Bug 14110

Summary:	[CVE21] libtiff 4.1.0 CVEs - 2
Product:	[ROSA-based products] ROSA Fresh	Reporter:	Vladimir Potapov <v.potapov>
Component:	Preinstalled software in the ISO	Assignee:	ROSA Linux Bugs <bugs>
Status:	VERIFIED FIXED	QA Contact:	ROSA Linux Bugs <bugs>
Severity:	blocker
Priority:	Highest	CC:	a.proklov, pastordidi, s.matveev
Version:	All	Flags:	v.potapov: qa_verified+ v.potapov: secteam_verified? a.proklov: published+
Target Milestone:	2021.1 Fresh R12
Hardware:	All
OS:	Linux
Whiteboard:
Platform:	2021.1	ROSA Vulnerability identifier:
RPM Package:		ISO-related:
Bad POT generating:		Upstream:

Description Vladimir Potapov 2023-12-05 17:43:33 MSK

https://nvd.nist.gov/vuln/detail/CVE-2023-3576 Base Score: 5.5 MEDIUM
https://nvd.nist.gov/vuln/detail/CVE-2023-2731 exploit!
https://nvd.nist.gov/vuln/detail/CVE-2023-3316 exploit!
https://nvd.nist.gov/vuln/detail/CVE-2023-2908 exlpoit!
https://nvd.nist.gov/vuln/detail/CVE-2023-41175 Base Score: 6.5 MEDIUM
https://nvd.nist.gov/vuln/detail/CVE-2022-2953 Base Score: 5.5 MEDIUM
https://nvd.nist.gov/vuln/detail/CVE-2022-4645 exploit!
https://nvd.nist.gov/vuln/detail/CVE-2023-0797 exploit!
https://nvd.nist.gov/vuln/detail/CVE-2023-0798 exploit!
https://nvd.nist.gov/vuln/detail/CVE-2023-0795 exploit!
https://nvd.nist.gov/vuln/detail/CVE-2023-0796 exploit!
https://nvd.nist.gov/vuln/detail/CVE-2023-0799 exploit!
https://nvd.nist.gov/vuln/detail/CVE-2022-3597 exploit!
https://nvd.nist.gov/vuln/detail/CVE-2022-3627 exploit!
https://nvd.nist.gov/vuln/detail/CVE-2022-3626 exploit!
https://nvd.nist.gov/vuln/detail/CVE-2022-3598 exploit!
https://nvd.nist.gov/vuln/detail/CVE-2023-0801 exploit!
https://nvd.nist.gov/vuln/detail/CVE-2023-0800 exploit!
https://nvd.nist.gov/vuln/detail/CVE-2023-0803 exploit!
https://nvd.nist.gov/vuln/detail/CVE-2023-0804 exploit!
https://nvd.nist.gov/vuln/detail/CVE-2023-0802 exploit!
https://nvd.nist.gov/vuln/detail/CVE-2023-26965 exploit!
https://nvd.nist.gov/vuln/detail/CVE-2022-3570 exploit!
https://nvd.nist.gov/vuln/detail/CVE-2022-48281 exploit!

Comment 1 Svyatoslav Matveev 2023-12-06 21:57:15 MSK

********** QA ADVISORY **********

CVE-2023-2731 не затрагивает ,нет кода для исправления

Исправлено наложением патчей.

*** libtiff
**  4.1.0 release +1

https://abf.io/build_lists/4858343
https://abf.io/build_lists/4858344
https://abf.io/build_lists/4858345
https://abf.io/build_lists/4858346
https://abf.io/build_lists/4858347

Comment 2 Dmitry Postnikov 2023-12-07 18:00:48 MSK

*****************************
Обновление отослано в Тестинг

Comment 3 Vladimir Potapov 2023-12-14 11:25:38 MSK

ага, в дебиане говорят 
https://security-tracker.debian.org/tracker/CVE-2023-2731
not affected

Comment 4 Vladimir Potapov 2023-12-14 11:28:22 MSK

libtiff-4.1.0-6
https://abf.io/build_lists/4858343
https://abf.io/build_lists/4858344
https://abf.io/build_lists/4858345
https://abf.io/build_lists/4858346
https://abf.io/build_lists/4858347
************************** Advisory **********************
CVEs closed by patches
**********************************************************
QA Verified