input. (CVE-2022-2520) It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose() at tif_close.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while processing crafted input. (CVE-2022-2521) Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact. (CVE-2022-3570) LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604, allowing attackers to cause a denial-of-service via a crafted tiff file. (CVE-2022-3598) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/J7SXFRT2D5U4KU46YFMYHBVPQ56UKZ3V/ https://ubuntu.com/security/notices/USN-5705-1 ======================== Updated packages in core/updates_testing: ======================== lib(64)tiff5-4.2.0-1.9.mga8 lib(64)tiff-devel-4.2.0-1.9.mga8 lib(64)tiff-static-devel-4.2.0-1.9.mga8 libtiff-progs-4.2.0-1.9.mga8 from SRPM: libtiff-4.2.0-1.9.mga8.src.rpm Status:
NEW =>
ASSIGNED mga8, x64 - Looking into this. CC:
(none) =>
tarazed25 Tried some of the tools then updated via qarepo. Skipped the PoC because they reqired the use of gdb and libtiff-debuginfo... Checked the operation of the tools as in bug 29976 and noticed no regressions. Ran a trace on atril. It could import a TIFF image ad manipulate it and save it but used a backend for that without mentioning libtiff. There is a long list of whatrequires... Chose momacs to invert the image (like a negative) and double the size in both coordinates. Saved it as a TIFF image with LZW compression. $ strace nomacs.trace nomacs MartianCrater.tif $ grep lib nomacs.trace | grep tiff openat(AT_FDCWD, "/lib64/libtiff.so.5", O_RDONLY|O_CLOEXEC) = 3 ..... read(49, "lib64tiff5-4.2.0-1.9.mga8\nlib64t"..., 16384) = 124 read(49, "lib64tiff5\nlib64tiff-devel\nlib64"..., 16384) = 64 $ tiffgt SantaMaria_doubled.tif Displayed properly in negative colours. Giving this an OK on the basis of these tests and no regressions. Whiteboard:
(none) =>
MGA8-64-OK Validating. Advisory in Comment 5. Keywords:
(none) =>
validated_update
David Walser
2022-11-08 14:00:34 CET
Blocks:
(none) =>
31091
Dave Hodgins
2022-11-08 15:31:18 CET
Keywords:
(none) =>
advisory An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0410.html Status:
ASSIGNED =>
RESOLVED CVE-2022-2953 was also fixed by the patch for CVE-2022-2519, CVE-2022-252[01]. Summary:
libtiff new security issues CVE-2022-2519, CVE-2022-252[01], CVE-2022-3570, and CVE-2022-3598 =>
libtiff new security issues CVE-2022-2519, CVE-2022-252[01], CVE-2022-2953, CVE-2022-3570, and CVE-2022-3598 CVE-2023-30775 was fixed by the patch for CVE-2022-3570 and CVE-2022-3598, says Nicolas. |