Ubuntu has issued an advisory on February 25: https://ubuntu.com/security/notices/USN-4755-1
Suggested advisory: ======================== The updated packages fix security vulnerabilities: Integer overflow in tif_getimage.c. (CVE-2020-35523) Heap-based buffer overflow in TIFF2PDF tool. (CVE-2020-35524) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35523 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35524 https://ubuntu.com/security/notices/USN-4755-1 ======================== Updated packages in core/updates_testing: ======================== libtiff-progs-4.2.0-1.mga7 lib(64)tiff5-4.2.0-1.mga7 lib(64)tiff-devel-4.2.0-1.mga7 lib(64)tiff-static-devel-4.2.0-1.mga7 from SRPM: libtiff-4.2.0-1.mga7.src.rpm
Assignee: nicolas.salguero => qa-bugsCVE: (none) => CVE-2020-35523, CVE-2020-35524Status: NEW => ASSIGNED
mga7, x64 No reproducers available for the CVEs so on with the update. All four packages updated cleanly. $ tiffgt anna.tiff $ tiffgt MartianCrater.tif $ tiffgt PIA20966.tif Displayed the pictures perfectly. Seems to be a first here. $ tiffdump anna.tiff > tiffdump $ lines tiffdump 23 $ head -10 tiffdump anna.tiff: Magic: 0x4949 <little-endian> Version: 0x2a <ClassicTIFF> Directory 0: offset 736508 (0xb3cfc) next 0 (0) ImageWidth (256) SHORT (3) 1<491> ImageLength (257) SHORT (3) 1<500> BitsPerSample (258) SHORT (3) 3<8 8 8> Compression (259) SHORT (3) 1<1> Photometric (262) SHORT (3) 1<2> FillOrder (266) SHORT (3) 1<1> StripOffsets (273) LONG (4) 1<8> $ tail -8 tiffdump $ tail -8 tiffdump YResolution (283) RATIONAL (5) 1<72> PlanarConfig (284) SHORT (3) 1<1> ResolutionUnit (296) SHORT (3) 1<2> PageNumber (297) SHORT (3) 2<0 1> Whitepoint (318) RATIONAL (5) 2<0.3127 0.329> PrimaryChromaticities (319) RATIONAL (5) 6<0.64 0.33 0.3 0.6 0.15 0.06> 33723 (0x83bb) LONG (4) 329<24642076 1852719392 1867522145 1701605488 1819043191 544434464 1159753313 1768712046 1629513843 1701999715 539915123 543516755 1646293865 544502629 2003791467 1868963950 1701322866 1869750386 1629513068 1968382067 544104819 1702258000 1701409646 544106784 ...> 34377 (0x8649) BYTE (1) 15226<0x38 0x42 0x49 0x4d 0x4 0x4 00 00 00 00 0x5 0x21 0x1c 0x2 0x78 0x1 0x20 0x41 0x6e 0x6e 0x61 0x20 0x50 0x6f ...> $ tiffsplit greycombo.tif z $ ls z* zaaa.tif zaab.tif zaac.tif zaad.tif Each frame displays correctly using tiffgt. Quantize image to 128 colours. $ tiffmedian -C 128 -f example2.tiff median.tif The result looks fine. $ tifftopnm lena_color.tiff > lena.pnm tifftopnm: writing PPM file $ display lena.pnm Output looks identical. $ tiffcrop -E top -U px -m 100,100,100,100 SantaMaria.tif cropped.tif _TIFFVGetField: cropped.tif: Invalid tag "BadFaxLines" (not supported by codec). _TIFFVGetField: cropped.tif: Invalid tag "BadFaxLines" (not supported by codec). In spite of that complaint, the output is correctly cropped. $ tifftopnm Ikapati.tif > ikapati.pgm tifftopnm: writing PGM file $ pnmtotiff ikapati.pgm -output ikapati_test.tif Faithful copies. Greyscale from colour image: $ tiff2bw macbeth_rgb.tif macbeth_bw.tif $ tiff2pdf boats.tif > boats.pdf $ okular boats.pdf Gtk-Message: 23:03:48.468: Failed to load module "colorreload-gtk-module" org.kde.kcoreaddons: Expected JSON property "X-Purpose-PluginTypes" to be a single string. but it is a stringlist discarding "Send SMS via KDE Connect..." "ShareUrl" <Document looks fine though> No complaints with xpdf. $ tiff2ps lena.tif > lena.ps $ gs lena.ps GPL Ghostscript 9.27 (2019-04-04) ..... <Document displays without error> Enough tests - no regressions.
CC: (none) => tarazed25Whiteboard: (none) => MGA7-64-OK
Validating. Advisory pushed to SVN.
Keywords: (none) => advisory, validated_updateCC: (none) => ouaurelien, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0098.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED
Hello, This update seems to break gscan2pdf. https://www.mageialinux-online.org/forum/topic-28574-1+gscan2pdf.php#m282533
Resolution: FIXED => (none)CC: (none) => yves.brungard_mageiaStatus: RESOLVED => REOPENED
File a new bug.
Resolution: (none) => FIXEDStatus: REOPENED => RESOLVED
This update also fixed CVE-2020-35521 and CVE-2020-35522: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/BMHBYFMX3D5VGR6Y3RXTTH3Q4NF4E6IG/
Summary: libtiff new security issues CVE-2020-35523, CVE-2020-35524 => libtiff new security issues CVE-2020-3552[1-4]
This update also fixed CVE-2020-19143: https://ubuntu.com/security/CVE-2020-19143
comment 7 and 8 cve numbers, descriptions, and reference links added in advisory on svn.
CC: (none) => davidwhodgins