Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
news

[Security Announce] [ MDVSA-2009:150 ] libtiff

By news, in Upcoming News

Recommended Posts

news    28

news
Posted

This is a multi-part message in MIME format...

 

------------=_1247517931-13155-248

 

 

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

_______________________________________________________________________

 

Mandriva Linux Security Advisory MDVSA-2009:150

http://www.mandriva.com/security/

_______________________________________________________________________

 

Package : libtiff

Date : July 13, 2009

Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0,

Multi Network Firewall 2.0

_______________________________________________________________________

 

Problem Description:

 

Multiple vulnerabilities has been found and corrected in libtiff:

 

Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2

allows context-dependent attackers to cause a denial of service (crash)

via a crafted TIFF image, a different vulnerability than CVE-2008-2327

(CVE-2009-2285).

 

Fix several places in tiff2rgba and rgb2ycbcr that were being careless

about possible integer overflow in calculation of buffer sizes

(CVE-2009-2347).

 

This update provides fixes for these vulnerabilities.

_______________________________________________________________________

 

References:

 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2285

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2347

_______________________________________________________________________

 

Updated Packages:

 

Mandriva Linux 2008.1:

7c56d843d17efce1717654ceb4efe3e1 2008.1/i586/libtiff3-3.8.2-10.2mdv2008.1.i586.rpm

9d02ed754eafe7a33b2fb4b5a8e7b1d1 2008.1/i586/libtiff3-devel-3.8.2-10.2mdv2008.1.i586.rpm

619b12e1013c645db1aca659b1ea6805 2008.1/i586/libtiff3-static-devel-3.8.2-10.2mdv2008.1.i586.rpm

5d94641411d637493e7e413045fa82a9 2008.1/i586/libtiff-progs-3.8.2-10.2mdv2008.1.i586.rpm

73795a036f1b81ca0c1233df6f7d8fad 2008.1/SRPMS/libtiff-3.8.2-10.2mdv2008.1.src.rpm

 

Mandriva Linux 2008.1/X86_64:

52e0eb4a0230bbdb245b787ba53c0903 2008.1/x86_64/lib64tiff3-3.8.2-10.2mdv2008.1.x86_64.rpm

147525496bca6fcee3a741f2350e8441 2008.1/x86_64/lib64tiff3-devel-3.8.2-10.2mdv2008.1.x86_64.rpm

c4ed6f9405dcb64edfebba00272f7596 2008.1/x86_64/lib64tiff3-static-devel-3.8.2-10.2mdv2008.1.x86_64.rpm

0844ecf1e6941fbde9fc358e34a3136e 2008.1/x86_64/libtiff-progs-3.8.2-10.2mdv2008.1.x86_64.rpm

73795a036f1b81ca0c1233df6f7d8fad 2008.1/SRPMS/libtiff-3.8.2-10.2mdv2008.1.src.rpm

 

Mandriva Linux 2009.0:

75efa7472bffceaecb10016c22621de7 2009.0/i586/libtiff3-3.8.2-12.1mdv2009.0.i586.rpm

aa82f5e49bb942688cbc85d55318b290 2009.0/i586/libtiff3-devel-3.8.2-12.1mdv2009.0.i586.rpm

0a93799b79a70ab2a900d12030907e78 2009.0/i586/libtiff3-static-devel-3.8.2-12.1mdv2009.0.i586.rpm

efe9ac463f0b551859c8349c8c63e288 2009.0/i586/libtiff-progs-3.8.2-12.1mdv2009.0.i586.rpm

52799196d155f1582dbf5a76ffd93e0e 2009.0/SRPMS/libtiff-3.8.2-12.1mdv2009.0.src.rpm

 

Mandriva Linux 2009.0/X86_64:

89138d743bbf89abf1f0f879bc2ed829 2009.0/x86_64/lib64tiff3-3.8.2-12.1mdv2009.0.x86_64.rpm

f5f55f26af4641878dc3a057a764f83a 2009.0/x86_64/lib64tiff3-devel-3.8.2-12.1mdv2009.0.x86_64.rpm

5a99217d3a034504b4fc4d120764d793 2009.0/x86_64/lib64tiff3-static-devel-3.8.2-12.1mdv2009.0.x86_64.rpm

5abd09147419ec5b4008306a424c22d8 2009.0/x86_64/libtiff-progs-3.8.2-12.1mdv2009.0.x86_64.rpm

52799196d155f1582dbf5a76ffd93e0e 2009.0/SRPMS/libtiff-3.8.2-12.1mdv2009.0.src.rpm

 

Mandriva Linux 2009.1:

0a1eace7d782a42df040267874fed9f1 2009.1/i586/libtiff3-3.8.2-13.1mdv2009.1.i586.rpm

7dd6bd104131b115130e6feeba9d4766 2009.1/i586/libtiff3-devel-3.8.2-13.1mdv2009.1.i586.rpm

32658d8a98def2e32a757bfb6ea64d28 2009.1/i586/libtiff3-static-devel-3.8.2-13.1mdv2009.1.i586.rpm

53d18d66fc849a6128e5961d95892e7c 2009.1/i586/libtiff-progs-3.8.2-13.1mdv2009.1.i586.rpm

27b6b2d285832c2ab5e8a2c25a6102b3 2009.1/SRPMS/libtiff-3.8.2-13.1mdv2009.1.src.rpm

 

Mandriva Linux 2009.1/X86_64:

26516d312785c5f9e2a5f37e1651ffbb 2009.1/x86_64/lib64tiff3-3.8.2-13.1mdv2009.1.x86_64.rpm

91e72dcc4d1866b7978dfcd493393d2e 2009.1/x86_64/lib64tiff3-devel-3.8.2-13.1mdv2009.1.x86_64.rpm

9a4d6177df03395106d00e7f8a009e2b 2009.1/x86_64/lib64tiff3-static-devel-3.8.2-13.1mdv2009.1.x86_64.rpm

b0cffa6ebb21e850847089cad50f1e7a 2009.1/x86_64/libtiff-progs-3.8.2-13.1mdv2009.1.x86_64.rpm

27b6b2d285832c2ab5e8a2c25a6102b3 2009.1/SRPMS/libtiff-3.8.2-13.1mdv2009.1.src.rpm

 

Corporate 3.0:

5e5facf365d83f647ba3b1c0afecb8c8 corporate/3.0/i586/libtiff3-3.5.7-11.15.C30mdk.i586.rpm

288ab11a153d4df48c4fadadfab0b653 corporate/3.0/i586/libtiff3-devel-3.5.7-11.15.C30mdk.i586.rpm

0fa52891fc9cafff6d4b6de9d8a23262 corporate/3.0/i586/libtiff3-static-devel-3.5.7-11.15.C30mdk.i586.rpm

c4ba5b9ab1caf7cff8addc84d778f4d4 corporate/3.0/i586/libtiff-progs-3.5.7-11.15.C30mdk.i586.rpm

72c81050e7296c63de08282f2f369283 corporate/3.0/SRPMS/libtiff-3.5.7-11.15.C30mdk.src.rpm

 

Corporate 3.0/X86_64:

092479cb8de7b269197d06595b68f71c corporate/3.0/x86_64/lib64tiff3-3.5.7-11.15.C30mdk.x86_64.rpm

ea7f46c3e639d24f40449b599f5b2382 corporate/3.0/x86_64/lib64tiff3-devel-3.5.7-11.15.C30mdk.x86_64.rpm

b414cd225488b9a68bbfc611fc72924f corporate/3.0/x86_64/lib64tiff3-static-devel-3.5.7-11.15.C30mdk.x86_64.rpm

9f008c60f557b086915e65e78a56ecfd corporate/3.0/x86_64/libtiff-progs-3.5.7-11.15.C30mdk.x86_64.rpm

72c81050e7296c63de08282f2f369283 corporate/3.0/SRPMS/libtiff-3.5.7-11.15.C30mdk.src.rpm

 

Corporate 4.0:

25cd088ef8715634db5dedd68611125e corporate/4.0/i586/libtiff3-3.6.1-12.8.20060mlcs4.i586.rpm

e0df8bc6f18fa4e8585734a1541e6849 corporate/4.0/i586/libtiff3-devel-3.6.1-12.8.20060mlcs4.i586.rpm

b44feabddefea2f192782b6ae313045c corporate/4.0/i586/libtiff3-static-devel-3.6.1-12.8.20060mlcs4.i586.rpm

8beb0af53dd07fb685c61a507dda9a00 corporate/4.0/i586/libtiff-progs-3.6.1-12.8.20060mlcs4.i586.rpm

b205c0dc185b0a55bd5521d3f6e416f0 corporate/4.0/SRPMS/libtiff-3.6.1-12.8.20060mlcs4.src.rpm

 

Corporate 4.0/X86_64:

36e6479eacb594dfbb34deff16b99ba5 corporate/4.0/x86_64/lib64tiff3-3.6.1-12.8.20060mlcs4.x86_64.rpm

0c37e2b3981cb44f25734ad4903aad11 corporate/4.0/x86_64/lib64tiff3-devel-3.6.1-12.8.20060mlcs4.x86_64.rpm

08a1408d4aef9a858900c2e7444d2b66 corporate/4.0/x86_64/lib64tiff3-static-devel-3.6.1-12.8.20060mlcs4.x86_64.rpm

ff20e3e86ddb53df420bb3ce78f894ac corporate/4.0/x86_64/libtiff-progs-3.6.1-12.8.20060mlcs4.x86_64.rpm

b205c0dc185b0a55bd5521d3f6e416f0 corporate/4.0/SRPMS/libtiff-3.6.1-12.8.20060mlcs4.src.rpm

 

Multi Network Firewall 2.0:

134c05da89014e53836b7e6a230a766d mnf/2.0/i586/libtiff3-3.5.7-11.15.C30mdk.i586.rpm

81c805e63e9c9c98e135c9b7a6cc1925 mnf/2.0/i586/libtiff3-devel-3.5.7-11.15.C30mdk.i586.rpm

9aa2e598ce292505a2ef2f3718401e05 mnf/2.0/i586/libtiff3-static-devel-3.5.7-11.15.C30mdk.i586.rpm

cefb377ab47ead9e47594e9b9e78b676 mnf/2.0/i586/libtiff-progs-3.5.7-11.15.C30mdk.i586.rpm

b34af1bd2ec1986ff9dc65efe5d87c43 mnf/2.0/SRPMS/libtiff-3.5.7-11.15.C30mdk.src.rpm

_______________________________________________________________________

 

To upgrade automatically use MandrivaUpdate or urpmi. The verification

of md5 checksums and GPG signatures is performed automatically for you.

 

All packages are signed by Mandriva for security. You can obtain the

GPG public key of the Mandriva Security Team by executing:

 

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 

You can view other update advisories for Mandriva Linux at:

 

http://www.mandriva.com/security/advisories

 

If you want to report vulnerabilities, please contact

 

security_(at)_mandriva.com

_______________________________________________________________________

 

Type Bits/KeyID Date User ID

pub 1024D/22458A98 2000-07-10 Mandriva Security Team

 

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.9 (GNU/Linux)

 

iD8DBQFKW3ZnmqjQ0CJFipgRAnkvAJ98BXT7+cg9tL9H8hucbF5UmcpcPQCgko2O

HW+jXwDDqrNF1u8bY2AmHLA=

=vJdX

-----END PGP SIGNATURE-----

 

 

------------=_1247517931-13155-248

Content-Type: text/plain; name="message-footer.txt"

Content-Disposition: inline; filename="message-footer.txt"

Content-Transfer-Encoding: 8bit

 

To unsubscribe, send a email to sympa ( -at -) mandrivalinux.org

with this subject : unsubscribe security-announce

_______________________________________________________

Want to buy your Pack or Services from Mandriva?

Go to http://www.mandrivastore.com

Join the Club : http://www.mandrivaclub.com

_______________________________________________________

 

------------=_1247517931-13155-248--

 

 

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Upcoming News
×