diff options
author | Yi Zhao <yi.zhao@windriver.com> | 2016-08-10 15:11:18 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-09-23 23:22:03 +0100 |
commit | 7d403a2ecda3c923c95fbd558c55d677fce7fbc8 (patch) | |
tree | 9a50ad8082aa7fde109727c529dd1a33d6fe4e2b /meta/recipes-multimedia/libtiff | |
parent | 75e6b3b57b443b2dc39df5f19aafe4176c54e679 (diff) | |
download | poky-7d403a2ecda3c923c95fbd558c55d677fce7fbc8.tar.gz |
tiff: Security fix CVE-2016-3186
CVE-2016-3186 libtiff: buffer overflow in the readextension function in
gif2tiff.c allows remote attackers to cause a denial of service via a
crafted GIF file
External References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3186
https://bugzilla.redhat.com/show_bug.cgi?id=1319503
Patch from:
https://bugzilla.redhat.com/attachment.cgi?id=1144235&action=diff
(From OE-Core rev: b4471e7264538b3577808fae5e78f42c0d31e195)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 3d818fc862b1d85252443fefa2222262542a10ae)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-multimedia/libtiff')
-rw-r--r-- | meta/recipes-multimedia/libtiff/files/CVE-2016-3186.patch | 24 | ||||
-rw-r--r-- | meta/recipes-multimedia/libtiff/tiff_4.0.4.bb | 1 |
2 files changed, 25 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2016-3186.patch b/meta/recipes-multimedia/libtiff/files/CVE-2016-3186.patch new file mode 100644 index 0000000000..4a08aba211 --- /dev/null +++ b/meta/recipes-multimedia/libtiff/files/CVE-2016-3186.patch | |||
@@ -0,0 +1,24 @@ | |||
1 | Buffer overflow in the readextension function in gif2tiff.c | ||
2 | allows remote attackers to cause a denial of service via a crafted GIF file. | ||
3 | |||
4 | External References: | ||
5 | https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3186 | ||
6 | https://bugzilla.redhat.com/show_bug.cgi?id=1319503 | ||
7 | |||
8 | CVE: CVE-2016-3186 | ||
9 | Upstream-Status: Backport (RedHat) | ||
10 | https://bugzilla.redhat.com/attachment.cgi?id=1144235&action=diff | ||
11 | |||
12 | Signed-off-by: Yi Zhao <yi.zhao@windirver.com> | ||
13 | |||
14 | --- tiff-4.0.6/tools/gif2tiff.c 2016-04-06 15:43:01.586048341 +0200 | ||
15 | +++ tiff-4.0.6/tools/gif2tiff.c 2016-04-06 15:48:05.523207710 +0200 | ||
16 | @@ -349,7 +349,7 @@ | ||
17 | int status = 1; | ||
18 | |||
19 | (void) getc(infile); | ||
20 | - while ((count = getc(infile)) && count <= 255) | ||
21 | + while ((count = getc(infile)) && count >= 0 && count <= 255) | ||
22 | if (fread(buf, 1, count, infile) != (size_t) count) { | ||
23 | fprintf(stderr, "short read from file %s (%s)\n", | ||
24 | filename, strerror(errno)); | ||
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.0.4.bb b/meta/recipes-multimedia/libtiff/tiff_4.0.4.bb index 69bcb2c930..c32eeb0ab5 100644 --- a/meta/recipes-multimedia/libtiff/tiff_4.0.4.bb +++ b/meta/recipes-multimedia/libtiff/tiff_4.0.4.bb | |||
@@ -8,6 +8,7 @@ SRC_URI = "ftp://ftp.remotesensing.org/pub/libtiff/tiff-${PV}.tar.gz \ | |||
8 | file://CVE-2015-8781.patch \ | 8 | file://CVE-2015-8781.patch \ |
9 | file://CVE-2015-8784.patch \ | 9 | file://CVE-2015-8784.patch \ |
10 | file://CVE-2015-8665_8683.patch \ | 10 | file://CVE-2015-8665_8683.patch \ |
11 | file://CVE-2016-3186.patch \ | ||
11 | " | 12 | " |
12 | 13 | ||
13 | SRC_URI[md5sum] = "9aee7107408a128c0c7b24286c0db900" | 14 | SRC_URI[md5sum] = "9aee7107408a128c0c7b24286c0db900" |