Fedora has issued an advisory on August 15: https://lists.fedoraproject.org/pipermail/package-announce/2013-August/114181.html Patched packages uploaded for Mageia 2, Mageia 3, and Cauldron. Advisory: ======================== Updated libtiff packages fix security vulnerabilities: Pedro Ribeiro discovered a buffer overflow flaw in rgb2ycbcr, a tool to convert RGB color, greyscale, or bi-level TIFF images to YCbCr images, and multiple buffer overflow flaws in gif2tiff, a tool to convert GIF images to TIFF. A remote attacker could provide a specially-crafted TIFF or GIF file that, when processed by rgb2ycbcr and gif2tiff respectively, would cause the tool to crash or, potentially, execute arbitrary code with the privileges of the user running the tool (CVE-2013-4231) Pedro Ribeiro discovered a use-after-free flaw in the t2p_readwrite_pdf_image() function in tiff2pdf, a tool for converting a TIFF image to a PDF document. A remote attacker could provide a specially-crafted TIFF file that, when processed by tiff2pdf, would cause tiff2pdf to crash or, potentially, execute arbitrary code with the privileges of the user running tiff2pdf (CVE-2013-4232). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4231 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4232 https://lists.fedoraproject.org/pipermail/package-announce/2013-August/114181.html ======================== Updated packages in core/updates_testing: ======================== libtiff-progs-4.0.1-2.7.mga2 libtiff5-4.0.1-2.7.mga2 libtiff-devel-4.0.1-2.7.mga2 libtiff-static-devel-4.0.1-2.7.mga2 libtiff-progs-4.0.3-4.1.mga3 libtiff5-4.0.3-4.1.mga3 libtiff-devel-4.0.3-4.1.mga3 libtiff-static-devel-4.0.3-4.1.mga3 from SRPMS: libtiff-4.0.1-2.7.mga2.src.rpm libtiff-4.0.3-4.1.mga3.src.rpm Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA2TOO
Procedure on the wiki: https://wiki.mageia.org/en/QA_procedure:Libtiff
Whiteboard: MGA2TOO => MGA2TOO has_procedure
No PoC's
Testing complete mga3_64, ok for me nothing to report. wget http://www.ac-grenoble.fr/ien.vienne1-2/spip/IMG/bmp_Image001.bmp $ bmp2tiff bmp_Image001.bmp bmp_Image001.tif $ tiff2pdf bmp_Image001.tif > bmp_Image001.pdf $ tiffinfo bmp_Image001.tif TIFF Directory at offset 0x58976 (362870) Image Width: 400 Image Length: 300 Bits/Sample: 8 Compression Scheme: PackBits Photometric Interpretation: RGB color Orientation: row 0 top, col 0 lhs Samples/Pixel: 3 Rows/Strip: 6 Planar Configuration: single image plane $ gimp bmp_Image001.tif Gtk-Message: Failed to load module "canberra-gtk-module" Gtk-Message: Failed to load module "canberra-gtk-module"
CC: (none) => geiger.david68210Whiteboard: MGA2TOO has_procedure => MGA2TOO has_procedure mga3-64-ok
Testing complete mga3_32, ok for me nothing to report. $ wget http://www.ac-grenoble.fr/ien.vienne1-2/spip/IMG/bmp_Image001.bmp --2013-08-20 15:37:45-- http://www.ac-grenoble.fr/ien.vienne1-2/spip/IMG/bmp_Image001.bmp ...etc 100%[======================================>] 360 054 248KB/s ds 1,4s 2013-08-20 15:37:47 (248 KB/s) - «bmp_Image001.bmp» sauvegardé [360054/360054] $ ls bmp_Image001.bmp $ bmp2tiff bmp_Image001.bmp bmp_Image001.tif $ ls bmp_Image001.bmp bmp_Image001.tif $ tiff2pdf bmp_Image001.tif > bmp_Image001.pdf $ ls bmp_Image001.bmp bmp_Image001.pdf bmp_Image001.tif $ tiffinfo bmp_Image001.tif TIFF Directory at offset 0x58976 (362870) Image Width: 400 Image Length: 300 Bits/Sample: 8 Compression Scheme: PackBits Photometric Interpretation: RGB color Orientation: row 0 top, col 0 lhs Samples/Pixel: 3 Rows/Strip: 6 Planar Configuration: single image plane $ gimp bmp_Image001.tif
Whiteboard: MGA2TOO has_procedure mga3-64-ok => MGA2TOO has_procedure mga3-64-ok mga3-32-ok
Testing complete mga2_32, ok for me nothing to report. $ wget http://www.ac-grenoble.fr/ien.vienne1-2/spip/IMG/bmp_Image001.bmp --2013-08-20 15:49:23-- http://www.ac-grenoble.fr/ien.vienne1-2/spip/IMG/bmp_Image001.bmp ...etc 100%[======================================>] 360 054 288K/s ds 1,2s 2013-08-20 15:49:24 (288 KB/s) - «bmp_Image001.bmp» sauvegardé [360054/360054] $ ls bmp_Image001.bmp $ bmp2tiff bmp_Image001.bmp bmp_Image001.tif $ ls bmp_Image001.bmp bmp_Image001.tif $ tiff2pdf bmp_Image001.tif > bmp_Image001.pdf $ ls bmp_Image001.bmp bmp_Image001.pdf bmp_Image001.tif $ tiffinfo bmp_Image001.tif TIFF Directory at offset 0x58976 (362870) Image Width: 400 Image Length: 300 Bits/Sample: 8 Compression Scheme: PackBits Photometric Interpretation: RGB color Orientation: row 0 top, col 0 lhs Samples/Pixel: 3 Rows/Strip: 6 Planar Configuration: single image plane $ gimp bmp_Image001.tif
Whiteboard: MGA2TOO has_procedure mga3-64-ok mga3-32-ok => MGA2TOO has_procedure mga3-64-ok mga3-32-ok mga2-32-ok
Testing complete mga2 64
Whiteboard: MGA2TOO has_procedure mga3-64-ok mga3-32-ok mga2-32-ok => MGA2TOO has_procedure mga3-64-ok mga3-32-ok mga2-32-ok mga2-64-ok
Validating. Advisory from comment 0 uploaded. Could sysadmin please push from 2 & 3 core/updates_testing to updates Thanks!
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Update pushed: http://advisories.mageia.org/MGASA-2013-0258.html
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED