https://linuxsecurity.com/advisories/deblts/debian-lts-dla-2009-1-tiff-security-update-17-24-54
QA Contact: (none) => securityComponent: RPM Packages => Security
Hi, CVE-2017-17095 was fixed in bug 22120. CVE-2018-12900 was fixed in bug 24053. CVE-2018-18661 was fixed in bug 23788. CVE-2019-6128 was fixed in bug 24343. CVE-2019-17546 is not fixed already. Best regards, Nico.
Source RPM: libtiff => libtiff-4.0.10-6.git20190508.1.mga7.src.rpmCC: (none) => nicolas.salgueroSummary: libtiff security update CVE-2017-17095 CVE-2018-12900 CVE-2018-18661 CVE-2019-6128 CVE-2019-17546 => libtiff security update CVE-2019-17546Assignee: bugsquad => nicolas.salgueroCVE: (none) => CVE-2019-17546
Suggested advisory: ======================== The updated packages fix a security vulnerability: tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition. (CVE-2019-17546) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17546 https://linuxsecurity.com/advisories/deblts/debian-lts-dla-2009-1-tiff-security-update-17-24-54 ======================== Updated packages in core/updates_testing: ======================== libtiff-progs-4.1.0-2.git20191120.1.mga7 lib(64)tiff5-4.1.0-2.git20191120.1.mga7 lib(64)tiff-devel-4.1.0-2.git20191120.1.mga7 lib(64)tiff-static-devel-4.1.0-2.git20191120.1.mga7 from SRPMS: libtiff-4.1.0-2.git20191120.1.mga7.src.rpm
Assignee: nicolas.salguero => qa-bugsStatus: NEW => ASSIGNED
Just changing to the actual advisory link in the references. Suggested advisory: ======================== The updated packages fix a security vulnerability: tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition (CVE-2019-17546). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17546 https://www.debian.org/lts/security/2019/dla-2009
Mageia7, x86_64 CVE-2019-17456 The clusterfuzz testcase referred to https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16443 cannot be used because it requires a testing framework to be set up locally. Outside QA's remit. List of tools, excluding fax: pal2rgb ppm2tiff raw2tiff rgb2cbcr thumbnail tiff2bw tiff2pdf tiff2ps tiff2rgba tiffcmp tiffcp tiffcrop tiffdither tiffdump tiffinfo tiffmedian tiffset tiffsplit $ ppm2tiff ikapati.ppm ikapati.tif $ tiffgt ikapati.tif Displays the converted image. $ tiff2bw anna.tiff AnnaPopplewell_grey.tif $ tiffdither -r 4 -c packbits -t 64 jessica_grey.tif jessica_dither.tif $ tiffmedian -r 4 -C 128 -f TatianaMaslany.tif Tatiana.tif $ tiffgt Tatiana.tif Leads to a few patches of grey on a coloured image. 8 rows with 256 colours gives slightly better results. $ tiffcp glenshiel.tiff scottishglen.tif $ tiffcp glenshiel.tiff scottishglen.tif _TIFFVGetField: scottishglen.tif: Invalid tag "Predictor" (not supported by codec). _TIFFVGetField: scottishglen.tif: Invalid tag "BadFaxLines" (not supported by codec). _TIFFVGetField: scottishglen.tif: Invalid tag "Predictor" (not supported by codec). _TIFFVGetField: scottishglen.tif: Invalid tag "BadFaxLines" (not supported by codec). $ tiffcmp glenshiel.tif scottishglen.tif Compression: 8 7 $ ppm2tiff jessica.ppm jess.tif $ tiffgt jess.tif $ tiffdump SantaMaria.tif > dump.txt $ less dump.txt SantaMaria.tif: Magic: 0x4949 <little-endian> Version: 0x2a <ClassicTIFF> Directory 0: offset 1971016 (0x1e1348) next 0 (0) ImageWidth (256) SHORT (3) 1<1638> ImageLength (257) SHORT (3) 1<1410> BitsPerSample (258) SHORT (3) 3<8 8 8> [...] YResolution (283) RATIONAL (5) 1<495.063> PlanarConfig (284) SHORT (3) 1<1> ResolutionUnit (296) SHORT (3) 1<2> PageNumber (297) SHORT (3) 2<0 1> Predictor (317) SHORT (3) 1<2> Whitepoint (318) RATIONAL (5) 2<0.3127 0.329> PrimaryChromaticities (319) RATIONAL (5) 6<0.64 0.33 0.3 0.6 0.15 0.06> BadFaxLines (326) LONG (4) 1<2707030018> $ tiff2ps -O macbeth.ps macbethcolourscan.tif lcl@difda:images $ gs macbeth.ps GPL Ghostscript 9.27 (2019-04-04) ..... <displayed colour chart OK> $ tiff2pdf -o crater.pdf SantaMaria.tif That showed fine in okular. This should be enough to show that everything is working. The success of tiffgt is to be noted in comparison with earlier bug tests.
Whiteboard: (none) => MGA7-64-OKCC: (none) => tarazed25
Thanks, Len. Validating. Corrected advisory in Comment 3.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
Keywords: (none) => advisoryCC: (none) => tmb
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0366.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED
*** Bug 25853 has been marked as a duplicate of this bug. ***
CC: (none) => luigiwalser
This update also fixed CVE-2019-14973: http://lists.suse.com/pipermail/sle-security-updates/2019-November/006177.html
(In reply to David Walser from comment #8) > This update also fixed CVE-2019-14973: > http://lists.suse.com/pipermail/sle-security-updates/2019-November/006177. > html Another reference: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ADNPG7JJTRRK22GUVTAFH3GJ6WGKUZJB/
This update also fixed CVE-2020-19131, CVE-2020-19144: https://www.debian.org/lts/security/2021/dla-2777