SUSE has issued an advisory on March 18: https://lwn.net/Articles/965827/
CVE: (none) => CVE-2023-40745, CVE-2023-41175Source RPM: (none) => libtiff-4.5.1-1.1.mga9.src.rpm
Suggested advisory: ======================== The updated packages fix security vulnerabilities: LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. (CVE-2023-40745) A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. (CVE-2023-41175) References: https://lwn.net/Articles/965827/ ======================== Updated packages in core/updates_testing: ======================== lib(64)tiff6-4.5.1-1.2.mga9 lib(64)tiff-devel-4.5.1-1.2.mga9 lib(64)tiff-static-devel-4.5.1-1.2.mga9 libtiff-progs-4.5.1-1.2.mga9 from SRPM: libtiff-4.5.1-1.2.mga9.src.rpm
Assignee: bugsquad => qa-bugsStatus: NEW => ASSIGNED
Keywords: (none) => advisory
MGA9-64 Plasma, i5-7500, Nvidia Quadro K620 graphics. Seems like we just had a libtiff update a few days ago. Oh, wait - we did. Anyway, there were no installation issues this time, either. I decided to go a different route with testing this time, so searched with urpmq to see what required lib64tiff6. There was a fairly long list of packages, including Gimp, Gwenview, and ImageMagick. I started with a scan of the cover of the first issue of Plank Road magazine, which happened to feature a watercolor painting of our farm stand from several years ago. It was in Gimp's xcf format, so I loaded it into Gimp, then exported it as PlankRoad.tif. Then I converted it again, using ImageMagick from the command line: convert PlankRoad.tif PlankRoad.jpg. Then, I used Gwenview to look at the three images, and compare them. Rendering of the original xcf image wasn't very good, nothing like in Gimp itself, but the other two images looked identical. Finally, I used Gimp to load the original image again, then loaded the other two over it as layers. With the view zoomed in,but not TOO much, I made the layers invisible, one by one, while watching the window. I didn't see any change at all in the three images as I switched from one to the other. I'm calling this OK, and validating.
Keywords: (none) => validated_updateWhiteboard: (none) => MGA9-64-OKCC: (none) => andrewsfarm, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0077.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED