[OE-core] [oe-core][PATCH 1/1] tiff: security fix CVE-2018-10963
Slater, Joseph
joe.slater at windriver.com
Thu Jul 12 16:29:26 UTC 2018
Should this be resubmitted? I could always remove the comment about 4.0.8. Joe
________________________________________
From: Slater, Joseph
Sent: Tuesday, July 10, 2018 4:56 PM
To: akuster808; openembedded-core at lists.openembedded.org
Subject: RE: [OE-core] [oe-core][PATCH 1/1] tiff: security fix CVE-2018-10963
Yes, it is not clear. What it means is that the patch was applied to 4.0.8 code, but not, I think, 4.0.8 code as seen on openembedded-core before 4.0.8 was obsolete. It still applies for 4.0.9.
Joe
-----Original Message-----
From: akuster808 [mailto:akuster808 at gmail.com]
Sent: Tuesday, July 10, 2018 4:48 PM
To: Slater, Joseph; openembedded-core at lists.openembedded.org
Subject: Re: [OE-core] [oe-core][PATCH 1/1] tiff: security fix CVE-2018-10963
On 07/10/2018 04:03 PM, Joe Slater wrote:
> Denial of service described at https://nvd.nist.gov/vuln/detail/CVE-2018-10963.
>
> Signed-off-by: Joe Slater <joe.slater at windriver.com>
> ---
> .../libtiff/files/CVE-2018-10963.patch | 41 ++++++++++++++++++++++
> meta/recipes-multimedia/libtiff/tiff_4.0.9.bb | 1 +
> 2 files changed, 42 insertions(+)
> create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2018-10963.patch
>
> diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2018-10963.patch b/meta/recipes-multimedia/libtiff/files/CVE-2018-10963.patch
> new file mode 100644
> index 0000000..13a1eb5
> --- /dev/null
> +++ b/meta/recipes-multimedia/libtiff/files/CVE-2018-10963.patch
> @@ -0,0 +1,41 @@
> +From de144fd228e4be8aa484c3caf3d814b6fa88c6d9 Mon Sep 17 00:00:00 2001
> +From: Even Rouault <even.rouault at spatialys.com>
> +Date: Sat, 12 May 2018 14:24:15 +0200
> +Subject: [PATCH] TIFFWriteDirectorySec: avoid assertion. Fixes
> + http://bugzilla.maptools.org/show_bug.cgi?id=2795.
> + CVE-2018-10963
> +
> +---
> +CVE: CVE-2018-10963
> +
> +Same patch as applied to 4.0.8.
I don't know what that means. The fix is in 4.0.8 or this patch applies
cleanly to 4.0.8 or affects < 4.0.8.
- armin
> +
> +Upstream-Status: Backport [gitlab.com/libtiff/libtiff/commit/de144f...]
> +
> +Signed-off-by: Joe Slater <joe.slater at windriver.com>
> +
> +---
> + libtiff/tif_dirwrite.c | 7 +++++--
> + 1 file changed, 5 insertions(+), 2 deletions(-)
> +
> +diff --git a/libtiff/tif_dirwrite.c b/libtiff/tif_dirwrite.c
> +index 2430de6..c15a28d 100644
> +--- a/libtiff/tif_dirwrite.c
> ++++ b/libtiff/tif_dirwrite.c
> +@@ -695,8 +695,11 @@ TIFFWriteDirectorySec(TIFF* tif, int isimage, int imagedone, uint64* pdiroff)
> + }
> + break;
> + default:
> +- assert(0); /* we should never get here */
> +- break;
> ++ TIFFErrorExt(tif->tif_clientdata,module,
> ++ "Cannot write tag %d (%s)",
> ++ TIFFFieldTag(o),
> ++ o->field_name ? o->field_name : "unknown");
> ++ goto bad;
> + }
> + }
> + }
> +--
> +1.7.9.5
> +
> diff --git a/meta/recipes-multimedia/libtiff/tiff_4.0.9.bb b/meta/recipes-multimedia/libtiff/tiff_4.0.9.bb
> index 8c3bba5..e8e2a11 100644
> --- a/meta/recipes-multimedia/libtiff/tiff_4.0.9.bb
> +++ b/meta/recipes-multimedia/libtiff/tiff_4.0.9.bb
> @@ -9,6 +9,7 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
> file://CVE-2017-9935.patch \
> file://CVE-2017-18013.patch \
> file://CVE-2018-5784.patch \
> + file://CVE-2018-10963.patch \
> "
>
> SRC_URI[md5sum] = "54bad211279cc93eb4fca31ba9bfdc79"
More information about the Openembedded-core
mailing list