9970 – libtiff new security issues CVE-2013-1960 and CVE-2013-1961

Bug 9970 - libtiff new security issues CVE-2013-1960 and CVE-2013-1961

Summary: libtiff new security issues CVE-2013-1960 and CVE-2013-1961

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	2
Hardware:	i586 Linux

Priority:	Normal Severity: major
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	has_procedure mga2-64-ok mga2-32-ok
Keywords:	validated_update

Duplicates (1):	10689 (view as bug list)
Depends on:
Blocks:

Reported:	2013-05-03 18:55 CEST by David Walser
Modified:	2013-07-04 17:33 CEST (History)
CC List:	3 users (show)

See Also:
Source RPM:	libtiff-4.0.1-2.5.mga2.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2013-05-03 18:55:29 CEST

Two security issues in libtiff have been assigned CVEs:
http://openwall.com/lists/oss-security/2013/05/02/4

Patched packages uploaded for Mageia 2 and Cauldron.

Patches added in Mageia 1 SVN.

Advisory:
========================

Updated libtiff packages fix security vulnerabilities:

A heap-based buffer overflow flaw was found in the way tiff2pdf of libtiff
performed write of TIFF image content into particular PDF document file, in
the tp_process_jpeg_strip() function. A remote attacker could provide a
specially-crafted TIFF image format file, that when processed by tiff2pdf
would lead to tiff2pdf executable crash or, potentially, arbitrary code
execution with the privileges of the user running the tiff2pdf binary
(CVE-2013-1960).

A stack-based buffer overflow was found in the way tiff2pdf of libtiff
performed write of TIFF image content into particular PDF document file, when
malformed image-length and resolution values are used in the TIFF file. A
remote attacker could provide a specially-crafted TIFF image format file,
that when processed by tiff2pdf would lead to tiff2pdf executable crash
(CVE-2013-1961).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1960
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1961
https://bugzilla.redhat.com/show_bug.cgi?id=952158
https://bugzilla.redhat.com/show_bug.cgi?id=952131
========================

Updated packages in core/updates_testing:
========================
libtiff-progs-4.0.1-2.6.mga2
libtiff5-4.0.1-2.6.mga2
libtiff-devel-4.0.1-2.6.mga2
libtiff-static-devel-4.0.1-2.6.mga2

from libtiff-4.0.1-2.6.mga2.src.rpm

Reproducible: 

Steps to Reproduce:

Comment 1 claire robinson 2013-05-07 10:15:58 CEST

Procedure: https://wiki.mageia.org/en/QA_procedure:Libtiff

Whiteboard: (none) => has_procedure

Comment 2 claire robinson 2013-05-07 10:58:33 CEST

Testing complete mga2 32 & 64

Validating

Advisory and srpm in comment 0

Could sysadmin please push from core/updates_testing to core/updates

Thanks!

Keywords: (none) => validated_update
Whiteboard: has_procedure => has_procedure mga2-64-ok mga2-32-ok
CC: (none) => sysadmin-bugs

Comment 3 Thomas Backlund 2013-05-09 12:41:33 CEST

Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0142

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED

Comment 4 David Walser 2013-07-04 17:33:58 CEST

*** Bug 10689 has been marked as a duplicate of this bug. ***

CC: (none) => oe

Note You need to log in before you can comment on or make changes to this bug.