Bug 672510

Summary: VUL-0: libtiff: Buffer overflow in Fax4Decode and Buffer overflow in vec_ycc_rgb_convert/JPEGDecode
Product: [Novell Products] SUSE Security Incidents Reporter: Thomas Biege <thomas>
Component: GeneralAssignee: Petr Gajdos <pgajdos>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Major    
Priority: P3 - Medium CC: meissner, pgajdos, regis, sbrabec, security-team
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard: maint:released:11.4:39146 maint:released:sle11-sp1:38998 maint:released:sles9:38999 maint:released:sle10-sp3:39000 maint:released:sle10-sp4:40262
Found By: Development Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on: 682871    
Bug Blocks:    
Deadline: 2011-03-07   
Attachments: tiff_testcases.zip

Comment 3 Petr Gajdos 2011-02-18 08:40:02 UTC 
I have prepared packages:
* sle10sp3 and sle11sp1:  home:pgajdos:branches: projects,
* sles9: /work/src/done/SLES9-SP4,
* openSUSE 11.2, 11.3 and Factory: my local machine.

Please let me know when I should submit them.
Comment 11 Petr Gajdos 2011-03-03 08:56:46 UTC 
I have submitted openSUSE packages into home:pgajdos:branches:*.
Comment 14 Petr Gajdos 2011-03-14 14:11:43 UTC 
factory: already checked in
11.4: sr#64120
11.3: sr#64122
11.2: sr#64123
11sp1: sr#11184
10sp3: sr#11185
9:     already checked in
Comment 15 Swamp Workflow Management 2011-03-17 10:09:17 UTC 
Update released for: libtiff-devel, libtiff3, libtiff3-debuginfo, tiff, tiff-debuginfo, tiff-debugsource
Products:
openSUSE 11.2 (debug, i586, x86_64)
openSUSE 11.3 (debug, i586, x86_64)
Comment 16 Swamp Workflow Management 2011-03-17 10:09:18 UTC 
Update released for: libtiff-devel, libtiff3, libtiff3-debuginfo, tiff, tiff-debuginfo, tiff-debugsource
Products:
openSUSE 11.4 (debug, i586, x86_64)
Comment 17 Swamp Workflow Management 2011-03-17 13:03:15 UTC 
Update released for: libtiff-devel, libtiff-devel-32bit, libtiff3, libtiff3-32bit, libtiff3-x86, tiff, tiff-debuginfo, tiff-debugsource
Products:
SLE-DEBUGINFO 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP1 (i386, x86_64)
SLE-SDK 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLES4VMWARE 11-SP1 (i386, x86_64)
Comment 18 Swamp Workflow Management 2011-03-17 13:13:40 UTC 
Update released for: libtiff, tiff
Products:
Novell-Linux-POS 9 (i386)
Open-Enterprise-Server 9 (i386)
SUSE-CORE 9 (i386, ia64, ppc, s390, s390x, x86_64)
Comment 19 Swamp Workflow Management 2011-03-25 11:30:50 UTC 
Update released for: libtiff, libtiff-32bit, libtiff-64bit, libtiff-devel, libtiff-devel-32bit, libtiff-devel-64bit, libtiff-x86, tiff, tiff-debuginfo
Products:
SLE-DESKTOP 10-SP3 (i386, x86_64)
SLE-SAP-APL 10-SP3 (x86_64)
SLE-SDK 10-SP3 (i386, ia64, ppc, s390x, x86_64)
SLE-SERVER 10-SP3 (i386, ia64, ppc, s390x, x86_64)
Comment 20 Stanislav Brabec 2011-03-29 14:53:13 UTC 
Released patches break G3 and G4 decompression. Guessing from the bug pattern, longer strips are only partially read. Could you please inform vendor-sec and senders? See bug 682871 for more.
Comment 22 Stanislav Brabec 2011-03-31 10:48:54 UTC 
Adding Petr to Cc: to get latest news about upstream fix.
Comment 23 Petr Gajdos 2011-03-31 11:56:51 UTC 
(In reply to comment #22)
> Adding Petr to Cc: to get latest news about upstream fix.

The fix should be incorporated in new packages in my home: branch, please see 
https://bugzilla.novell.com/show_bug.cgi?id=682871#c6
Comment 24 Leonardo Chiquitto 2011-04-19 10:53:28 UTC 
*** Bug 682053 has been marked as a duplicate of this bug. ***
Comment 25 Swamp Workflow Management 2011-05-10 12:07:14 UTC 
Update released for: libtiff, libtiff-32bit, libtiff-64bit, libtiff-devel, libtiff-devel-32bit, libtiff-devel-64bit, libtiff-x86, tiff, tiff-debuginfo
Products:
SLE-DESKTOP 10-SP4 (i386, x86_64)
SLE-SDK 10-SP4 (i386, ia64, ppc, s390x, x86_64)
SLE-SERVER 10-SP4 (i386, ia64, ppc, s390x, x86_64)
Comment 26 Marcus Meissner 2011-05-17 14:25:32 UTC 
the crashing issue was resolved, incremental updates released.