| Summary: | libtiff new security issue CVE-2023-6228 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Nicolas Salguero <nicolas.salguero> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, sysadmin-bugs |
| Version: | 9 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA9-64-OK | ||
| Source RPM: | libtiff-4.5.1-1.2.mga9.src.rpm | CVE: | CVE-2023-6228 |
| Status comment: | |||
|
Description
Nicolas Salguero
2024-04-30 17:26:37 CEST
Nicolas Salguero
2024-04-30 17:27:28 CEST
Whiteboard:
(none) =>
MGA9TOO Assigning back to nicolas who normally updates libtiff. Assignee:
bugsquad =>
nicolas.salguero Suggested advisory: ======================== The updated packages fix a security vulnerability: An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash. (CVE-2023-6228) References: https://lwn.net/Articles/971682/ ======================== Updated packages in core/updates_testing: ======================== lib(64)tiff6-4.5.1-1.3.mga9 lib(64)tiff-devel-4.5.1-1.3.mga9 lib(64)tiff-static-devel-4.5.1-1.3.mga9 libtiff-progs-4.5.1-1.3.mga9 from SRPM: libtiff-4.5.1-1.3.mga9.src.rpm Status comment:
Patch available from upstream =>
(none)
katnatek
2024-05-02 19:54:59 CEST
Keywords:
(none) =>
advisory No installation issues. Repeated the test from bug 32983 comment 2 with the same results. Validating. Whiteboard:
(none) =>
MGA9-64-OK An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0164.html Status:
ASSIGNED =>
RESOLVED |