RedHat has issued an advisory today (July 3): https://rhn.redhat.com/errata/RHSA-2012-1054.html Updated package (4.0.2) uploaded for Cauldron. Patched packages uploaded for Mageia 1 and Mageia 2. Notice that CVE-2012-2088 only affects libtiff 3.x in Mageia 1. I'll split the advisory for Mageia 1 and Mageia 2. Advisory (Mageia 1): ======================== Updated libtiff packages fix security vulnerabilities: libtiff did not properly convert between signed and unsigned integer values, leading to a buffer overflow. An attacker could use this flaw to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code (CVE-2012-2088). Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the tiff2pdf tool. An attacker could use these flaws to create a specially-crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code (CVE-2012-2113). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2088 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2113 https://rhn.redhat.com/errata/RHSA-2012-1054.html ======================== Advisory (Mageia 2): ======================== Updated libtiff packages fix security vulnerability: Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the tiff2pdf tool. An attacker could use these flaws to create a specially-crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code (CVE-2012-2113). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2113 https://rhn.redhat.com/errata/RHSA-2012-1054.html ======================== Updated packages in core/updates_testing: ======================== libtiff-progs-3.9.5-1.4.mga1 libtiff3-3.9.5-1.4.mga1 libtiff-devel-3.9.5-1.4.mga1 libtiff-static-devel-3.9.5-1.4.mga1 libtiff-progs-4.0.1-2.1.mga2 libtiff5-4.0.1-2.1.mga2 libtiff-devel-4.0.1-2.1.mga2 libtiff-static-devel-4.0.1-2.1.mga2 from SRPMS: libtiff-3.9.5-1.4.mga1.src.rpm libtiff-4.0.1-2.1.mga2.src.rpm
Whiteboard: (none) => MGA1TOO
Is there a poc for this? A poc is mentioned in the RedHat Bugzilla, but I cannot find it.
CC: (none) => derekjenn
(In reply to comment #1) > Is there a poc for this? A poc is mentioned in the RedHat Bugzilla, but I > cannot find it. Might be one of the ones they're talking about here: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668087
libtiff3-3.9.5-1.2.mga1 is also present in Mageia 2. Shouldn't it get updated too?
CC: (none) => davidwhodgins
Ah. Sorry. My Mageia 2 system was an upgrade from Mageia 1, so it still has libtiff3. It isn't in the online repositories. Should it be obsoleted in Mageia 2, or updated like Mageia 1.
(In reply to comment #4) > Should it be obsoleted in Mageia 2, or updated like Mageia 1. Nope. Our library policy means you get old libraries left behind on your system when you do distro upgrades. It's supposed to be the system administrator's responsibility to remove them. There are reasons for it, but it is annoying I'll admit. At least you can do urpmq --not-available to find the ones not in the repository.
Mandriva has issued an advisory for this today (July 4): http://www.mandriva.com/en/support/security/advisories/?dis=2010.1&name=MDVSA-2012:101
I was unable to simulate any crash using any of the sample tiffs at http://artax.karlin.mff.cuni.cz/~mikulas/debian-libtiff-bug/ so validation had to be resricted to performing sample tiff manipulations with bmp2tiff and tiff2pdf Validated on x86_64 mga2
Whiteboard: MGA1TOO => MGA1TOO MGA2-64-OK
Validated on i586 mga2 Validated on x86_64 mga1 (still not able to force a crash)
Whiteboard: MGA1TOO MGA2-64-OK => MGA1TOO MGA2-64-OK MGA2-32-OK MGA1-64-OK
Validated Could someone from sysadmin please push libtiff-3.9.5-1.4.mga1.src.rpm from mga1 core/updates/testing to core/updates Advisory (Mageia 1): ======================== Updated libtiff packages fix security vulnerabilities: libtiff did not properly convert between signed and unsigned integer values, leading to a buffer overflow. An attacker could use this flaw to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code (CVE-2012-2088). Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the tiff2pdf tool. An attacker could use these flaws to create a specially-crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code (CVE-2012-2113). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2088 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2113 https://rhn.redhat.com/errata/RHSA-2012-1054.html ---------------------------------------------------------------- And please push libtiff-4.0.1-2.1.mga2.src.rpm from mga2 core/updates/testing to core/updates Advisory (Mageia 2): ======================== Updated libtiff packages fix security vulnerability: Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the tiff2pdf tool. An attacker could use these flaws to create a specially-crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code (CVE-2012-2113). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2113 https://rhn.redhat.com/errata/RHSA-2012-1054.html
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsWhiteboard: MGA1TOO MGA2-64-OK MGA2-32-OK MGA1-64-OK => MGA1TOO MGA2-64-OK MGA2-32-OK MGA1-64-OK MGA1-32-OK
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0137
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED