Bug 592361 (CVE-2010-1411)
| Summary: | CVE-2010-1411 libtiff: integer overflows leading to heap overflow in Fax3SetupState | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> | ||||||
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||||
| Status: | CLOSED ERRATA | QA Contact: | |||||||
| Severity: | high | Docs Contact: | |||||||
| Priority: | high | ||||||||
| Version: | unspecified | CC: | erik-fedora, ploujj, security-response-team, tao, tgl | ||||||
| Target Milestone: | --- | Keywords: | Security | ||||||
| Target Release: | --- | ||||||||
| Hardware: | All | ||||||||
| OS: | Linux | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2010-07-08 16:01:12 UTC | Type: | --- | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Bug Depends On: | 602549, 602550, 602551, 602552, 602553, 606708, 809170 | ||||||||
| Bug Blocks: | |||||||||
| Attachments: |
|
||||||||
|
Description
Vincent Danen
2010-05-14 16:08:40 UTC
Created attachment 422795 [details]
Upstream patch
These changes were committed in upstream CVS to address this flaw.
Created attachment 423158 [details]
Updated upstream patch
Extra check in TIFFSafeMultiply to avoid divide by zero, not really needed currently as the patch only uses non-zero multiplier.
Opening this bug, it's public now via new upstream release 3.9.3: http://www.remotesensing.org/libtiff/v3.9.3.html http://secunia.com/advisories/40181 http://www.vupen.com/english/advisories/2010/1435 http://support.apple.com/kb/HT4196 libtiff-3.8.2-15.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/libtiff-3.8.2-15.fc11 libtiff-3.9.4-1.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/libtiff-3.9.4-1.fc12 libtiff-3.9.4-1.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/libtiff-3.9.4-1.fc13 libtiff-3.8.2-15.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report. Adding mingw32-libtiff owners. mingw32-libtiff-3.9.4-1.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/mingw32-libtiff-3.9.4-1.fc13 mingw32-libtiff-3.9.4-1.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/mingw32-libtiff-3.9.4-1.fc12 libtiff-3.9.4-1.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report. libtiff-3.9.4-1.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report. mingw32-libtiff-3.9.4-1.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report. mingw32-libtiff-3.9.4-1.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report. This issue has been addressed in following products: Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 Via RHSA-2010:0519 https://rhn.redhat.com/errata/RHSA-2010-0519.html This issue has been addressed in following products: Red Hat Enterprise Linux 3 Via RHSA-2010:0520 https://rhn.redhat.com/errata/RHSA-2010-0520.html |