Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 75213
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Thierry Carrez (RETIRED) <koon@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 75213 depends on: 75423 Show dependency tree
Bug 75213 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2004-12-21 10:42 0000 
Two iDEFENSE advisories should go out soon :

- libtiff STRIPOFFSETS Integer Overflow Vulnerability
- LibTIFF Directory Entry Count Integer Overflow Vulnerability

Both are fixed in upstream release 3.7.1

nerdboy: This is still semi-public, so please don't talk about it (should be public in a few hours) but please submit a new 3.7.1 ebuild silently referencing this bug.

------- Comment #1 From Thierry Carrez (RETIRED) 2004-12-21 11:04:05 0000 ------- 
Note to self, this might also affect :

- PDFLib (includes modified libtiff)
- kfax (includes libtiff code)
- xv (might need to be rebuilt with a new libtiff.a)

------- Comment #2 From Steve Arnold 2004-12-21 14:41:02 0000 ------- 
Okay, new ebuild going in portage now.  Should I remove the old ones and mark
the 
new 3.7.1 version stable on all arches?  I'm about to commit it as ~arch, and 
I'll be right back after I go turn the grades in...

------- Comment #3 From Luke Macken (RETIRED) 2004-12-21 14:51:25 0000 ------- 
This issue is now public

     http://www.idefense.com/application/poi/display?id=174

arches, please mark stable.

------- Comment #4 From Mike Doty 2004-12-21 16:55:22 0000 ------- 
stable on amd64

------- Comment #5 From Gustavo Zacarias (RETIRED) 2004-12-22 05:01:10 0000 ------- 
sparc stable.

------- Comment #6 From Thierry Carrez (RETIRED) 2004-12-22 07:28:11 0000 ------- 
Hmm I think we'll hold on this one a little.

Apparently the 'libtiff STRIPOFFSETS Integer' is a subset of CAN-2004-0886 that has already been fixed by GLSA 200410-11.

The other one would not be exploitable except for a crash. However there is another one coming.

Removing arches for the time being, as we probably will commit a -r1 with a patch.

------- Comment #7 From Steve Arnold 2004-12-22 11:12:18 0000 ------- 
I'm not sure how to link these in bugzilla, but this bug 75316 seems to have
been 
introduced with the new 3.7.1 release.  I'm still researching it, so that's all 
I know so far.

------- Comment #8 From Thierry Carrez (RETIRED) 2004-12-23 02:49:06 0000 ------- 
Test image for the "LibTIFF Directory Entry Count Integer Overflow"
Vulnerability
ftp://ftp.altlinux.org/pvt/people/ldv/1x1.tiff

------- Comment #9 From Thierry Carrez (RETIRED) 2004-12-27 09:10:23 0000 ------- 
LibTIFF Directory Entry Count Integer Overflow Vulnerability is CAN-2004-1308,
see DSA 617-1.

If work doesn't progress on the other libtiff-related vuln, we'll probably go
on and release an updated tiff with only this one. Steve, you might prefer us
to wait so that you get time to sort out bug 75316 before we start asking
arches to test again. Keep us posted.

------- Comment #10 From Thierry Carrez (RETIRED) 2005-01-01 11:31:52 0000 ------- 
No progress on the other security issue, better unblocking this one.

Calling back arches to test and mark stable. Please pay special attention to possible transparency issues to see if you reproduce bug 75316.

------- Comment #11 From Steve Arnold 2005-01-01 20:36:09 0000 ------- 
The transparency bug has bitten at least two windowmaker users (confirmed via 
independent tools) so if you can, it might be better to wait and get it all 
sorted out at once.  I'm not sure if transparent faxes are a big deal, but 
there are probably other applications with a bigger need for transparency 
than security is a risk.  Or we can do it piece-meal...

------- Comment #12 From Markus Rothe 2005-01-02 06:44:39 0000 ------- 
stable on ppc64

------- Comment #13 From Bryan Østergaard (RETIRED) 2005-01-02 08:00:21 0000 ------- 
Stable on alpha.

------- Comment #14 From Steve Arnold 2005-01-02 18:21:04 0000 ------- 
Fixes for both 75316 and 75423 are in -r1.  I guess everyone gets to test and 
mark stable as you can.  Thanks in advance.

------- Comment #15 From Thierry Carrez (RETIRED) 2005-01-03 00:29:28 0000 ------- 
Arches: please test and mark 3.7.1-r1 stable. It's just 3.7.1 + a bugfix on the
transparency issue and a fix on the tiffdump utility.

------- Comment #16 From Markus Rothe 2005-01-03 00:52:49 0000 ------- 
stable on ppc64

------- Comment #17 From Joe Jezak 2005-01-03 05:08:36 0000 ------- 
Tested and marked ppc stable.

------- Comment #18 From Gustavo Zacarias (RETIRED) 2005-01-03 06:33:33 0000 ------- 
sparc stable.

------- Comment #19 From Olivier Crete 2005-01-03 21:26:30 0000 ------- 
x86 there

------- Comment #20 From Hardave Riar (RETIRED) 2005-01-04 01:03:36 0000 ------- 
Stable on mips.

------- Comment #21 From Bryan Østergaard (RETIRED) 2005-01-04 02:34:05 0000 ------- 
Stable on alpha.

------- Comment #22 From Jeremy Huddleston (RETIRED) 2005-01-04 04:47:58 0000 ------- 
stable amd64.

------- Comment #23 From Lina Pezzella (RETIRED) 2005-01-04 18:12:28 0000 ------- 
Stable ppc-macos.

------- Comment #24 From Thierry Carrez (RETIRED) 2005-01-05 14:08:42 0000 ------- 
GLSA 200501-06
arm hppa ia64 s390 : please remember to mark stable to benefit from GLSA.
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug