[OE-core] [oe-core][PATCH 1/1] tiff: security fix CVE-2018-10963

Andre McCurdy armccurdy at gmail.com
Thu Jul 12 16:56:41 UTC 2018 

On Thu, Jul 12, 2018 at 9:40 AM, Burton, Ross <ross.burton at intel.com> wrote:
> Please.
>
> Ross
>
> On 12 July 2018 at 17:29, Slater, Joseph <joe.slater at windriver.com> wrote:
>> Should this be resubmitted?  I could always remove the comment about 4.0.8.    Joe
>> ________________________________________
>> From: Slater, Joseph
>> Sent: Tuesday, July 10, 2018 4:56 PM
>> To: akuster808; openembedded-core at lists.openembedded.org
>> Subject: RE: [OE-core] [oe-core][PATCH 1/1] tiff: security fix CVE-2018-10963
>>
>> Yes, it is not clear.  What it means is that the patch was applied to 4.0.8 code, but not, I think, 4.0.8 code as seen on openembedded-core before 4.0.8 was obsolete.  It still applies for 4.0.9.
>>
>> Joe
>>
>> -----Original Message-----
>> From: akuster808 [mailto:akuster808 at gmail.com]
>> Sent: Tuesday, July 10, 2018 4:48 PM
>> To: Slater, Joseph; openembedded-core at lists.openembedded.org
>> Subject: Re: [OE-core] [oe-core][PATCH 1/1] tiff: security fix CVE-2018-10963
>>
>> On 07/10/2018 04:03 PM, Joe Slater wrote:
>>> Denial of service described at https://nvd.nist.gov/vuln/detail/CVE-2018-10963.
>>>
>>> Signed-off-by: Joe Slater <joe.slater at windriver.com>
>>> ---
>>>  .../libtiff/files/CVE-2018-10963.patch             | 41 ++++++++++++++++++++++
>>>  meta/recipes-multimedia/libtiff/tiff_4.0.9.bb      |  1 +
>>>  2 files changed, 42 insertions(+)
>>>  create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2018-10963.patch
>>>
>>> diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2018-10963.patch b/meta/recipes-multimedia/libtiff/files/CVE-2018-10963.patch
>>> new file mode 100644
>>> index 0000000..13a1eb5
>>> --- /dev/null
>>> +++ b/meta/recipes-multimedia/libtiff/files/CVE-2018-10963.patch
>>> @@ -0,0 +1,41 @@
>>> +From de144fd228e4be8aa484c3caf3d814b6fa88c6d9 Mon Sep 17 00:00:00 2001
>>> +From: Even Rouault <even.rouault at spatialys.com>
>>> +Date: Sat, 12 May 2018 14:24:15 +0200
>>> +Subject: [PATCH] TIFFWriteDirectorySec: avoid assertion. Fixes
>>> + http://bugzilla.maptools.org/show_bug.cgi?id=2795.
>>> + CVE-2018-10963
>>> +
>>> +---
>>> +CVE: CVE-2018-10963
>>> +
>>> +Same patch as applied to 4.0.8.
>> I don't know what that means. The fix is in 4.0.8 or this patch applies
>> cleanly to 4.0.8 or affects < 4.0.8.
>> - armin
>>
>>> +
>>> +Upstream-Status: Backport [gitlab.com/libtiff/libtiff/commit/de144f...]

This link seems to have got corrupted somehow. It would be good to fix that too.

>>> +
>>> +Signed-off-by: Joe Slater <joe.slater at windriver.com>
>>> +
>>> +---
>>> + libtiff/tif_dirwrite.c |    7 +++++--
>>> + 1 file changed, 5 insertions(+), 2 deletions(-)
>>> +
>>> +diff --git a/libtiff/tif_dirwrite.c b/libtiff/tif_dirwrite.c
>>> +index 2430de6..c15a28d 100644
>>> +--- a/libtiff/tif_dirwrite.c
>>> ++++ b/libtiff/tif_dirwrite.c
>>> +@@ -695,8 +695,11 @@ TIFFWriteDirectorySec(TIFF* tif, int isimage, int imagedone, uint64* pdiroff)
>>> +                                                             }
>>> +                                                             break;
>>> +                                                     default:
>>> +-                                                            assert(0);   /* we should never get here */
>>> +-                                                            break;
>>> ++                                                            TIFFErrorExt(tif->tif_clientdata,module,
>>> ++                                                                        "Cannot write tag %d (%s)",
>>> ++                                                                        TIFFFieldTag(o),
>>> ++                                                                            o->field_name ? o->field_name : "unknown");
>>> ++                                                            goto bad;
>>> +                                             }
>>> +                                     }
>>> +                             }
>>> +--
>>> +1.7.9.5
>>> +
>>> diff --git a/meta/recipes-multimedia/libtiff/tiff_4.0.9.bb b/meta/recipes-multimedia/libtiff/tiff_4.0.9.bb
>>> index 8c3bba5..e8e2a11 100644
>>> --- a/meta/recipes-multimedia/libtiff/tiff_4.0.9.bb
>>> +++ b/meta/recipes-multimedia/libtiff/tiff_4.0.9.bb
>>> @@ -9,6 +9,7 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
>>>             file://CVE-2017-9935.patch \
>>>             file://CVE-2017-18013.patch \
>>>             file://CVE-2018-5784.patch \
>>> +           file://CVE-2018-10963.patch \
>>>            "
>>>
>>>  SRC_URI[md5sum] = "54bad211279cc93eb4fca31ba9bfdc79"
>>
>> --
>> _______________________________________________
>> Openembedded-core mailing list
>> Openembedded-core at lists.openembedded.org
>> http://lists.openembedded.org/mailman/listinfo/openembedded-core
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core at lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core

More information about the Openembedded-core mailing list