[OE-core] [oe-core][PATCH 1/1] tiff: security fix CVE-2018-10963

akuster808 akuster808 at gmail.com
Tue Jul 10 23:48:11 UTC 2018 


On 07/10/2018 04:03 PM, Joe Slater wrote:
> Denial of service described at https://nvd.nist.gov/vuln/detail/CVE-2018-10963.
>
> Signed-off-by: Joe Slater <joe.slater at windriver.com>
> ---
>  .../libtiff/files/CVE-2018-10963.patch             | 41 ++++++++++++++++++++++
>  meta/recipes-multimedia/libtiff/tiff_4.0.9.bb      |  1 +
>  2 files changed, 42 insertions(+)
>  create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2018-10963.patch
>
> diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2018-10963.patch b/meta/recipes-multimedia/libtiff/files/CVE-2018-10963.patch
> new file mode 100644
> index 0000000..13a1eb5
> --- /dev/null
> +++ b/meta/recipes-multimedia/libtiff/files/CVE-2018-10963.patch
> @@ -0,0 +1,41 @@
> +From de144fd228e4be8aa484c3caf3d814b6fa88c6d9 Mon Sep 17 00:00:00 2001
> +From: Even Rouault <even.rouault at spatialys.com>
> +Date: Sat, 12 May 2018 14:24:15 +0200
> +Subject: [PATCH] TIFFWriteDirectorySec: avoid assertion. Fixes
> + http://bugzilla.maptools.org/show_bug.cgi?id=2795.
> + CVE-2018-10963
> +
> +---
> +CVE: CVE-2018-10963
> +
> +Same patch as applied to 4.0.8.
I don't know what that means. The fix is in 4.0.8 or this patch applies
cleanly to 4.0.8 or affects < 4.0.8.
- armin

> +
> +Upstream-Status: Backport [gitlab.com/libtiff/libtiff/commit/de144f...]
> +
> +Signed-off-by: Joe Slater <joe.slater at windriver.com>
> +
> +---
> + libtiff/tif_dirwrite.c |    7 +++++--
> + 1 file changed, 5 insertions(+), 2 deletions(-)
> +
> +diff --git a/libtiff/tif_dirwrite.c b/libtiff/tif_dirwrite.c
> +index 2430de6..c15a28d 100644
> +--- a/libtiff/tif_dirwrite.c
> ++++ b/libtiff/tif_dirwrite.c
> +@@ -695,8 +695,11 @@ TIFFWriteDirectorySec(TIFF* tif, int isimage, int imagedone, uint64* pdiroff)
> + 								}
> + 								break;
> + 							default:
> +-								assert(0);   /* we should never get here */
> +-								break;
> ++								TIFFErrorExt(tif->tif_clientdata,module,
> ++								            "Cannot write tag %d (%s)",
> ++								            TIFFFieldTag(o),
> ++                                                                            o->field_name ? o->field_name : "unknown");
> ++								goto bad;
> + 						}
> + 					}
> + 				}
> +-- 
> +1.7.9.5
> +
> diff --git a/meta/recipes-multimedia/libtiff/tiff_4.0.9.bb b/meta/recipes-multimedia/libtiff/tiff_4.0.9.bb
> index 8c3bba5..e8e2a11 100644
> --- a/meta/recipes-multimedia/libtiff/tiff_4.0.9.bb
> +++ b/meta/recipes-multimedia/libtiff/tiff_4.0.9.bb
> @@ -9,6 +9,7 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
>             file://CVE-2017-9935.patch \
>             file://CVE-2017-18013.patch \
>             file://CVE-2018-5784.patch \
> +           file://CVE-2018-10963.patch \
>            "
>  
>  SRC_URI[md5sum] = "54bad211279cc93eb4fca31ba9bfdc79"

More information about the Openembedded-core mailing list