Bug 6677

Is there a poc for this? A poc is mentioned in the RedHat Bugzilla, but I cannot find it.

CC: (none) => derekjenn

(In reply to comment #1)
> Is there a poc for this? A poc is mentioned in the RedHat Bugzilla, but I
> cannot find it.

Might be one of the ones they're talking about here:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668087

libtiff3-3.9.5-1.2.mga1 is also present in Mageia 2. Shouldn't it get updated
too?

CC: (none) => davidwhodgins

Ah.  Sorry.  My Mageia 2 system was an upgrade from Mageia 1, so it still
has libtiff3.  It isn't in the online repositories.

Should it be obsoleted in Mageia 2, or updated like Mageia 1.

(In reply to comment #4)
> Should it be obsoleted in Mageia 2, or updated like Mageia 1.

Nope.  Our library policy means you get old libraries left behind on your system when you do distro upgrades.  It's supposed to be the system administrator's responsibility to remove them.  There are reasons for it, but it is annoying I'll admit.  At least you can do urpmq --not-available to find the ones not in the repository.

Mandriva has issued an advisory for this today (July 4):
http://www.mandriva.com/en/support/security/advisories/?dis=2010.1&name=MDVSA-2012:101

I was unable to simulate any crash using any of the sample tiffs at
http://artax.karlin.mff.cuni.cz/~mikulas/debian-libtiff-bug/
so validation had to be resricted to performing sample tiff manipulations with
bmp2tiff and tiff2pdf

Validated on x86_64  mga2

Whiteboard: MGA1TOO => MGA1TOO MGA2-64-OK

Validated on i586  mga2

Validated on x86_64 mga1 (still not able to force a crash)

Whiteboard: MGA1TOO MGA2-64-OK => MGA1TOO MGA2-64-OK MGA2-32-OK MGA1-64-OK

Validated
Could someone from sysadmin please push libtiff-3.9.5-1.4.mga1.src.rpm  from mga1 core/updates/testing to core/updates

Advisory (Mageia 1):
========================

Updated libtiff packages fix security vulnerabilities:

libtiff did not properly convert between signed and unsigned integer
values, leading to a buffer overflow. An attacker could use this flaw
to create a specially-crafted TIFF file that, when opened, would cause
an application linked against libtiff to crash or, possibly, execute
arbitrary code (CVE-2012-2088).

Multiple integer overflow flaws, leading to heap-based buffer overflows,
were found in the tiff2pdf tool. An attacker could use these flaws to
create a specially-crafted TIFF file that would cause tiff2pdf to crash
or, possibly, execute arbitrary code (CVE-2012-2113).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2088
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2113
https://rhn.redhat.com/errata/RHSA-2012-1054.html

----------------------------------------------------------------

And please push libtiff-4.0.1-2.1.mga2.src.rpm from mga2 core/updates/testing to core/updates

Advisory (Mageia 2):
========================

Updated libtiff packages fix security vulnerability:

Multiple integer overflow flaws, leading to heap-based buffer overflows,
were found in the tiff2pdf tool. An attacker could use these flaws to
create a specially-crafted TIFF file that would cause tiff2pdf to crash
or, possibly, execute arbitrary code (CVE-2012-2113).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2113
https://rhn.redhat.com/errata/RHSA-2012-1054.html

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs
Whiteboard: MGA1TOO MGA2-64-OK MGA2-32-OK MGA1-64-OK => MGA1TOO MGA2-64-OK MGA2-32-OK MGA1-64-OK MGA1-32-OK

Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0137

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED