openSUSE has issued an advisory on May 11: https://lists.opensuse.org/opensuse-updates/2018-05/msg00025.html It doesn't appear to be fixed in 4.0.9, but it may be fixed in the git snapshot.
SUSE has issued an advisory on September 10: http://lists.suse.com/pipermail/sle-security-updates/2018-September/004543.html It fixes three issues we don't have in bugzilla. I see the last one has a fix in Cauldron, but we haven't updated Mageia 6 yet. Mageia 5 is obviously also affected.
Whiteboard: (none) => MGA6TOOSummary: libtiff possible new security issue CVE-2017-17973 => libtiff possible new security issues CVE-2016-5319 CVE-2017-17942 CVE-2017-17973 CVE-2018-10779
openSUSE has issued an advisory for this on September 26: https://lists.opensuse.org/opensuse-updates/2018-09/msg00151.html
According to https://bugzilla.novell.com/show_bug.cgi?id=1074318#c5, fix for CVE-2017-9935 also fixes CVE-2017-17973.
Suggested advisory: ======================== The updated packages fix security vulnerabilities: Heap-based buffer overflow in tif_packbits.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted bmp file. (CVE-2016-5319) In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function PackBitsEncode in tif_packbits.c. (CVE-2017-17942) TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff. (CVE-2018-10779) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5319 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17942 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10779 ======================== Updated package in core/updates_testing: ======================== libtiff-progs-4.0.9-1.6.mga6 lib(64)tiff5-4.0.9-1.6.mga6 lib(64)tiff-devel-4.0.9-1.6.mga6 lib(64)tiff-static-devel-4.0.9-1.6.mga6 from SRPMS: libtiff-4.0.9-1.6.mga6.src.rpm
CVE: (none) => CVE-2016-5319, CVE-2017-17942, CVE-2018-10779Assignee: nicolas.salguero => qa-bugsSource RPM: libtiff-4.0.9-2.git20180512.2.mga7.src.rpm => libtiff-4.0.9-1.5.mga6.src.rpmStatus: NEW => ASSIGNEDVersion: Cauldron => 6Whiteboard: MGA6TOO => (none)
Testing this after tonight's meeting.
CC: (none) => tarazed25
bmp2tiff and thumbnail are required to exercize the PoCs for CVE-2016-5319. Neither are packaged with libtiff-progs. Are they available anywhere else? $ rpm -qil libtiff-progs /usr/bin/fax2ps /usr/bin/fax2tiff /usr/bin/pal2rgb /usr/bin/ppm2tiff /usr/bin/raw2tiff /usr/bin/tiff2bw /usr/bin/tiff2pdf /usr/bin/tiff2ps /usr/bin/tiff2rgba /usr/bin/tiffcmp /usr/bin/tiffcp /usr/bin/tiffcrop /usr/bin/tiffdither /usr/bin/tiffdump /usr/bin/tiffgt /usr/bin/tiffinfo /usr/bin/tiffmedian /usr/bin/tiffset /usr/bin/tiffsplit
Keywords: (none) => feedback
It's an old CVE and I believe some of the tools were removed previously because they themselves had security vulnerabilities.
Keywords: feedback => (none)
OK, thanks David. Those utilities were mentioned but I suppose anything that tries to read the PoC files would do.
Ah, but nothing else in the collection is able so those PoCs are a nogo.
Mageia6, x86_64 Updated the libtiff packages. Tried out some of the utilities. $ tiffinfo Ikapati.tif TIFF Directory at offset 0x100008 (1048584) Image Width: 1024 Image Length: 1024 Bits/Sample: 8 Compression Scheme: None Photometric Interpretation: min-is-black FillOrder: msb-to-lsb Samples/Pixel: 1 Rows/Strip: 8 Planar Configuration: single image plane DocumentName: Standard Input ImageDescription: converted PNM file $ tiff2pdf -o lena.pdf lena_color.tiff $ okular lena.pdf That displays fine. $ tiff2ps -O harbour.ps harbour.tif $ gs harbour.ps GPL Ghostscript 9.25 (2018-09-13) Copyright (C) 2018 Artifex Software, Inc. All rights reserved. This software comes with NO WARRANTY: see the file PUBLIC for details. >>showpage, press <return> to continue<< $ tiff2rgba macbethcolourscan.tif rgba.tif $ display rgba.tif That too. $ tifftopnm GlenShiel.tif > GlenShiel.pnm tifftopnm: writing PPM file $ tiffgt macbethcolourscan.tif libGL error: No matching fbConfigs or visuals found libGL error: failed to load driver: swrast freeglut (tiffgt): ERROR: Internal error <FBConfig with necessary capabilities not found> in function fgOpenWindow This may be a regression - tiffgt no longer displays TIFF images. Switched to display. $ tiff2bw JessicaAlba.tif jessica_grey.tif Perfect greyscale rendering. $ tiffcmp macbethcolourscan.tif rgba.tif SamplesPerPixel: 3 4 $ tiffcmp -z 20 macbethcolourscan.tif rgba.tif SamplesPerPixel: 3 4 $ tifftopnm JessicaAlba.tif > jessica.pnm tifftopnm: writing PPM file $ tiff2bw GlenShiel.tif GlenShiel_greyscale.tif $ tiffdump SantaMaria.tif > dumpfile $ less dumpfile SantaMaria.tif: Magic: 0x4949 <little-endian> Version: 0x2a <ClassicTIFF> Directory 0: offset 1971016 (0x1e1348) next 0 (0) ImageWidth (256) SHORT (3) 1<1638> ImageLength (257) SHORT (3) 1<1410> BitsPerSample (258) SHORT (3) 3<8 8 8> Compression (259) SHORT (3) 1<5> Photometric (262) SHORT (3) 1<2> FillOrder (266) SHORT (3) 1<1> ImageDescription (270) ASCII (2) 14<IDL TIFF file\0> StripOffsets (273) LONG (4) 1410<8 1199 2491 3695 4958 6211 7472 8750 9972 11260 12484 13781 15014 16267 17486 18683 19928 21122 22405 23629 24889 26177 27436 28726 ...> Orientation (274) SHORT (3) 1<1> SamplesPerPixel (277) SHORT (3) 1<3> RowsPerStrip (278) SHORT (3) 1<1> StripByteCounts (279) LONG (4) 1410<1191 1292 1204 1263 1253 1261 1278 1222 1288 1224 1297 1233 1253 1219 1197 1245 1194 1283 1224 1260 1288 1259 1290 1211 ...> XResolution (282) RATIONAL (5) 1<495.063> YResolution (283) RATIONAL (5) 1<495.063> PlanarConfig (284) SHORT (3) 1<1> ResolutionUnit (296) SHORT (3) 1<2> PageNumber (297) SHORT (3) 2<0 1> Predictor (317) SHORT (3) 1<2> Whitepoint (318) RATIONAL (5) 2<0.3127 0.329> PrimaryChromaticities (319) RATIONAL (5) 6<0.64 0.33 0.3 0.6 0.15 0.06> BadFaxLines (326) LONG (4) 1<2707030018> dumpfile (END) $ ppm2tiff glenshiel.pnm glenshiel_1.tif Displays OK. $ tiffcp glenshiel.tiff scottishglen.tif _TIFFVGetField: scottishglen.tif: Invalid tag "Predictor" (not supported by codec). _TIFFVGetField: scottishglen.tif: Invalid tag "BadFaxLines" (not supported by codec). _TIFFVGetField: scottishglen.tif: Invalid tag "Predictor" (not supported by codec). _TIFFVGetField: scottishglen.tif: Invalid tag "BadFaxLines" (not supported by codec). $ display scottishglen.tif It looks OK. That "Invalid tag" message has appeared many times in past tests so should not be considered a regression. $ tiffdither -r 4 -c packbits -t 64 Ikapati.tif ikapati4.tif Produced a dithered grey view of the surface of Mars. It needs a greyscale image to start with. $ tiffgt smandril.tif libGL error: No matching fbConfigs or visuals found libGL error: failed to load driver: swrast freeglut (tiffgt): ERROR: Internal error <FBConfig with necessary capabilities not found> in function fgOpenWindow This sort of failure has always been the case - maybe time for a bug report. $ tiffmedian -r 8 -C 128 -f TatianaMaslany.tif Tatiana.tif Going by rows of 8 creates an image with 128 colours using Floyd-Steinberg dithering. Without the dithering the image would be considered unacceptable. Enough tests. OK for 64-bits.
Whiteboard: (none) => MGA6-64-OK
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
CC: (none) => tmbKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0409.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED