[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] [ MDVSA-2011:064 ] libtiff
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: [Full-disclosure] [ MDVSA-2011:064 ] libtiff
- From: security@xxxxxxxxxxxx
- Date: Mon, 04 Apr 2011 17:49:01 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2011:064
http://www.mandriva.com/security/
_______________________________________________________________________
Package : libtiff
Date : April 4, 2011
Affected: 2009.0, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities were discovered and corrected in libtiff:
Buffer overflow in LibTIFF allows remote attackers to execute arbitrary
code or cause a denial of service (application crash) via a crafted
TIFF image with JPEG encoding (CVE-2011-0191).
Heap-based buffer overflow in the thunder (aka ThunderScan) decoder
in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers
to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a
.tiff file that has an unexpected BitsPerSample value (CVE-2011-1167).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0191
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1167
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.0:
469f83f325486ac28efade864c4c04dd
2009.0/i586/libtiff3-3.8.2-12.5mdv2009.0.i586.rpm
60ed02c79ace2efc9d360c6a254484d8
2009.0/i586/libtiff3-devel-3.8.2-12.5mdv2009.0.i586.rpm
9eec6c7a71319a0dbe42043e3ce0143c
2009.0/i586/libtiff3-static-devel-3.8.2-12.5mdv2009.0.i586.rpm
c83359e62f148232dbf4716c3db1da27
2009.0/i586/libtiff-progs-3.8.2-12.5mdv2009.0.i586.rpm
394324226f6347b8adde7d5a3b94e616
2009.0/SRPMS/libtiff-3.8.2-12.5mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
12d1c6b013d1001804dcff1607ba0cbf
2009.0/x86_64/lib64tiff3-3.8.2-12.5mdv2009.0.x86_64.rpm
7160228a5f9eb015f7c39b034e4168fe
2009.0/x86_64/lib64tiff3-devel-3.8.2-12.5mdv2009.0.x86_64.rpm
dd60de9c42e6e6db115866b0729d11a6
2009.0/x86_64/lib64tiff3-static-devel-3.8.2-12.5mdv2009.0.x86_64.rpm
019b6c2c67897e9e15b61c5bd5290d7c
2009.0/x86_64/libtiff-progs-3.8.2-12.5mdv2009.0.x86_64.rpm
394324226f6347b8adde7d5a3b94e616
2009.0/SRPMS/libtiff-3.8.2-12.5mdv2009.0.src.rpm
Mandriva Linux 2010.0:
516da8a4ac19bd931ec94c948e2202b3
2010.0/i586/libtiff3-3.9.1-4.4mdv2010.0.i586.rpm
bb474b98be4cee2d5ce83b18a97e0b0a
2010.0/i586/libtiff-devel-3.9.1-4.4mdv2010.0.i586.rpm
91bbafe5b93099fa6bc91a4ae2c792c5
2010.0/i586/libtiff-progs-3.9.1-4.4mdv2010.0.i586.rpm
cfe592e3c30c76e9e814c828f4e9c850
2010.0/i586/libtiff-static-devel-3.9.1-4.4mdv2010.0.i586.rpm
82734445474583997f82f61a6bca5477
2010.0/SRPMS/libtiff-3.9.1-4.4mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
89d02f64104cdeefcfff27251ac493e3
2010.0/x86_64/lib64tiff3-3.9.1-4.4mdv2010.0.x86_64.rpm
184361a7a031fd0040ef210289e659ad
2010.0/x86_64/lib64tiff-devel-3.9.1-4.4mdv2010.0.x86_64.rpm
ea63a95bea50aa8c6173b7e018b52c16
2010.0/x86_64/lib64tiff-static-devel-3.9.1-4.4mdv2010.0.x86_64.rpm
b683c3de7768e3be291f3cd0810f29f7
2010.0/x86_64/libtiff-progs-3.9.1-4.4mdv2010.0.x86_64.rpm
82734445474583997f82f61a6bca5477
2010.0/SRPMS/libtiff-3.9.1-4.4mdv2010.0.src.rpm
Mandriva Linux 2010.1:
6cae776a3869cba91324d4db8c3e445b
2010.1/i586/libtiff3-3.9.2-2.4mdv2010.2.i586.rpm
9eb7c8e16bdccb2a08bbd51b842d6b8a
2010.1/i586/libtiff-devel-3.9.2-2.4mdv2010.2.i586.rpm
b22f03fcab8549799bd989a1ac5b9505
2010.1/i586/libtiff-progs-3.9.2-2.4mdv2010.2.i586.rpm
5207df22c3ce3a1dc5487e5a9f1386f5
2010.1/i586/libtiff-static-devel-3.9.2-2.4mdv2010.2.i586.rpm
edc5ff22e092f6c0c761ea064beec57e
2010.1/SRPMS/libtiff-3.9.2-2.4mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64:
fead69647d8429a2e0f3bde99440a81e
2010.1/x86_64/lib64tiff3-3.9.2-2.4mdv2010.2.x86_64.rpm
f8eefcab2c69e31dc9e59b7c5fd1370a
2010.1/x86_64/lib64tiff-devel-3.9.2-2.4mdv2010.2.x86_64.rpm
a14aa71d4721718fc2312f04b76163db
2010.1/x86_64/lib64tiff-static-devel-3.9.2-2.4mdv2010.2.x86_64.rpm
cd214410be00ea40859776ac4f95f1da
2010.1/x86_64/libtiff-progs-3.9.2-2.4mdv2010.2.x86_64.rpm
edc5ff22e092f6c0c761ea064beec57e
2010.1/SRPMS/libtiff-3.9.2-2.4mdv2010.2.src.rpm
Corporate 4.0:
26f8d583111883193418679358070dac
corporate/4.0/i586/libtiff3-3.6.1-12.11.20060mlcs4.i586.rpm
6cc27c218fc154873d80b9f20d0026a0
corporate/4.0/i586/libtiff3-devel-3.6.1-12.11.20060mlcs4.i586.rpm
d2cc27f255b5c06ac0270501742d075a
corporate/4.0/i586/libtiff3-static-devel-3.6.1-12.11.20060mlcs4.i586.rpm
1dce21141558e525afac04376ee88b0e
corporate/4.0/i586/libtiff-progs-3.6.1-12.11.20060mlcs4.i586.rpm
b71b082cfc6e374765bdcc433074876e
corporate/4.0/SRPMS/libtiff-3.6.1-12.11.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
909321cebadb1a6a98363111aafaa51f
corporate/4.0/x86_64/lib64tiff3-3.6.1-12.11.20060mlcs4.x86_64.rpm
1e65799b8f71945b8577caa953f26f1a
corporate/4.0/x86_64/lib64tiff3-devel-3.6.1-12.11.20060mlcs4.x86_64.rpm
e0f3f375533db24c097249e2865d67c5
corporate/4.0/x86_64/lib64tiff3-static-devel-3.6.1-12.11.20060mlcs4.x86_64.rpm
45d3bf776d6b0bf18b6dd475719d5109
corporate/4.0/x86_64/libtiff-progs-3.6.1-12.11.20060mlcs4.x86_64.rpm
b71b082cfc6e374765bdcc433074876e
corporate/4.0/SRPMS/libtiff-3.6.1-12.11.20060mlcs4.src.rpm
Mandriva Enterprise Server 5:
0e74dc01232af741c73b5429222c104b
mes5/i586/libtiff3-3.8.2-12.5mdvmes5.2.i586.rpm
cf4880e23bca7320947faffb7493fe1c
mes5/i586/libtiff3-devel-3.8.2-12.5mdvmes5.2.i586.rpm
35e2c51269229b05e8127d8ff7a70559
mes5/i586/libtiff3-static-devel-3.8.2-12.5mdvmes5.2.i586.rpm
053e112ce08dee96024c78cf1cc62c68
mes5/i586/libtiff-progs-3.8.2-12.5mdvmes5.2.i586.rpm
b11fe44b7f27853a08cb447713ba2b5d
mes5/SRPMS/libtiff-3.8.2-12.5mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
8b9eee08db52a402ff116c6f4f66e1cc
mes5/x86_64/lib64tiff3-3.8.2-12.5mdvmes5.2.x86_64.rpm
ae5a101036721b2f2cb852861dd9195a
mes5/x86_64/lib64tiff3-devel-3.8.2-12.5mdvmes5.2.x86_64.rpm
deb731157dd46e649eb01fb66bb9c4ca
mes5/x86_64/lib64tiff3-static-devel-3.8.2-12.5mdvmes5.2.x86_64.rpm
cf1e27dfce8783ba6dfa4d0d07949f8d
mes5/x86_64/libtiff-progs-3.8.2-12.5mdvmes5.2.x86_64.rpm
b11fe44b7f27853a08cb447713ba2b5d
mes5/SRPMS/libtiff-3.8.2-12.5mdvmes5.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFNmbcVmqjQ0CJFipgRAhpFAKCtkISR0abadP0ESPSt/5N9ZMtkHQCggcfu
Vxz/7h+yOk4y1oCT/+u7P34=
=+u6N
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/