Debian has issued an advisory on July 5: https://www.debian.org/security/2017/dsa-3903 It's possible we may have already addressed these in Bug 20057, but I'm not sure.
Whiteboard: (none) => MGA6TOO, MGA5TOO
Hi, Some issues have already been addressed: CVE-2017-9147, CVE-2017-9403, CVE-2017-9404. But CVE-2017-9936 and CVE-2017-10688 remain. Best regards, Nico.
Summary: libtiff new security issues CVE-2017-9147, CVE-2017-9403, CVE-2017-9404, CVE-2017-9936, CVE-2017-10688 => libtiff new security issues CVE-2017-9936 and CVE-2017-10688
For Mga6, freeze push request. For Mga5, libtiff-4.0.8-1.1.mga5 fixes CVE-2017-9936 and CVE-2017-10688.
Patched packages uploaded for Mageia 5 and Cauldron. Thanks Nicolas! Advisory: ======================== Updated libtiff packages fix security vulnerabilities: Multiple vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service or the execution of arbitrary code (CVE-2017-9936, CVE-2017-10688). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9936 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10688 https://www.debian.org/security/2017/dsa-3903 ======================== Updated packages in core/updates_testing: ======================== libtiff-progs-4.0.8-1.1.mga5 libtiff5-4.0.8-1.1.mga5 libtiff-devel-4.0.8-1.1.mga5 libtiff-static-devel-4.0.8-1.1.mga5 from libtiff-4.0.8-1.1.mga5.src.rpm
Version: Cauldron => 5Whiteboard: MGA6TOO, MGA5TOO => (none)CC: (none) => nicolas.salgueroAssignee: nicolas.salguero => qa-bugs
x86_64 real hardware Mate Before the update: Downloaded poc1 from http://bugzilla.maptools.org/show_bug.cgi?id=2706. Downloaded POC1.rar from http://bugzilla.maptools.org/show_bug.cgi?id=2712 and extracted POC1. [CVE-2017-9936] $ tiff2ps poc1 TIFFReadDirectoryCheckOrder: Warning, Invalid TIFF directory; tags are not sorted in ascending order. TIFFReadDirectory: Warning, Unknown field with tag 24655 (0x604f) encountered. TIFFReadDirectory: Warning, Unknown field with tag 62085 (0xf285) encountered. .............................. TIFFFetchNormalTag: Warning, Sanity check on size of "Tag 34203" value failed; tag ignored. TIFFFetchNormalTag: Warning, IO error during reading of "Tag 16384"; tag ignored. %!PS-Adobe-3.0 EPSF-3.0 %%Creator: tiff2ps %%Title: poc1 .................................... image JBIG: Error (80) decoding: Unknown marker segment encountered. poc1: Can't read strip. end grestore showpage %%Trailer %%EOF < A long wait while it tried to process the included image. > $ $ tiff2pdf poc1 TIFFReadDirectoryCheckOrder: Warning, Invalid TIFF directory; tags are not sorted in ascending order. TIFFReadDirectory: Warning, Unknown field with tag 24655 (0x604f) encountered. ..................................... TIFFFetchNormalTag: Warning, Sanity check on size of "Tag 34203" value failed; tag ignored. TIFFFetchNormalTag: Warning, IO error during reading of "Tag 16384"; tag ignored. %PDF-1.1 %��� 1 0 obj ......................... /Decode [ 1 0 ] >> stream JBIG: Error (32) decoding: Unexpected end of input data stream. tiff2pdf: Error on decoding strip 0 of poc1. tiff2pdf: An error occurred creating output PDF file. -------------------------------------------------------------------------------------- [CVE-2017-10688] $ tiffset POC1 TIFFReadDirectory: Warning, Unknown field with tag 302 (0x12e) encountered. TIFFReadDirectory: Warning, Unknown field with tag 61961 (0xf209) encountered. tiffset: tif_dirwrite.c:2127: TIFFWriteDirectoryTagCheckedLong8Array: Assertion `tif->tif_flags&0x80000U' failed. Abort ========================================================================== After updates. $ tiff2ps poc1 The error trace looks the same as before, so does the output from $ tiff2pdf poc1 $ tiffset POC1 POC1: Failed to allocate memory for to read TIFF directory (0 elements of 12 bytes each). TIFFReadDirectory: Failed to read directory at offset 5356. The situation is handled more gracefully here and no abort. So, OK for CVE-2017-10688 but there is nothing to go on for CVE-2017-9936. Checked the viability of the updated libraries by running simple image tests on various files using the tiff utilities. No regressions. Where do we go from here?
CC: (none) => tarazed25
Keywords: (none) => NEEDINFO
Len, just a reminder that NEEDINFO is not the right item to add when QA has a question about an update. That's for when the bug squad or a developer needs clarification on what the original bug is about from the reporter. QA should put feedback in the whiteboard in cases like this. CVE-2017-9936 is not a crash and is only detectable with ASAN, which we were unable to get working when we tried before, so you can pass this update.
Keywords: NEEDINFO => (none)
Thanks David. Yes I had noticed that the original analysis depended on ASAN. Thanks also for the feedback information. I could not find feedback in the list of keywords so used NEEDINFO instead. Did not realize that you just write feedback onto the whiteboard. Adding the OK for 64-bits.
Whiteboard: (none) => MGA5-64-OK
MGA5-32 on Asus A6000VM Xfce No installation issues. Similar output with poc as above ; except for: $ tiffset POC1 TIFFReadDirectory: Warning, Unknown field with tag 302 (0x12e) encountered. TIFFReadDirectory: Warning, Unknown field with tag 61961 (0xf209) encountered. TIFFWriteDirectoryTagCheckedLong8Array: LONG8 not allowed for ClassicTIFF. Tried commands with images used on previous updates for libtiff: tiff2pdf is OK but mind this: $ tiff2ps 1973-024.tif -O 1973-024.ps against $ tiff2pdf 1973-024.tif -o 1973-024.pdf OK for me.
Whiteboard: MGA5-64-OK => MGA5-64-OK MGA5-32-OKCC: (none) => herman.viaene
Advisoried, validating.
Whiteboard: MGA5-64-OK MGA5-32-OK => MGA5-64-OK MGA5-32-OK advisoryKeywords: (none) => validated_updateCC: (none) => lewyssmith, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0210.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED