| Summary: | <media-libs/tiff-4.0.3-r4: Multiple vulnerabilities (CVE-2013-{4231,4232}) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | major | CC: | graphics+disabled |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://www.openwall.com/lists/oss-security/2013/08/08/6 | ||
| Whiteboard: | A2 [glsa] | ||
| Package list: | Runtime testing required: | --- | |
in tree: +*tiff-4.0.3-r4 (23 Aug 2013) +*tiff-4.0.3-r5 (23 Aug 2013) + + 23 Aug 2013; Samuli Suominen <ssuominen@gentoo.org> + +files/tiff-4.0.3-CVE-2013-4231.patch, +files/tiff-4.0.3-CVE-2013-4232.patch, + +tiff-4.0.3-r4.ebuild, +tiff-4.0.3-r5.ebuild: + Fix for CVE-2013-4231 (and CVE-2013-4232) from upstream. See security bug + #480466. The -r4 is for stabilization without multilib-minimal.eclass usage. Arch's, please test and stabilize: =media-libs/tiff-4.0.3-r4 alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86 Stable for HPPA. amd64 stable x86 stable ppc64 stable arm stable ppc stable alpha stable ia64 stable s390 stable sh stable sparc stable Thanks for your work GLSA request filed CVE-2013-4232 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4232): Use-after-free vulnerability in the t2p_readwrite_pdf_image function in tools/tiff2pdf.c in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) or possible execute arbitrary code via a crafted TIFF image. M68K is not anymore a stable arch, removing it from the cc list CVE-2013-4231 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4231): Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) extension block in a GIF image or (2) GIF raster image to tools/gif2tiff.c or (3) a long filename for a TIFF image to tools/rgb2ycbcr.c. NOTE: vectors 1 and 3 are disputed by Red Hat, which states that the input cannot exceed the allocated buffer size. This issue was resolved and addressed in GLSA 201402-21 at http://security.gentoo.org/glsa/glsa-201402-21.xml by GLSA coordinator Chris Reffett (creffett). |
From ${URL} : Pedro Ribeiro has recently reported the following five security flaws being present in the tools of TIFF library: [1] http://www.asmail.be/msg0055359936.html While they are present in the tools (=> not that urgent like they would be in the library itself), there's been CVE ids assigned in the past for TIFF library tools issues too. To mention some examples: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1961 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1960 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4564 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3401 Since there doesn't seem to be CVE identifiers assigned for these [1] issues yet, could you allocate them? FWIW regarding the patches and upstream bugs - if my information is up2date, there aren't upstream bugs and patches for these issues yet. @maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.