[Touch-packages] [Bug 1998444] [NEW] Backport security fix for CVE-2022-3970

Rico Tzschichholz Wed, 30 Nov 2022 22:55:49 -0800

Public bug reported:

This CVE patch is desperately needed to fix a build failure caused by a
crash in the testsuite of the current libreoffice/kinetic SRU


Testing load 
file:///<<PKGBUILDDIR>>//vcl/qa/cppunit/graphicfilter/data/tiff/fail/CVE-2017-9936-1.tiff:
*** stack smashing detected ***: terminated

Fatal exception: Signal 6
Stack:
/<<PKGBUILDDIR>>/instdir/program/libuno_sal.so.3(+0x417b2)[0x7fd45563a7b2]
/<<PKGBUILDDIR>>/instdir/program/libuno_sal.so.3(+0x4196a)[0x7fd45563a96a]
/lib/x86_64-linux-gnu/libc.so.6(+0x3bcf0)[0x7fd4550facf0]
/lib/x86_64-linux-gnu/libc.so.6(pthread_kill+0x11b)[0x7fd45515126b]
/lib/x86_64-linux-gnu/libc.so.6(gsignal+0x16)[0x7fd4550fac46]
/lib/x86_64-linux-gnu/libc.so.6(abort+0xd7)[0x7fd4550e17fc]
/lib/x86_64-linux-gnu/libc.so.6(+0x850be)[0x7fd4551440be]
/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x2a)[0x7fd4551ee66a]
/lib/x86_64-linux-gnu/libc.so.6(+0x12f636)[0x7fd4551ee636]
/lib/x86_64-linux-gnu/libtiff.so.5(+0x34386)[0x7fd44e8a3386]
/lib/x86_64-linux-gnu/libtiff.so.5(_TIFFReadEncodedStripAndAllocBuffer+0xcc)[0x7fd44e8bc1cc]
/lib/x86_64-linux-gnu/libtiff.so.5(+0x300e1)[0x7fd44e89f0e1]
/lib/x86_64-linux-gnu/libtiff.so.5(TIFFReadRGBAImageOriented+0x100)[0x7fd44e8a2c10]
/<<PKGBUILDDIR>>/instdir/program/libmergedlo.so(_Z23ImportTiffGraphicImportR8SvStreamR7Graphic+0x237)[0x7fd45367b357]
/<<PKGBUILDDIR>>/workdir/LinkTarget/CppunitTest/libtest_vcl_filters_test.so(+0x1be0d)[0x7fd44a1a1e0d]
/<<PKGBUILDDIR>>/workdir/LinkTarget/CppunitTest/../Library/libunotest.so(_ZN4test11FiltersTest13recursiveScanENS_12filterStatusERKN3rtl8OUStringES5_S5_14SfxFilterFlags20SotClipboardFormatIdjb+0x679)[0x7fd44a142479]
/<<PKGBUILDDIR>>/workdir/LinkTarget/CppunitTest/../Library/libunotest.so(_ZN4test11FiltersTest7testDirERKN3rtl8OUStringESt17basic_string_viewIDsSt11char_traitsIDsEES4_14SfxFilterFlags20SotClipboardFormatIdjb+0xd6)[0x7fd44a142fe6]
/<<PKGBUILDDIR>>/workdir/LinkTarget/CppunitTest/libtest_vcl_filters_test.so(+0x1bc7b)[0x7fd44a1a1c7b]
/lib/x86_64-linux-gnu/libcppunit-1.15.so.1(+0x1e4e6)[0x7fd4556844e6]
/<<PKGBUILDDIR>>/workdir/LinkTarget/Library/unoexceptionprotector.so(+0x2835)[0x7fd4556ac835]
/lib/x86_64-linux-gnu/libcppunit-1.15.so.1(_ZN7CppUnit16DefaultProtector7protectERKNS_7FunctorERKNS_16ProtectorContextE+0x34)[0x7fd455684434]
/lib/x86_64-linux-gnu/libcppunit-1.15.so.1(_ZN7CppUnit14ProtectorChain7protectERKNS_7FunctorERKNS_16ProtectorContextE+0x3b0)[0x7fd45567ea50]
/lib/x86_64-linux-gnu/libcppunit-1.15.so.1(_ZN7CppUnit10TestResult7protectERKNS_7FunctorEPNS_4TestERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE+0x63)[0x7fd455685be3]
/lib/x86_64-linux-gnu/libcppunit-1.15.so.1(_ZN7CppUnit8TestCase3runEPNS_10TestResultE+0x124)[0x7fd45568eb24]
/lib/x86_64-linux-gnu/libcppunit-1.15.so.1(_ZN7CppUnit13TestComposite15doRunChildTestsEPNS_10TestResultE+0x9d)[0x7fd45568484d]
/lib/x86_64-linux-gnu/libcppunit-1.15.so.1(_ZN7CppUnit13TestComposite3runEPNS_10TestResultE+0x3d)[0x7fd45568465d]
/lib/x86_64-linux-gnu/libcppunit-1.15.so.1(_ZN7CppUnit13TestComposite15doRunChildTestsEPNS_10TestResultE+0x9d)[0x7fd45568484d]
/lib/x86_64-linux-gnu/libcppunit-1.15.so.1(_ZN7CppUnit13TestComposite3runEPNS_10TestResultE+0x3d)[0x7fd45568465d]
/lib/x86_64-linux-gnu/libcppunit-1.15.so.1(_ZN7CppUnit10TestResult7runTestEPNS_4TestE+0x27)[0x7fd455685077]
/lib/x86_64-linux-gnu/libcppunit-1.15.so.1(_ZN7CppUnit10TestRunner3runERNS_10TestResultERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE+0x55)[0x7fd45568b6a5]
/<<PKGBUILDDIR>>/workdir/LinkTarget/Executable/cppunittester(+0x711c)[0x55d4d4a1411c]
/<<PKGBUILDDIR>>/workdir/LinkTarget/Executable/cppunittester(+0x7c07)[0x55d4d4a14c07]
/<<PKGBUILDDIR>>/workdir/LinkTarget/Executable/cppunittester(+0x537f)[0x55d4d4a1237f]
/lib/x86_64-linux-gnu/libc.so.6(+0x23510)[0x7fd4550e2510]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0x89)[0x7fd4550e25c9]
/<<PKGBUILDDIR>>/workdir/LinkTarget/Executable/cppunittester(+0x53c5)[0x55d4d4a123c5]
Aborted (core dumped)
make[4]: *** [/<<PKGBUILDDIR>>/solenv/gbuild/CppunitTest.mk:121: 
/<<PKGBUILDDIR>>/workdir/CppunitTest/vcl_filters_test.test] Error 134


For the log of the failed amd64 kinetic archive build, see
https://launchpad.net/ubuntu/+source/libreoffice/1:7.4.3-0ubuntu0.22.10.1/+build/24883181

For the log of the successful amd64 kinetic PPA build with the updated tiff 
present, see
https://launchpad.net/~libreoffice/+archive/ubuntu/experimental/+build/24886085


Lunar already includes this fix with the last merge from debian
https://launchpad.net/ubuntu/+source/tiff/4.4.0-6ubuntu1

Presumably this fix is required for all supported stable releases.

** Affects: tiff (Ubuntu)
     Importance: Critical
         Status: New

** Affects: tiff (Ubuntu Bionic)
     Importance: Undecided
         Status: New

** Affects: tiff (Ubuntu Focal)
     Importance: Undecided
         Status: New

** Affects: tiff (Ubuntu Jammy)
     Importance: Undecided
         Status: New

** Affects: tiff (Ubuntu Kinetic)
     Importance: Critical
         Status: New

** Patch added: "tiff_4.4.0-4ubuntu3.2.debdiff"
   https://bugs.launchpad.net/bugs/1998444/+attachment/5633646/+files/diff

** Also affects: tiff (Ubuntu Bionic)
   Importance: Undecided
       Status: New

** Also affects: tiff (Ubuntu Kinetic)
   Importance: Undecided
       Status: New

** Also affects: tiff (Ubuntu Jammy)
   Importance: Undecided
       Status: New

** Also affects: tiff (Ubuntu Focal)
   Importance: Undecided
       Status: New

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-3970

** Changed in: tiff (Ubuntu Kinetic)
   Importance: Undecided => Critical

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to tiff in Ubuntu.
https://bugs.launchpad.net/bugs/1998444

Title:
  Backport security fix for CVE-2022-3970

Status in tiff package in Ubuntu:
  New
Status in tiff source package in Bionic:
  New
Status in tiff source package in Focal:
  New
Status in tiff source package in Jammy:
  New
Status in tiff source package in Kinetic:
  New

Bug description:
  This CVE patch is desperately needed to fix a build failure caused by
  a crash in the testsuite of the current libreoffice/kinetic SRU

  Testing load 
file:///<<PKGBUILDDIR>>//vcl/qa/cppunit/graphicfilter/data/tiff/fail/CVE-2017-9936-1.tiff:
  *** stack smashing detected ***: terminated

  Fatal exception: Signal 6
  Stack:
  /<<PKGBUILDDIR>>/instdir/program/libuno_sal.so.3(+0x417b2)[0x7fd45563a7b2]
  /<<PKGBUILDDIR>>/instdir/program/libuno_sal.so.3(+0x4196a)[0x7fd45563a96a]
  /lib/x86_64-linux-gnu/libc.so.6(+0x3bcf0)[0x7fd4550facf0]
  /lib/x86_64-linux-gnu/libc.so.6(pthread_kill+0x11b)[0x7fd45515126b]
  /lib/x86_64-linux-gnu/libc.so.6(gsignal+0x16)[0x7fd4550fac46]
  /lib/x86_64-linux-gnu/libc.so.6(abort+0xd7)[0x7fd4550e17fc]
  /lib/x86_64-linux-gnu/libc.so.6(+0x850be)[0x7fd4551440be]
  /lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x2a)[0x7fd4551ee66a]
  /lib/x86_64-linux-gnu/libc.so.6(+0x12f636)[0x7fd4551ee636]
  /lib/x86_64-linux-gnu/libtiff.so.5(+0x34386)[0x7fd44e8a3386]
  
/lib/x86_64-linux-gnu/libtiff.so.5(_TIFFReadEncodedStripAndAllocBuffer+0xcc)[0x7fd44e8bc1cc]
  /lib/x86_64-linux-gnu/libtiff.so.5(+0x300e1)[0x7fd44e89f0e1]
  
/lib/x86_64-linux-gnu/libtiff.so.5(TIFFReadRGBAImageOriented+0x100)[0x7fd44e8a2c10]
  
/<<PKGBUILDDIR>>/instdir/program/libmergedlo.so(_Z23ImportTiffGraphicImportR8SvStreamR7Graphic+0x237)[0x7fd45367b357]
  
/<<PKGBUILDDIR>>/workdir/LinkTarget/CppunitTest/libtest_vcl_filters_test.so(+0x1be0d)[0x7fd44a1a1e0d]
  
/<<PKGBUILDDIR>>/workdir/LinkTarget/CppunitTest/../Library/libunotest.so(_ZN4test11FiltersTest13recursiveScanENS_12filterStatusERKN3rtl8OUStringES5_S5_14SfxFilterFlags20SotClipboardFormatIdjb+0x679)[0x7fd44a142479]
  
/<<PKGBUILDDIR>>/workdir/LinkTarget/CppunitTest/../Library/libunotest.so(_ZN4test11FiltersTest7testDirERKN3rtl8OUStringESt17basic_string_viewIDsSt11char_traitsIDsEES4_14SfxFilterFlags20SotClipboardFormatIdjb+0xd6)[0x7fd44a142fe6]
  
/<<PKGBUILDDIR>>/workdir/LinkTarget/CppunitTest/libtest_vcl_filters_test.so(+0x1bc7b)[0x7fd44a1a1c7b]
  /lib/x86_64-linux-gnu/libcppunit-1.15.so.1(+0x1e4e6)[0x7fd4556844e6]
  
/<<PKGBUILDDIR>>/workdir/LinkTarget/Library/unoexceptionprotector.so(+0x2835)[0x7fd4556ac835]
  
/lib/x86_64-linux-gnu/libcppunit-1.15.so.1(_ZN7CppUnit16DefaultProtector7protectERKNS_7FunctorERKNS_16ProtectorContextE+0x34)[0x7fd455684434]
  
/lib/x86_64-linux-gnu/libcppunit-1.15.so.1(_ZN7CppUnit14ProtectorChain7protectERKNS_7FunctorERKNS_16ProtectorContextE+0x3b0)[0x7fd45567ea50]
  
/lib/x86_64-linux-gnu/libcppunit-1.15.so.1(_ZN7CppUnit10TestResult7protectERKNS_7FunctorEPNS_4TestERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE+0x63)[0x7fd455685be3]
  
/lib/x86_64-linux-gnu/libcppunit-1.15.so.1(_ZN7CppUnit8TestCase3runEPNS_10TestResultE+0x124)[0x7fd45568eb24]
  
/lib/x86_64-linux-gnu/libcppunit-1.15.so.1(_ZN7CppUnit13TestComposite15doRunChildTestsEPNS_10TestResultE+0x9d)[0x7fd45568484d]
  
/lib/x86_64-linux-gnu/libcppunit-1.15.so.1(_ZN7CppUnit13TestComposite3runEPNS_10TestResultE+0x3d)[0x7fd45568465d]
  
/lib/x86_64-linux-gnu/libcppunit-1.15.so.1(_ZN7CppUnit13TestComposite15doRunChildTestsEPNS_10TestResultE+0x9d)[0x7fd45568484d]
  
/lib/x86_64-linux-gnu/libcppunit-1.15.so.1(_ZN7CppUnit13TestComposite3runEPNS_10TestResultE+0x3d)[0x7fd45568465d]
  
/lib/x86_64-linux-gnu/libcppunit-1.15.so.1(_ZN7CppUnit10TestResult7runTestEPNS_4TestE+0x27)[0x7fd455685077]
  
/lib/x86_64-linux-gnu/libcppunit-1.15.so.1(_ZN7CppUnit10TestRunner3runERNS_10TestResultERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE+0x55)[0x7fd45568b6a5]
  
/<<PKGBUILDDIR>>/workdir/LinkTarget/Executable/cppunittester(+0x711c)[0x55d4d4a1411c]
  
/<<PKGBUILDDIR>>/workdir/LinkTarget/Executable/cppunittester(+0x7c07)[0x55d4d4a14c07]
  
/<<PKGBUILDDIR>>/workdir/LinkTarget/Executable/cppunittester(+0x537f)[0x55d4d4a1237f]
  /lib/x86_64-linux-gnu/libc.so.6(+0x23510)[0x7fd4550e2510]
  /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0x89)[0x7fd4550e25c9]
  
/<<PKGBUILDDIR>>/workdir/LinkTarget/Executable/cppunittester(+0x53c5)[0x55d4d4a123c5]
  Aborted (core dumped)
  make[4]: *** [/<<PKGBUILDDIR>>/solenv/gbuild/CppunitTest.mk:121: 
/<<PKGBUILDDIR>>/workdir/CppunitTest/vcl_filters_test.test] Error 134

  
  For the log of the failed amd64 kinetic archive build, see
  
https://launchpad.net/ubuntu/+source/libreoffice/1:7.4.3-0ubuntu0.22.10.1/+build/24883181

  For the log of the successful amd64 kinetic PPA build with the updated tiff 
present, see
  
https://launchpad.net/~libreoffice/+archive/ubuntu/experimental/+build/24886085


  Lunar already includes this fix with the last merge from debian
  https://launchpad.net/ubuntu/+source/tiff/4.4.0-6ubuntu1

  Presumably this fix is required for all supported stable releases.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/1998444/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1998444] [NEW] Backport security fix for CVE-2022-3970

Reply via email to