Issue metadata
Sign in to add a comment
|
CrOS: Vulnerability reported in media-libs/tiff |
||||||||||||||||||||||
Issue descriptionAutomated analysis has detected that the following third party packages have had vulnerabilities publicly reported. NOTE: There may be several bugs listed below - in almost all cases, all bugs can be quickly addressed by upgrading to the latest version of the package. Package Name: media-libs/tiff Package Version: [cpe:/a:libtiff:libtiff:4.0.6 cpe:/a:libtiff_project:libtiff:4.0.6] Advisory: CVE-2016-9448 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-9448 CVSS severity score: 5/10.0 Confidence: high Description: The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by setting the tags TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII to values that access 0-byte arrays. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9297.
,
Feb 8 2017
Oh man I don't even know where we might use libtiff (outside of Chrome's PDFium). Will check.
,
Feb 8 2017
,
Feb 9 2017
Issue 690404 has been merged into this issue.
,
Feb 10 2017
Issue 690858 has been merged into this issue.
,
Feb 23 2017
jorgelo: Uh oh! This issue still open and hasn't been updated in the last 14 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers? If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one? If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started. Thanks for your time! To disable nags, add the Disable-Nags label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Feb 27 2017
Current status: no progress.
,
Mar 10 2017
Issue 699951 has been merged into this issue.
,
Mar 14 2017
jorgelo: Uh oh! This issue still open and hasn't been updated in the last 14 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers? If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one? If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started. Thanks for your time! To disable nags, add the Disable-Nags label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Mar 14 2017
According to https://packages.gentoo.org/packages/media-libs/tiff, 4.0.7 is available on Gentoo, but I don't seem to be able to update to it using cros_portage_upgrade. Mike, any ideas? Feel free to reassign to me if this is actually possible with cros_portage_upgrade.
,
Mar 14 2017
it's due to EAPI=6. cros_portage_upgrade won't help atm :/.
,
Mar 14 2017
Alternatively, if I can follow instructions somewhere even without cros_portage_update, feel free to reassign to me too.
,
Mar 17 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/overlays/portage-stable/+/279cce86370f3172495df330d796b69ba0504194 commit 279cce86370f3172495df330d796b69ba0504194 Author: Mike Frysinger <vapier@chromium.org> Date: Fri Mar 17 03:30:48 2017 tiff: version bump to 4.0.7 BUG= chromium:689931 TEST=precq passes Change-Id: Ia227380eea0ca16ec23aee9c195f4519949607b9 Reviewed-on: https://chromium-review.googlesource.com/455156 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org> [modify] https://crrev.com/279cce86370f3172495df330d796b69ba0504194/media-libs/tiff/Manifest [rename] https://crrev.com/279cce86370f3172495df330d796b69ba0504194/media-libs/tiff/tiff-4.0.7.ebuild [delete] https://crrev.com/58ff61cf02b45842663b60722cea782c27af18db/media-libs/tiff/files/tiff-4.0.6-gif2tiff_removal.patch
,
Mar 17 2017
looks like the only exposure we have w/tiff in CrOS is via sane-backends as part of the lorgnette backend cherry picking back to R58 should be easy, and the ChangeLog for 4.0.6->4.0.7 doesn't look too bad. back to R57 might be more work as that's using tiff-4.0.3, but maybe we want to upgrade that to 4.0.7 too ?
,
Mar 17 2017
Please mark security bugs as fixed as soon as the fix lands, and before requesting merges. This update is based on the merge- labels applied to this issue. Please reopen if this update was incorrect. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Mar 18 2017
Your change meets the bar and is auto-approved for M58. Please go ahead and merge the CL to branch 3029 manually. Please contact milestone owner if you have questions. Owners: amineer@(Android), cmasso@(iOS), bhthompson@(ChromeOS), govind@(Desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Mar 18 2017
,
Mar 20 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/overlays/portage-stable/+/098a6c21ba556a65aa978866a636b2cb903cf8f7 commit 098a6c21ba556a65aa978866a636b2cb903cf8f7 Author: Mike Frysinger <vapier@chromium.org> Date: Mon Mar 20 01:28:59 2017 tiff: version bump to 4.0.7 BUG= chromium:689931 TEST=precq passes Change-Id: Ia227380eea0ca16ec23aee9c195f4519949607b9 Reviewed-on: https://chromium-review.googlesource.com/455156 (cherry picked from commit 279cce86370f3172495df330d796b69ba0504194) Reviewed-on: https://chromium-review.googlesource.com/456680 Commit-Queue: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org> [modify] https://crrev.com/098a6c21ba556a65aa978866a636b2cb903cf8f7/media-libs/tiff/Manifest [rename] https://crrev.com/098a6c21ba556a65aa978866a636b2cb903cf8f7/media-libs/tiff/tiff-4.0.7.ebuild [delete] https://crrev.com/c311cbc3ddddbba30f8f66ee4de4968042698a1e/media-libs/tiff/files/tiff-4.0.6-gif2tiff_removal.patch
,
Mar 21 2017
BTW, PDFium has a copy of libtiff and we are still carrying some patches against our copy of 4.0.7: https://pdfium-review.googlesource.com/3117
,
Mar 21 2017
Do you want to open a separate bug for that Lei? Or do you want to track it here?
,
Mar 21 2017
you're saying there's security fixes for 4.0.7 above what upstream has released ? or they're hardening changes we've done on the pdfium side beyond upstream ?
,
Mar 21 2017
Can you open a new bug? We haven't been the best about upstreaming fixes. Most of the patches carried in PDFium's libtiff are for memory leaks. The security bugs are 0006 for bug 618267 and 0017 for bug 681300 .
,
Mar 21 2017
Filed issue 703757
,
Mar 21 2017
Issue 688312 has been merged into this issue.
,
Mar 21 2017
Issue 688313 has been merged into this issue.
,
Jun 23 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jun 26 2017
,
Aug 1 2017
,
Jan 22 2018
,
Jun 21 2018
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by palmer@chromium.org
, Feb 8 2017Components: Internals>Plugins>PDF
Labels: -Pri-2 Security_Severity-Medium M-57 Security_Impact-Stable Pri-1
Owner: jorgelo@chromium.org
Status: Assigned (was: Untriaged)