Fix CVE-2023-6228

Resolves: RHEL-10084
2024-01-05 16:11:17 +01:00 · 2024-01-05 16:11:17 +01:00 · f228067521
commit f228067521
parent 30fe86fba4
2 changed files with 36 additions and 1 deletions
--- a/0022-CVE-2023-6228-Merge-branch-fix_606_tiffcp_check_also.patch
+++ b/0022-CVE-2023-6228-Merge-branch-fix_606_tiffcp_check_also.patch
@ -0,0 +1,30 @@
+From b57347d203cf577a3abb02cb62aee84b82903fcf Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Matej=20Mu=C5=BEila?= <mmuzila@redhat.com>
+Date: Thu, 23 Nov 2023 11:05:35 +0100
+Subject: [PATCH] (CVE-2023-6228) Merge branch
+ 'fix_606_tiffcp_check_also_input_compression_codec' into 'master'
+
+tiffcp: Fixes #606. Check also codec of input image, not only from output image.
+
+Closes #606
+
+See merge request libtiff/libtiff!533
+
+(cherry picked from commit 668d2c1a52fa48658bbf69615924b42b5a059f9e)
+---
+ tools/tiffcp.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/tools/tiffcp.c b/tools/tiffcp.c
+index 07ed0ebc..9973dd4e 100644
+--- a/tools/tiffcp.c
+++ b/tools/tiffcp.c
+@@ -732,6 +732,8 @@ tiffcp(TIFF* in, TIFF* out)
+ 	if( !TIFFIsCODECConfigured(compression) )
+ 		return FALSE;
+ 	TIFFGetFieldDefaulted(in, TIFFTAG_COMPRESSION, &input_compression);
+	if (!TIFFIsCODECConfigured(input_compression))
+		return FALSE;
+ 	TIFFGetFieldDefaulted(in, TIFFTAG_PHOTOMETRIC, &input_photometric);
+ 	if (input_compression == COMPRESSION_JPEG) {
+ 		/* Force conversion to RGB */
--- a/libtiff.spec
+++ b/libtiff.spec
@ -1,7 +1,7 @@
 Summary:       Library of functions for manipulating TIFF format image files
 Name:          libtiff
 Version:       4.4.0
-Release:       11%{?dist}
+Release:       12%{?dist}
 License:       libtiff
 URL:           http://www.simplesystems.org/libtiff/

@ -34,6 +34,7 @@ Patch0018: 0018-CVE-2023-3576-Fix-memory-leak-in-tiffcrop.c.patch
 Patch0019: 0019-CVE-2023-40090-Improved-IFD-Loop-Handling-fixes-455.patch
 Patch0020: 0020-CVE-2023-3618-tiffcrop-fix-553-by-considering-error-.patch
 Patch0021: 0021-CVE-2023-40745-CVE-2023-41175-raw2tiff-fix-integer-o.patch
+Patch0022: 0022-CVE-2023-6228-Merge-branch-fix_606_tiffcp_check_also.patch

 BuildRequires: gcc, gcc-c++
 BuildRequires: zlib-devel libjpeg-devel jbigkit-devel libzstd-devel libwebp-devel
@ -186,6 +187,10 @@ find html -name 'Makefile*' | xargs rm
 %{_mandir}/man1/*

 %changelog
+* Thu Nov 23 2023 Matej Mužila <mmuzila@redhat.com> - 4.4.0-12
+- Fix CVE-2023-6228
+- Resolves: RHEL-10084
+
 * Wed Oct 04 2023 Matej Mužila <mmuzila@redhat.com> - 4.4.0-11
 - Fix CVE-2023-40090 CVE-2023-3618 CVE-2023-40745 CVE-2023-41175
 - Resolves: RHEL-5458 RHEL-5455 RHEL-5405 RHEL-5450