Bug 9970 - libtiff new security issues CVE-2013-1960 and CVE-2013-1961
: libtiff new security issues CVE-2013-1960 and CVE-2013-1961
Status: RESOLVED FIXED
Product: Mageia
Classification: Unclassified
Component: Security
: 2
: i586 Linux
: Normal Severity: major
: ---
Assigned To: QA Team
: Sec team
:
: has_procedure mga2-64-ok mga2-32-ok
: validated_update
:
:
  Show dependency treegraph
 
Reported: 2013-05-03 18:55 CEST by David Walser
Modified: 2013-07-04 17:33 CEST (History)
3 users (show)

See Also:
Source RPM: libtiff-4.0.1-2.5.mga2.src.rpm
CVE:


Attachments

Description David Walser 2013-05-03 18:55:29 CEST
Two security issues in libtiff have been assigned CVEs:
http://openwall.com/lists/oss-security/2013/05/02/4

Patched packages uploaded for Mageia 2 and Cauldron.

Patches added in Mageia 1 SVN.

Advisory:
========================

Updated libtiff packages fix security vulnerabilities:

A heap-based buffer overflow flaw was found in the way tiff2pdf of libtiff
performed write of TIFF image content into particular PDF document file, in
the tp_process_jpeg_strip() function. A remote attacker could provide a
specially-crafted TIFF image format file, that when processed by tiff2pdf
would lead to tiff2pdf executable crash or, potentially, arbitrary code
execution with the privileges of the user running the tiff2pdf binary
(CVE-2013-1960).

A stack-based buffer overflow was found in the way tiff2pdf of libtiff
performed write of TIFF image content into particular PDF document file, when
malformed image-length and resolution values are used in the TIFF file. A
remote attacker could provide a specially-crafted TIFF image format file,
that when processed by tiff2pdf would lead to tiff2pdf executable crash
(CVE-2013-1961).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1960
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1961
https://bugzilla.redhat.com/show_bug.cgi?id=952158
https://bugzilla.redhat.com/show_bug.cgi?id=952131
========================

Updated packages in core/updates_testing:
========================
libtiff-progs-4.0.1-2.6.mga2
libtiff5-4.0.1-2.6.mga2
libtiff-devel-4.0.1-2.6.mga2
libtiff-static-devel-4.0.1-2.6.mga2

from libtiff-4.0.1-2.6.mga2.src.rpm

Reproducible: 

Steps to Reproduce:
Comment 1 claire robinson 2013-05-07 10:15:58 CEST
Procedure: https://wiki.mageia.org/en/QA_procedure:Libtiff
Comment 2 claire robinson 2013-05-07 10:58:33 CEST
Testing complete mga2 32 & 64

Validating

Advisory and srpm in comment 0

Could sysadmin please push from core/updates_testing to core/updates

Thanks!
Comment 3 Thomas Backlund 2013-05-09 12:41:33 CEST
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0142
Comment 4 David Walser 2013-07-04 17:33:58 CEST
*** Bug 10689 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.