31899 – libtiff new security issues CVE-2023-3077[45]

Bug 31899 - libtiff new security issues CVE-2023-3077[45]

Summary: libtiff new security issues CVE-2023-3077[45]

Status:	RESOLVED DUPLICATE of bug 31091

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	8
Hardware:	All Linux

Priority:	Normal Severity: major
Target Milestone:	---
Assignee:	Nicolas Salguero
QA Contact:	Sec team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2023-05-09 16:00 CEST by David Walser
Modified:	2023-05-14 01:45 CEST (History)
CC List:	1 user (show)

See Also:
Source RPM:	libtiff-4.2.0-1.15.mga8.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2023-05-09 16:00:58 CEST

RedHat has issued an advisory today (May 9):
https://access.redhat.com/errata/RHSA-2023:2340

Mageia 8 is also affected.

David Walser 2023-05-09 16:01:04 CEST

Whiteboard: (none) => MGA8TOO

Comment 1 Nicolas Salguero 2023-05-10 09:47:27 CEST

Hi,

Those CVEs were fixed in version 4.5.0rc1 so Cauldron is not affected.

Best regards,

Nico.

Version: Cauldron => 8
CC: (none) => nicolas.salguero
Whiteboard: MGA8TOO => (none)
Source RPM: libtiff-4.5.0-5.mga9.src.rpm => libtiff-4.2.0-1.15.mga8.src.rpm

Comment 2 Nicolas Salguero 2023-05-12 10:26:44 CEST

Hi,

After checking, I found that:
  - CVE-2023-30774 was already fixed by the patch for CVE-2022-3599 (bug 31091).
  - CVE-2023-30775 was already fixed by the patch for CVE-2022-3570 and CVE-2022-3598 (bug 30999).

Best regards,

Nico.

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Comment 3 David Walser 2023-05-14 01:45:32 CEST

Thanks, marking as a duplicate of the later bug.

*** This bug has been marked as a duplicate of bug 31091 ***

Resolution: FIXED => DUPLICATE

Note You need to log in before you can comment on or make changes to this bug.