The fix for CVE-2022-3970 has been released in the following versions:
Ubuntu 22.10: 4.4.0-4ubuntu3.2
Ubuntu 22.04 LTS: 4.3.0-6ubuntu0.3
Ubuntu 20.04 LTS: 4.1.0+git191117-2ubuntu0.20.04.7
Ubuntu 18.04 LTS: 4.0.9-5ubuntu0.9
** Changed in: tiff (Ubuntu)
Status: In Progress => Fix Released
** Changed in: tiff (Ubuntu Bionic)
Status: New => Fix Released
** Changed in: tiff (Ubuntu Focal)
Status: New => Fix Released
** Changed in: tiff (Ubuntu Jammy)
Status: New => Fix Released
** Changed in: tiff (Ubuntu Kinetic)
Status: New => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to tiff in Ubuntu.
https://bugs.launchpad.net/bugs/1998444
Title:
Backport security fix for CVE-2022-3970
Status in tiff package in Ubuntu:
Fix Released
Status in tiff source package in Bionic:
Fix Released
Status in tiff source package in Focal:
Fix Released
Status in tiff source package in Jammy:
Fix Released
Status in tiff source package in Kinetic:
Fix Released
Bug description:
This CVE patch is desperately needed to fix a build failure caused by
a crash in the testsuite of the current libreoffice/kinetic SRU
Testing load
file:///<<PKGBUILDDIR>>//vcl/qa/cppunit/graphicfilter/data/tiff/fail/CVE-2017-9936-1.tiff:
*** stack smashing detected ***: terminated
Fatal exception: Signal 6
Stack:
/<<PKGBUILDDIR>>/instdir/program/libuno_sal.so.3(+0x417b2)[0x7fd45563a7b2]
/<<PKGBUILDDIR>>/instdir/program/libuno_sal.so.3(+0x4196a)[0x7fd45563a96a]
/lib/x86_64-linux-gnu/libc.so.6(+0x3bcf0)[0x7fd4550facf0]
/lib/x86_64-linux-gnu/libc.so.6(pthread_kill+0x11b)[0x7fd45515126b]
/lib/x86_64-linux-gnu/libc.so.6(gsignal+0x16)[0x7fd4550fac46]
/lib/x86_64-linux-gnu/libc.so.6(abort+0xd7)[0x7fd4550e17fc]
/lib/x86_64-linux-gnu/libc.so.6(+0x850be)[0x7fd4551440be]
/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x2a)[0x7fd4551ee66a]
/lib/x86_64-linux-gnu/libc.so.6(+0x12f636)[0x7fd4551ee636]
/lib/x86_64-linux-gnu/libtiff.so.5(+0x34386)[0x7fd44e8a3386]
/lib/x86_64-linux-gnu/libtiff.so.5(_TIFFReadEncodedStripAndAllocBuffer+0xcc)[0x7fd44e8bc1cc]
/lib/x86_64-linux-gnu/libtiff.so.5(+0x300e1)[0x7fd44e89f0e1]
/lib/x86_64-linux-gnu/libtiff.so.5(TIFFReadRGBAImageOriented+0x100)[0x7fd44e8a2c10]
/<<PKGBUILDDIR>>/instdir/program/libmergedlo.so(_Z23ImportTiffGraphicImportR8SvStreamR7Graphic+0x237)[0x7fd45367b357]
/<<PKGBUILDDIR>>/workdir/LinkTarget/CppunitTest/libtest_vcl_filters_test.so(+0x1be0d)[0x7fd44a1a1e0d]
/<<PKGBUILDDIR>>/workdir/LinkTarget/CppunitTest/../Library/libunotest.so(_ZN4test11FiltersTest13recursiveScanENS_12filterStatusERKN3rtl8OUStringES5_S5_14SfxFilterFlags20SotClipboardFormatIdjb+0x679)[0x7fd44a142479]
/<<PKGBUILDDIR>>/workdir/LinkTarget/CppunitTest/../Library/libunotest.so(_ZN4test11FiltersTest7testDirERKN3rtl8OUStringESt17basic_string_viewIDsSt11char_traitsIDsEES4_14SfxFilterFlags20SotClipboardFormatIdjb+0xd6)[0x7fd44a142fe6]
/<<PKGBUILDDIR>>/workdir/LinkTarget/CppunitTest/libtest_vcl_filters_test.so(+0x1bc7b)[0x7fd44a1a1c7b]
/lib/x86_64-linux-gnu/libcppunit-1.15.so.1(+0x1e4e6)[0x7fd4556844e6]
/<<PKGBUILDDIR>>/workdir/LinkTarget/Library/unoexceptionprotector.so(+0x2835)[0x7fd4556ac835]
/lib/x86_64-linux-gnu/libcppunit-1.15.so.1(_ZN7CppUnit16DefaultProtector7protectERKNS_7FunctorERKNS_16ProtectorContextE+0x34)[0x7fd455684434]
/lib/x86_64-linux-gnu/libcppunit-1.15.so.1(_ZN7CppUnit14ProtectorChain7protectERKNS_7FunctorERKNS_16ProtectorContextE+0x3b0)[0x7fd45567ea50]
/lib/x86_64-linux-gnu/libcppunit-1.15.so.1(_ZN7CppUnit10TestResult7protectERKNS_7FunctorEPNS_4TestERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE+0x63)[0x7fd455685be3]
/lib/x86_64-linux-gnu/libcppunit-1.15.so.1(_ZN7CppUnit8TestCase3runEPNS_10TestResultE+0x124)[0x7fd45568eb24]
/lib/x86_64-linux-gnu/libcppunit-1.15.so.1(_ZN7CppUnit13TestComposite15doRunChildTestsEPNS_10TestResultE+0x9d)[0x7fd45568484d]
/lib/x86_64-linux-gnu/libcppunit-1.15.so.1(_ZN7CppUnit13TestComposite3runEPNS_10TestResultE+0x3d)[0x7fd45568465d]
/lib/x86_64-linux-gnu/libcppunit-1.15.so.1(_ZN7CppUnit13TestComposite15doRunChildTestsEPNS_10TestResultE+0x9d)[0x7fd45568484d]
/lib/x86_64-linux-gnu/libcppunit-1.15.so.1(_ZN7CppUnit13TestComposite3runEPNS_10TestResultE+0x3d)[0x7fd45568465d]
/lib/x86_64-linux-gnu/libcppunit-1.15.so.1(_ZN7CppUnit10TestResult7runTestEPNS_4TestE+0x27)[0x7fd455685077]
/lib/x86_64-linux-gnu/libcppunit-1.15.so.1(_ZN7CppUnit10TestRunner3runERNS_10TestResultERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE+0x55)[0x7fd45568b6a5]
/<<PKGBUILDDIR>>/workdir/LinkTarget/Executable/cppunittester(+0x711c)[0x55d4d4a1411c]
/<<PKGBUILDDIR>>/workdir/LinkTarget/Executable/cppunittester(+0x7c07)[0x55d4d4a14c07]
/<<PKGBUILDDIR>>/workdir/LinkTarget/Executable/cppunittester(+0x537f)[0x55d4d4a1237f]
/lib/x86_64-linux-gnu/libc.so.6(+0x23510)[0x7fd4550e2510]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0x89)[0x7fd4550e25c9]
/<<PKGBUILDDIR>>/workdir/LinkTarget/Executable/cppunittester(+0x53c5)[0x55d4d4a123c5]
Aborted (core dumped)
make[4]: *** [/<<PKGBUILDDIR>>/solenv/gbuild/CppunitTest.mk:121:
/<<PKGBUILDDIR>>/workdir/CppunitTest/vcl_filters_test.test] Error 134
For the log of the failed amd64 kinetic archive build, see
https://launchpad.net/ubuntu/+source/libreoffice/1:7.4.3-0ubuntu0.22.10.1/+build/24883181
For the log of the successful amd64 kinetic PPA build with the updated tiff
present, see
https://launchpad.net/~libreoffice/+archive/ubuntu/experimental/+build/24886085
Lunar already includes this fix with the last merge from debian
https://launchpad.net/ubuntu/+source/tiff/4.4.0-6ubuntu1
Presumably this fix is required for all supported stable releases.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/1998444/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
