Fedora has issued an advisory today (February 20): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QLLVSXFUKP2QSOFI6RRTYD737HBS7UGT/
Suggested advisory: ======================== The updated packages fix security vulnerabilities: An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted tiff file. This is different from CVE-2018-12900. (CVE-2019-7663) The invertImage() function in tiffcrop.c:9206 allows remote attackers to cause a denial of service (heap buffer overflow) via invert color space. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7663 http://bugzilla.maptools.org/show_bug.cgi?id=2831 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QLLVSXFUKP2QSOFI6RRTYD737HBS7UGT/ ======================== Updated packages in core/updates_testing: ======================== libtiff-progs-4.0.10-1.git20190219.1.mga6 lib(64)tiff5-4.0.10-1.git20190219.1.mga6 lib(64)tiff-devel-4.0.10-1.git20190219.1.mga6 lib(64)tiff-static-devel-4.0.10-1.git20190219.1.mga6 from SRPMS: libtiff-4.0.10-1.git20190219.1.mga6.src.rpm
Severity: major => criticalStatus: NEW => ASSIGNEDCVE: (none) => CVE-2019-7663Assignee: nicolas.salguero => qa-bugs
MGA6-32 MATE on IBM Thinkpad R50e No installation issues. Tried some commands as per bug 24053 Comment 10 with a set of own tif files of different origins (digital camera or scanner or converted from jpg wih GIMP. $ tiff2bw 001.tif 001bw.tif 001.tif: Bad samples/pixel 4. Same as in previous update. $ tiff2pdf -o 001tif.pdf 001.tif produces a file with a picture with a quite distinct pinkish cast, but otherwise views OK in atril. $ tiffdither gray1.tif gray1dit.tif produces a heavily dithered image. Seems OK. $ tiffgt rietkleur004.tif displays the picture decently. $ tiffinfo rietkleur004.tif TIFFReadDirectory: Warning, Sum of Photometric type-related color channels and ExtraSamples doesn't match SamplesPerPixel. Defining non-color channels as ExtraSamples.. TIFF Directory at offset 0x1a51b08 (27597576) Image Width: 2144 Image Length: 3218 Bits/Sample: 8 Compression Scheme: None Photometric Interpretation: RGB color Samples/Pixel: 4 Planar Configuration: single image plane Seems OK$ tiffmedian rietkleur007.tif riklmed007.tif TIFFReadDirectory: Warning, Sum of Photometric type-related color channels and ExtraSamples doesn't match SamplesPerPixel. Defining non-color channels as ExtraSamples.. produces an akward color picture with only a few week but quite different colors. I guess that's what I asked for. Seems good to go.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA6-32-OK
Keywords: (none) => advisory, validated_updateCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0101.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED