From edd740bda32715bfefbae76b67121793b5ae9772 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Mu=C5=BEila?= Date: Fri, 5 Jan 2024 16:11:17 +0100 Subject: [PATCH] Fix CVE-2023-6228 --- .libtiff.metadata | 1 + ...rge-branch-fix_606_tiffcp_check_also.patch | 30 +++++++++++++++++++ libtiff.spec | 7 ++++- 3 files changed, 37 insertions(+), 1 deletion(-) create mode 100644 .libtiff.metadata create mode 100644 0022-CVE-2023-6228-Merge-branch-fix_606_tiffcp_check_also.patch diff --git a/.libtiff.metadata b/.libtiff.metadata new file mode 100644 index 0000000..750bf9d --- /dev/null +++ b/.libtiff.metadata @@ -0,0 +1 @@ +e11d05db71d243a62800b4bf4479eb4859714405 tiff-4.4.0.tar.gz diff --git a/0022-CVE-2023-6228-Merge-branch-fix_606_tiffcp_check_also.patch b/0022-CVE-2023-6228-Merge-branch-fix_606_tiffcp_check_also.patch new file mode 100644 index 0000000..c0c1e93 --- /dev/null +++ b/0022-CVE-2023-6228-Merge-branch-fix_606_tiffcp_check_also.patch @@ -0,0 +1,30 @@ +From b57347d203cf577a3abb02cb62aee84b82903fcf Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Matej=20Mu=C5=BEila?= +Date: Thu, 23 Nov 2023 11:05:35 +0100 +Subject: [PATCH] (CVE-2023-6228) Merge branch + 'fix_606_tiffcp_check_also_input_compression_codec' into 'master' + +tiffcp: Fixes #606. Check also codec of input image, not only from output image. + +Closes #606 + +See merge request libtiff/libtiff!533 + +(cherry picked from commit 668d2c1a52fa48658bbf69615924b42b5a059f9e) +--- + tools/tiffcp.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/tools/tiffcp.c b/tools/tiffcp.c +index 07ed0ebc..9973dd4e 100644 +--- a/tools/tiffcp.c ++++ b/tools/tiffcp.c +@@ -732,6 +732,8 @@ tiffcp(TIFF* in, TIFF* out) + if( !TIFFIsCODECConfigured(compression) ) + return FALSE; + TIFFGetFieldDefaulted(in, TIFFTAG_COMPRESSION, &input_compression); ++ if (!TIFFIsCODECConfigured(input_compression)) ++ return FALSE; + TIFFGetFieldDefaulted(in, TIFFTAG_PHOTOMETRIC, &input_photometric); + if (input_compression == COMPRESSION_JPEG) { + /* Force conversion to RGB */ diff --git a/libtiff.spec b/libtiff.spec index c9ee2fc..92c8d64 100644 --- a/libtiff.spec +++ b/libtiff.spec @@ -1,7 +1,7 @@ Summary: Library of functions for manipulating TIFF format image files Name: libtiff Version: 4.4.0 -Release: 11%{?dist} +Release: 12%{?dist} License: libtiff URL: http://www.simplesystems.org/libtiff/ @@ -34,6 +34,7 @@ Patch0018: 0018-CVE-2023-3576-Fix-memory-leak-in-tiffcrop.c.patch Patch0019: 0019-CVE-2023-40090-Improved-IFD-Loop-Handling-fixes-455.patch Patch0020: 0020-CVE-2023-3618-tiffcrop-fix-553-by-considering-error-.patch Patch0021: 0021-CVE-2023-40745-CVE-2023-41175-raw2tiff-fix-integer-o.patch +Patch0022: 0022-CVE-2023-6228-Merge-branch-fix_606_tiffcp_check_also.patch BuildRequires: gcc, gcc-c++ BuildRequires: zlib-devel libjpeg-devel jbigkit-devel libzstd-devel libwebp-devel @@ -186,6 +187,10 @@ find html -name 'Makefile*' | xargs rm %{_mandir}/man1/* %changelog +* Thu Nov 23 2023 Matej Mužila - 4.4.0-12 +- Fix CVE-2023-6228 +- Resolves: RHEL-10084 + * Wed Oct 04 2023 Matej Mužila - 4.4.0-11 - Fix CVE-2023-40090 CVE-2023-3618 CVE-2023-40745 CVE-2023-41175 - Resolves: RHEL-5458 RHEL-5455 RHEL-5405 RHEL-5450