Bug 9001

Summary: libtiff security vulnerabilities (CVE-2019-6128 CVE-2018-8905) CVE-2019-7663
Product: [ROSA-based products] ROSA Fresh Reporter: Zombie Ryushu <zombie.ryushu>
Component: Preinstalled software in the ISOAssignee: ROSA Linux Bugs <bugs>
Status: VERIFIED FIXED QA Contact: ROSA Linux Bugs <bugs>
Severity: normal    
Priority: Normal CC: alzim, andrey.bondrov, denis.silakov, mc2374, v.potapov
Version: AllFlags: v.potapov: qa_verified+
v.potapov: published+
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: https://advisories.mageia.org/MGASA-2018-0246.html
Whiteboard:
Platform: --- ROSA Vulnerability identifier: CVE-2018-8905
RPM Package: libtiff ISO-related:
Bad POT generating: Upstream:

Description Zombie Ryushu 2018-05-18 19:36:49 MSK 
The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF
through 4.0.9 allows remote attackers to cause a denial of service
(assertion failure and application crash) via a crafted file, a
different vulnerability than CVE-2017-13726. (CVE-2018-10963)

In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function
LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated
by tiff2ps. (CVE-2018-8905)
Comment 1 Zombie Ryushu 2019-02-20 23:07:43 MSK 
The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak,
as demonstrated by pal2rgb. (CVE-2019-6128)
Comment 2 Zombie Ryushu 2019-02-26 00:06:23 MSK 
An Invalid Address dereference was discovered in
TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF
4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c.
Remote attackers could leverage this vulnerability to cause a
denial-of-service via a crafted tiff file. This is different from
CVE-2018-12900. (CVE-2019-7663)

The invertImage() function in tiffcrop.c:9206 allows remote attackers to
cause a denial of service (heap buffer overflow) via invert color space.
Comment 3 Алзим 2019-02-26 00:46:50 MSK 
 - update to latest git snapshot
 - add patches for CVE-2018-12900 and CVE-2018-19210

libtiff-4.0.10-1.git20190226.1
https://abf.io/build_lists/2963335
https://abf.io/build_lists/2963336
Comment 4 Vladimir Potapov 2019-02-28 07:49:17 MSK 
The update is sent to expanded testing
**************************************
Comment 5 Vladimir Potapov 2019-03-13 22:59:02 MSK 
libtiff-4.0.10-1.git20190226.1
https://abf.io/build_lists/2963335
https://abf.io/build_lists/2963336
**************************** Advisory ************************
 update to latest git snapshot
 - add patches for CVE-2018-12900 and CVE-2018-19210
***************************************************************
QA Verified