11099 – libtiff new security issue CVE-2013-4244

Bug 11099 - libtiff new security issue CVE-2013-4244

Summary: libtiff new security issue CVE-2013-4244

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	3
Hardware:	i586 Linux

Priority:	Normal Severity: major
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:	http://lwn.net/Vulnerabilities/565084/
Whiteboard:	MGA2TOO has_procedure MGA3-32-OK MGA3...
Keywords:	validated_update

Depends on:
Blocks:

Reported:	2013-08-28 18:53 CEST by David Walser
Modified:	2013-08-30 19:41 CEST (History)
CC List:	3 users (show)

See Also:
Source RPM:	libtiff-4.0.3-4.1.mga3.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2013-08-28 18:53:59 CEST

Debian has issued an advisory on August 27:
http://www.debian.org/security/2013/dsa-2744

Patched packages uploaded for Mageia 2, Mageia 3, and Cauldron.

Advisory:
========================

Updated libtiff packages fix security vulnerability:

Pedro Ribeiro and Huzaifa S. Sidhpurwala discovered multiple vulnerabilities
in various tools shipped by the tiff library. Processing a malformed file may
lead to denial of service or the execution of arbitrary code (CVE-2013-4244).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4244
http://www.debian.org/security/2013/dsa-2744
========================

Updated packages in core/updates_testing:
========================
libtiff-progs-4.0.1-2.8.mga2
libtiff5-4.0.1-2.8.mga2
libtiff-devel-4.0.1-2.8.mga2
libtiff-static-devel-4.0.1-2.8.mga2
libtiff-progs-4.0.3-4.2.mga3
libtiff5-4.0.3-4.2.mga3
libtiff-devel-4.0.3-4.2.mga3
libtiff-static-devel-4.0.3-4.2.mga3

from SRPMS:
libtiff-4.0.1-2.8.mga2.src.rpm
libtiff-4.0.3-4.2.mga3.src.rpm

Reproducible: 

Steps to Reproduce:

David Walser 2013-08-28 18:54:09 CEST

Version: Cauldron => 3
Whiteboard: (none) => MGA2TOO

David Walser 2013-08-28 18:54:36 CEST

Severity: normal => major

Comment 1 claire robinson 2013-08-28 19:54:52 CEST

Procedure: https://wiki.mageia.org/en/QA_procedure:Libtiff

Whiteboard: MGA2TOO => MGA2TOO has_procedure

Comment 2 William Kenney 2013-08-28 20:59:42 CEST

In VirtualBox and KDE

Packages under test:
libtiff bmp2tiff tiff2pdf tiffinfo libtiff-progs

[root@localhost wilcal]# urpmi libtiff
Package libtiff5-4.0.3-4.1.mga3.i586 is already installed
[root@localhost Pictures]# urpmi libtiff-progs
Package libtiff-progs-4.0.3-4.1.mga3.i586 is already installed

bmp2tiff flag_b24.bmp flag_b24.tif  works
tiff2pdf flag_b24.tif > flag_b24.pdf  works
[wilcal@localhost Pictures]$ tiffinfo flag_b24.tif
TIFF Directory at offset 0xaffe (45054)
  Image Width: 124 Image Length: 124
  Bits/Sample: 8
  Compression Scheme: PackBits
  Photometric Interpretation: RGB color
  Orientation: row 0 top, col 0 lhs
  Samples/Pixel: 3
  Rows/Strip: 22
  Planar Configuration: single image plane
flag_b24.tif opens successfully with Gimp

Install updates from core updates_testing

[root@localhost wilcal]# urpmi libtiff
Package libtiff5-4.0.3-4.2.mga3.i586 is already installed
[root@localhost wilcal]# urpmi libtiff-progs
Package libtiff-progs-4.0.3-4.2.mga3.i586 is already installed

[wilcal@localhost Pictures]$ bmp2tiff flag_b24.bmp flag_b24.tif  works
[wilcal@localhost Pictures]$ tiff2pdf flag_b24.tif > flag_b24.pdf  works
[wilcal@localhost Pictures]$ tiffinfo flag_b24.tif
TIFF Directory at offset 0xaffe (45054)
  Image Width: 124 Image Length: 124
  Bits/Sample: 8
  Compression Scheme: PackBits
  Photometric Interpretation: RGB color
  Orientation: row 0 top, col 0 lhs
  Samples/Pixel: 3
  Rows/Strip: 22
  Planar Configuration: single image plane


Test platform:
Intel Core i7-2600K Sandy Bridge 3.4GHz
GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo
GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB
RTL8111/8168B PCI Express 1Gbit Ethernet
DRAM 16GB (4 x 4GB)
VirtualBox 4.2.16-1.mga3.x86_64.rpm

CC: (none) => wilcal.int
Whiteboard: MGA2TOO has_procedure => MGA2TOO has_procedure MGA3-32-OK

Comment 3 William Kenney 2013-08-28 21:16:49 CEST

In VirtualBox and KDE

[root@localhost wilcal]# urpmi libtiff
Package lib64tiff5-4.0.3-4.1.mga3.x86_64 is already installed
[root@localhost wilcal]# urpmi libtiff-progs
Package libtiff-progs-4.0.3-4.1.mga3.x86_64 is already installed

[wilcal@localhost Pictures]$ bmp2tiff flag_b24.bmp flag_b24.tif  works
[wilcal@localhost Pictures]$ tiff2pdf flag_b24.tif > flag_b24.pdf  works
[wilcal@localhost Pictures]$ tiffinfo flag_b24.tif
TIFF Directory at offset 0xaffe (45054)
  Image Width: 124 Image Length: 124
  Bits/Sample: 8
  Compression Scheme: PackBits
  Photometric Interpretation: RGB color
  Orientation: row 0 top, col 0 lhs
  Samples/Pixel: 3
  Rows/Strip: 22
  Planar Configuration: single image plane
  
Install updates from core updates_testing

[root@localhost wilcal]# urpmi libtiff
Package lib64tiff5-4.0.3-4.2.mga3.x86_64 is already installed
[root@localhost wilcal]# urpmi libtiff-progs
Package libtiff-progs-4.0.3-4.2.mga3.x86_64 is already installed

[wilcal@localhost Pictures]$ bmp2tiff flag_b24.bmp flag_b24.tif  works
[wilcal@localhost Pictures]$ tiff2pdf flag_b24.tif > flag_b24.pdf  works
[wilcal@localhost Pictures]$ tiffinfo flag_b24.tif
TIFF Directory at offset 0xaffe (45054)
  Image Width: 124 Image Length: 124
  Bits/Sample: 8
  Compression Scheme: PackBits
  Photometric Interpretation: RGB color
  Orientation: row 0 top, col 0 lhs
  Samples/Pixel: 3
  Rows/Strip: 22
  Planar Configuration: single image plane

Whiteboard: MGA2TOO has_procedure MGA3-32-OK => MGA2TOO has_procedure MGA3-32-OK MGA3-64-OK

Comment 4 William Kenney 2013-08-28 21:32:36 CEST

In VirtualBox and KDE

Packages under test:
libtiff bmp2tiff tiff2pdf tiffinfo libtiff-progs

[root@localhost wilcal]# urpmi libtiff
Package libtiff5-4.0.1-2.7.mga2.i586 is already installed
[root@localhost wilcal]# urpmi libtiff-progs
Package libtiff-progs-4.0.1-2.7.mga2.i586 is already installed

[wilcal@localhost Pictures]$ bmp2tiff flag_b24.bmp flag_b24.tif  works
[wilcal@localhost Pictures]$ tiff2pdf flag_b24.tif > flag_b24.pdf  works
[wilcal@localhost Pictures]$ tiffinfo flag_b24.tif
TIFF Directory at offset 0xaffe (45054)
  Image Width: 124 Image Length: 124
  Bits/Sample: 8
  Compression Scheme: PackBits
  Photometric Interpretation: RGB color
  Orientation: row 0 top, col 0 lhs
  Samples/Pixel: 3
  Rows/Strip: 22
  Planar Configuration: single image plane
  
Install updates from core updates_testing

[root@localhost Pictures]# urpmi libtiff
Package libtiff5-4.0.1-2.8.mga2.i586 is already installed
[root@localhost Pictures]# urpmi libtiff-progs
Package libtiff-progs-4.0.1-2.8.mga2.i586 is already installed

[wilcal@localhost Pictures]$ bmp2tiff flag_b24.bmp flag_b24.tif  works
[wilcal@localhost Pictures]$ tiff2pdf flag_b24.tif > flag_b24.pdf  works
[wilcal@localhost Pictures]$ tiffinfo flag_b24.tif
TIFF Directory at offset 0xaffe (45054)
  Image Width: 124 Image Length: 124
  Bits/Sample: 8
  Compression Scheme: PackBits
  Photometric Interpretation: RGB color
  Orientation: row 0 top, col 0 lhs
  Samples/Pixel: 3
  Rows/Strip: 22
  Planar Configuration: single image plane

Test platform:
Intel Core i7-2600K Sandy Bridge 3.4GHz
GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo
GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB
RTL8111/8168B PCI Express 1Gbit Ethernet
DRAM 16GB (4 x 4GB)
VirtualBox 4.2.16-1.mga3.x86_64.rpm

Whiteboard: MGA2TOO has_procedure MGA3-32-OK MGA3-64-OK => MGA2TOO has_procedure MGA3-32-OK MGA3-64-OK MGA2-32-OK

Comment 5 William Kenney 2013-08-28 21:50:36 CEST

In VirtualBox and KDE

Packages under test:
libtiff bmp2tiff tiff2pdf tiffinfo libtiff-progs

[root@localhost Pictures]# urpmi libtiff
Package lib64tiff5-4.0.1-2.7.mga2.x86_64 is already installed
[root@localhost Pictures]# urpmi libtiff-progs
Package libtiff-progs-4.0.1-2.7.mga2.x86_64 is already installed

[wilcal@localhost Pictures]$ bmp2tiff flag_b24.bmp flag_b24.tif  works
[wilcal@localhost Pictures]$ tiff2pdf flag_b24.tif > flag_b24.pdf  works
[wilcal@localhost Pictures]$ tiffinfo flag_b24.tif
TIFF Directory at offset 0xaffe (45054)
  Image Width: 124 Image Length: 124
  Bits/Sample: 8
  Compression Scheme: PackBits
  Photometric Interpretation: RGB color
  Orientation: row 0 top, col 0 lhs
  Samples/Pixel: 3
  Rows/Strip: 22
  Planar Configuration: single image plane

Install updates from core updates_testing
  
[root@localhost Pictures]# urpmi libtiff
Package lib64tiff5-4.0.1-2.8.mga2.x86_64 is already installed
[root@localhost Pictures]# urpmi libtiff-progs
Package libtiff-progs-4.0.1-2.8.mga2.x86_64 is already installed

[wilcal@localhost Pictures]$ bmp2tiff flag_b24.bmp flag_b24.tif  works
[wilcal@localhost Pictures]$ tiff2pdf flag_b24.tif > flag_b24.pdf  works
[wilcal@localhost Pictures]$ tiffinfo flag_b24.tif
TIFF Directory at offset 0xaffe (45054)
  Image Width: 124 Image Length: 124
  Bits/Sample: 8
  Compression Scheme: PackBits
  Photometric Interpretation: RGB color
  Orientation: row 0 top, col 0 lhs
  Samples/Pixel: 3
  Rows/Strip: 22
  Planar Configuration: single image plane
  
Test platform:
Intel Core i7-2600K Sandy Bridge 3.4GHz
GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo
GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB
RTL8111/8168B PCI Express 1Gbit Ethernet
DRAM 16GB (4 x 4GB)
VirtualBox 4.2.16-1.mga3.x86_64.rpm

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs
Whiteboard: MGA2TOO has_procedure MGA3-32-OK MGA3-64-OK MGA2-32-OK => MGA2TOO has_procedure MGA3-32-OK MGA3-64-OK MGA2-32-OK MGA2-64-OK

Comment 6 William Kenney 2013-08-28 21:51:03 CEST

Testing complete mga2/3 32 & 64
Validating the update.
Could someone from the sysadmin team push 11099.adv to updates.
Thanks

Comment 7 David Walser 2013-08-28 22:07:25 CEST

11099.adv doesn't appear to have been uploaded yet.

I'll remove the validated tag and let Dave or Claire re-add it when it's uploaded.

Keywords: validated_update => (none)

Comment 8 William Kenney 2013-08-28 22:22:43 CEST

(In reply to David Walser from comment #7)

> 11099.adv doesn't appear to have been uploaded yet.

That's cuz I'm too quick. :-))

Thanks

Comment 9 claire robinson 2013-08-28 22:24:14 CEST

Well done William. Advisory uploaded.

Thanks

claire robinson 2013-08-28 22:24:27 CEST

Keywords: (none) => validated_update

Comment 10 Thomas Backlund 2013-08-30 19:41:02 CEST

Update pushed:
http://advisories.mageia.org/MGASA-2013-0267.html

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.