672510 – VUL-0: libtiff: Buffer overflow in Fax4Decode and Buffer overflow in vec_ycc_rgb_convert/JPEGDecode

Bug 672510 - VUL-0: libtiff: Buffer overflow in Fax4Decode and Buffer overflow in vec_ycc_rgb_convert/JPEGDecode

Summary: VUL-0: libtiff: Buffer overflow in Fax4Decode and Buffer overflow in vec_ycc_...

Status:	RESOLVED FIXED
Duplicates (1):	682053 (view as bug list)

Alias:	None

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	General (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Major
Target Milestone:	---
Deadline:	2011-03-07
Assignee:	Petr Gajdos
QA Contact:	Security Team bot

URL:
Whiteboard:	maint:released:11.4:39146 maint:relea...
Keywords:

Depends on:	682871
Blocks:
	Show dependency tree / graph

Clone This Bug

Reported:	2011-02-16 13:30 UTC by Thomas Biege
Modified:	2011-05-17 15:20 UTC (History)
CC List:	5 users (show)

See Also:
Found By:	Development
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
tiff_testcases.zip (70.62 KB, application/x-octet-stream) 2011-02-16 13:54 UTC, Thomas Biege	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Comment 3 Petr Gajdos 2011-02-18 08:40:02 UTC

I have prepared packages:
* sle10sp3 and sle11sp1:  home:pgajdos:branches: projects,
* sles9: /work/src/done/SLES9-SP4,
* openSUSE 11.2, 11.3 and Factory: my local machine.

Please let me know when I should submit them.

Comment 11 Petr Gajdos 2011-03-03 08:56:46 UTC

I have submitted openSUSE packages into home:pgajdos:branches:*.

Comment 14 Petr Gajdos 2011-03-14 14:11:43 UTC

factory: already checked in
11.4: sr#64120
11.3: sr#64122
11.2: sr#64123
11sp1: sr#11184
10sp3: sr#11185
9:     already checked in

Comment 15 Swamp Workflow Management 2011-03-17 10:09:17 UTC

Update released for: libtiff-devel, libtiff3, libtiff3-debuginfo, tiff, tiff-debuginfo, tiff-debugsource
Products:
openSUSE 11.2 (debug, i586, x86_64)
openSUSE 11.3 (debug, i586, x86_64)

Comment 16 Swamp Workflow Management 2011-03-17 10:09:18 UTC

Update released for: libtiff-devel, libtiff3, libtiff3-debuginfo, tiff, tiff-debuginfo, tiff-debugsource
Products:
openSUSE 11.4 (debug, i586, x86_64)

Comment 17 Swamp Workflow Management 2011-03-17 13:03:15 UTC

Update released for: libtiff-devel, libtiff-devel-32bit, libtiff3, libtiff3-32bit, libtiff3-x86, tiff, tiff-debuginfo, tiff-debugsource
Products:
SLE-DEBUGINFO 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP1 (i386, x86_64)
SLE-SDK 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLES4VMWARE 11-SP1 (i386, x86_64)

Comment 18 Swamp Workflow Management 2011-03-17 13:13:40 UTC

Update released for: libtiff, tiff
Products:
Novell-Linux-POS 9 (i386)
Open-Enterprise-Server 9 (i386)
SUSE-CORE 9 (i386, ia64, ppc, s390, s390x, x86_64)

Comment 19 Swamp Workflow Management 2011-03-25 11:30:50 UTC

Update released for: libtiff, libtiff-32bit, libtiff-64bit, libtiff-devel, libtiff-devel-32bit, libtiff-devel-64bit, libtiff-x86, tiff, tiff-debuginfo
Products:
SLE-DESKTOP 10-SP3 (i386, x86_64)
SLE-SAP-APL 10-SP3 (x86_64)
SLE-SDK 10-SP3 (i386, ia64, ppc, s390x, x86_64)
SLE-SERVER 10-SP3 (i386, ia64, ppc, s390x, x86_64)

Comment 20 Stanislav Brabec 2011-03-29 14:53:13 UTC

Released patches break G3 and G4 decompression. Guessing from the bug pattern, longer strips are only partially read. Could you please inform vendor-sec and senders? See bug 682871 for more.

Comment 21 Ludwig Nussel 2011-03-30 11:27:44 UTC

https://bugzilla.redhat.com/show_bug.cgi?id=678635#c23

Comment 22 Stanislav Brabec 2011-03-31 10:48:54 UTC

Adding Petr to Cc: to get latest news about upstream fix.

Comment 23 Petr Gajdos 2011-03-31 11:56:51 UTC

(In reply to comment #22)
> Adding Petr to Cc: to get latest news about upstream fix.

The fix should be incorporated in new packages in my home: branch, please see 
https://bugzilla.novell.com/show_bug.cgi?id=682871#c6

Comment 24 Leonardo Chiquitto 2011-04-19 10:53:28 UTC

*** Bug 682053 has been marked as a duplicate of this bug. ***

Comment 25 Swamp Workflow Management 2011-05-10 12:07:14 UTC

Update released for: libtiff, libtiff-32bit, libtiff-64bit, libtiff-devel, libtiff-devel-32bit, libtiff-devel-64bit, libtiff-x86, tiff, tiff-debuginfo
Products:
SLE-DESKTOP 10-SP4 (i386, x86_64)
SLE-SDK 10-SP4 (i386, ia64, ppc, s390x, x86_64)
SLE-SERVER 10-SP4 (i386, ia64, ppc, s390x, x86_64)

Comment 26 Marcus Meissner 2011-05-17 14:25:32 UTC

the crashing issue was resolved, incremental updates released.