Bug 9970

Summary: libtiff new security issues CVE-2013-1960 and CVE-2013-1961
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: oe, sysadmin-bugs, tmb
Version: 2Keywords: validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
Whiteboard: has_procedure mga2-64-ok mga2-32-ok
Source RPM: libtiff-4.0.1-2.5.mga2.src.rpm CVE:
Status comment:

Description David Walser 2013-05-03 18:55:29 CEST 
Two security issues in libtiff have been assigned CVEs:
http://openwall.com/lists/oss-security/2013/05/02/4

Patched packages uploaded for Mageia 2 and Cauldron.

Patches added in Mageia 1 SVN.

Advisory:
========================

Updated libtiff packages fix security vulnerabilities:

A heap-based buffer overflow flaw was found in the way tiff2pdf of libtiff
performed write of TIFF image content into particular PDF document file, in
the tp_process_jpeg_strip() function. A remote attacker could provide a
specially-crafted TIFF image format file, that when processed by tiff2pdf
would lead to tiff2pdf executable crash or, potentially, arbitrary code
execution with the privileges of the user running the tiff2pdf binary
(CVE-2013-1960).

A stack-based buffer overflow was found in the way tiff2pdf of libtiff
performed write of TIFF image content into particular PDF document file, when
malformed image-length and resolution values are used in the TIFF file. A
remote attacker could provide a specially-crafted TIFF image format file,
that when processed by tiff2pdf would lead to tiff2pdf executable crash
(CVE-2013-1961).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1960
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1961
https://bugzilla.redhat.com/show_bug.cgi?id=952158
https://bugzilla.redhat.com/show_bug.cgi?id=952131
========================

Updated packages in core/updates_testing:
========================
libtiff-progs-4.0.1-2.6.mga2
libtiff5-4.0.1-2.6.mga2
libtiff-devel-4.0.1-2.6.mga2
libtiff-static-devel-4.0.1-2.6.mga2

from libtiff-4.0.1-2.6.mga2.src.rpm

Reproducible: 

Steps to Reproduce:
Comment 1 claire robinson 2013-05-07 10:15:58 CEST 
Procedure: https://wiki.mageia.org/en/QA_procedure:Libtiff

Whiteboard: (none) => has_procedure

Comment 2 claire robinson 2013-05-07 10:58:33 CEST 
Testing complete mga2 32 & 64

Validating

Advisory and srpm in comment 0

Could sysadmin please push from core/updates_testing to core/updates

Thanks!

Keywords: (none) => validated_update
Whiteboard: has_procedure => has_procedure mga2-64-ok mga2-32-ok
CC: (none) => sysadmin-bugs

Comment 3 Thomas Backlund 2013-05-09 12:41:33 CEST 
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0142

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED

Comment 4 David Walser 2013-07-04 17:33:58 CEST 
*** Bug 10689 has been marked as a duplicate of this bug. ***

CC: (none) => oe