[OE-core] [oe-core][PATCH 1/1] tiff: security fix CVE-2018-10963
Burton, Ross
ross.burton at intel.com
Thu Jul 12 16:40:31 UTC 2018
Please.
Ross
On 12 July 2018 at 17:29, Slater, Joseph <joe.slater at windriver.com> wrote:
> Should this be resubmitted? I could always remove the comment about 4.0.8. Joe
> ________________________________________
> From: Slater, Joseph
> Sent: Tuesday, July 10, 2018 4:56 PM
> To: akuster808; openembedded-core at lists.openembedded.org
> Subject: RE: [OE-core] [oe-core][PATCH 1/1] tiff: security fix CVE-2018-10963
>
> Yes, it is not clear. What it means is that the patch was applied to 4.0.8 code, but not, I think, 4.0.8 code as seen on openembedded-core before 4.0.8 was obsolete. It still applies for 4.0.9.
>
> Joe
>
> -----Original Message-----
> From: akuster808 [mailto:akuster808 at gmail.com]
> Sent: Tuesday, July 10, 2018 4:48 PM
> To: Slater, Joseph; openembedded-core at lists.openembedded.org
> Subject: Re: [OE-core] [oe-core][PATCH 1/1] tiff: security fix CVE-2018-10963
>
>
>
> On 07/10/2018 04:03 PM, Joe Slater wrote:
>> Denial of service described at https://nvd.nist.gov/vuln/detail/CVE-2018-10963.
>>
>> Signed-off-by: Joe Slater <joe.slater at windriver.com>
>> ---
>> .../libtiff/files/CVE-2018-10963.patch | 41 ++++++++++++++++++++++
>> meta/recipes-multimedia/libtiff/tiff_4.0.9.bb | 1 +
>> 2 files changed, 42 insertions(+)
>> create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2018-10963.patch
>>
>> diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2018-10963.patch b/meta/recipes-multimedia/libtiff/files/CVE-2018-10963.patch
>> new file mode 100644
>> index 0000000..13a1eb5
>> --- /dev/null
>> +++ b/meta/recipes-multimedia/libtiff/files/CVE-2018-10963.patch
>> @@ -0,0 +1,41 @@
>> +From de144fd228e4be8aa484c3caf3d814b6fa88c6d9 Mon Sep 17 00:00:00 2001
>> +From: Even Rouault <even.rouault at spatialys.com>
>> +Date: Sat, 12 May 2018 14:24:15 +0200
>> +Subject: [PATCH] TIFFWriteDirectorySec: avoid assertion. Fixes
>> + http://bugzilla.maptools.org/show_bug.cgi?id=2795.
>> + CVE-2018-10963
>> +
>> +---
>> +CVE: CVE-2018-10963
>> +
>> +Same patch as applied to 4.0.8.
> I don't know what that means. The fix is in 4.0.8 or this patch applies
> cleanly to 4.0.8 or affects < 4.0.8.
> - armin
>
>> +
>> +Upstream-Status: Backport [gitlab.com/libtiff/libtiff/commit/de144f...]
>> +
>> +Signed-off-by: Joe Slater <joe.slater at windriver.com>
>> +
>> +---
>> + libtiff/tif_dirwrite.c | 7 +++++--
>> + 1 file changed, 5 insertions(+), 2 deletions(-)
>> +
>> +diff --git a/libtiff/tif_dirwrite.c b/libtiff/tif_dirwrite.c
>> +index 2430de6..c15a28d 100644
>> +--- a/libtiff/tif_dirwrite.c
>> ++++ b/libtiff/tif_dirwrite.c
>> +@@ -695,8 +695,11 @@ TIFFWriteDirectorySec(TIFF* tif, int isimage, int imagedone, uint64* pdiroff)
>> + }
>> + break;
>> + default:
>> +- assert(0); /* we should never get here */
>> +- break;
>> ++ TIFFErrorExt(tif->tif_clientdata,module,
>> ++ "Cannot write tag %d (%s)",
>> ++ TIFFFieldTag(o),
>> ++ o->field_name ? o->field_name : "unknown");
>> ++ goto bad;
>> + }
>> + }
>> + }
>> +--
>> +1.7.9.5
>> +
>> diff --git a/meta/recipes-multimedia/libtiff/tiff_4.0.9.bb b/meta/recipes-multimedia/libtiff/tiff_4.0.9.bb
>> index 8c3bba5..e8e2a11 100644
>> --- a/meta/recipes-multimedia/libtiff/tiff_4.0.9.bb
>> +++ b/meta/recipes-multimedia/libtiff/tiff_4.0.9.bb
>> @@ -9,6 +9,7 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
>> file://CVE-2017-9935.patch \
>> file://CVE-2017-18013.patch \
>> file://CVE-2018-5784.patch \
>> + file://CVE-2018-10963.patch \
>> "
>>
>> SRC_URI[md5sum] = "54bad211279cc93eb4fca31ba9bfdc79"
>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core at lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
More information about the Openembedded-core
mailing list