Red Hat Bugzilla – Full Text Bug Listing
|Summary:||CVE-2010-2067 libtiff: SubjectDistance EXIF tag reading stack based buffer overflow|
|Product:||[Other] Security Response||Reporter:||Tomas Hoger <thoger>|
|Component:||vulnerability||Assignee:||Red Hat Product Security <security-response-team>|
|Status:||CLOSED ERRATA||QA Contact:|
|Version:||unspecified||CC:||jrusnack, rcvalle, security-response-team, tgl|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2010-07-07 05:22:52 EDT||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Bug Depends On:||606708|
Description Tomas Hoger 2010-06-03 10:26:15 EDT
iDefense reported to us a libtiff flaw discovered by Dan Rosenberg. Quoting description from iDefense advisory draft: Remote exploitation of a stack buffer overflow vulnerability in version 3.9.2 of LibTIFF, as included in various vendors' operating system distributions, could allow an attacker to execute arbitrary code with the privileges of the current user. ... This vulnerability is due to insufficient bounds checking when copying data into a stack allocated buffer. During the processing of a certain EXIF tag a fixed sized stack buffer is used as a destination location for a memory copy. This memory copy can cause the bounds of a stack buffer to be overflown and this condition may lead to arbitrary code execution.
Comment 1 Tomas Hoger 2010-06-03 10:27:11 EDT
Created attachment 419396 [details] Patch from Frank Warmerdam (libtiff upstream)
Comment 4 Tomas Hoger 2010-06-08 03:22:29 EDT
Created attachment 422072 [details] Unified context diff Same thing as patch in comment #1, just with some extra context for future reference.
Comment 6 Tomas Hoger 2010-06-08 03:26:25 EDT
Statement: Not vulnerable. These issues did not affect the versions of libtiff as shipped with Red Hat Enterprise Linux 3, 4, or 5.
Comment 10 Tomas Hoger 2010-06-16 08:31:41 EDT
(In reply to comment #1) > Created an attachment (id=419396) [details] > Patch from Frank Warmerdam (libtiff upstream) This patch is included in upstream version 3.9.4, libtiff/tif_dirread.c r126.96.36.199. http://www.remotesensing.org/libtiff/v3.9.4.html http://bugzilla.maptools.org/show_bug.cgi?id=2212
Comment 11 Tomas Hoger 2010-06-22 03:01:41 EDT
Public now via Ubuntu USN-954-1: http://www.ubuntu.com/usn/usn-954-1
Comment 13 Fedora Update System 2010-06-23 10:09:36 EDT
libtiff-3.9.4-1.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/libtiff-3.9.4-1.fc12
Comment 14 Fedora Update System 2010-06-23 10:11:00 EDT
libtiff-3.9.4-1.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/libtiff-3.9.4-1.fc13
Comment 15 Fedora Update System 2010-07-01 14:42:47 EDT
libtiff-3.9.4-1.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
Comment 16 Fedora Update System 2010-07-05 18:00:26 EDT
libtiff-3.9.4-1.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.