[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] [ MDVSA-2011:064 ] libtiff



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2011:064
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : libtiff
 Date    : April 4, 2011
 Affected: 2009.0, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities were discovered and corrected in libtiff:
 
 Buffer overflow in LibTIFF allows remote attackers to execute arbitrary
 code or cause a denial of service (application crash) via a crafted
 TIFF image with JPEG encoding (CVE-2011-0191).
 
 Heap-based buffer overflow in the thunder (aka ThunderScan) decoder
 in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers
 to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a
 .tiff file that has an unexpected BitsPerSample value (CVE-2011-1167).
 
 Packages for 2009.0 are provided as of the Extended Maintenance
 Program. Please visit this link to learn more:
 http://store.mandriva.com/product_info.php?cPath=149&products_id=490
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0191
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1167
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 469f83f325486ac28efade864c4c04dd  
2009.0/i586/libtiff3-3.8.2-12.5mdv2009.0.i586.rpm
 60ed02c79ace2efc9d360c6a254484d8  
2009.0/i586/libtiff3-devel-3.8.2-12.5mdv2009.0.i586.rpm
 9eec6c7a71319a0dbe42043e3ce0143c  
2009.0/i586/libtiff3-static-devel-3.8.2-12.5mdv2009.0.i586.rpm
 c83359e62f148232dbf4716c3db1da27  
2009.0/i586/libtiff-progs-3.8.2-12.5mdv2009.0.i586.rpm 
 394324226f6347b8adde7d5a3b94e616  
2009.0/SRPMS/libtiff-3.8.2-12.5mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 12d1c6b013d1001804dcff1607ba0cbf  
2009.0/x86_64/lib64tiff3-3.8.2-12.5mdv2009.0.x86_64.rpm
 7160228a5f9eb015f7c39b034e4168fe  
2009.0/x86_64/lib64tiff3-devel-3.8.2-12.5mdv2009.0.x86_64.rpm
 dd60de9c42e6e6db115866b0729d11a6  
2009.0/x86_64/lib64tiff3-static-devel-3.8.2-12.5mdv2009.0.x86_64.rpm
 019b6c2c67897e9e15b61c5bd5290d7c  
2009.0/x86_64/libtiff-progs-3.8.2-12.5mdv2009.0.x86_64.rpm 
 394324226f6347b8adde7d5a3b94e616  
2009.0/SRPMS/libtiff-3.8.2-12.5mdv2009.0.src.rpm

 Mandriva Linux 2010.0:
 516da8a4ac19bd931ec94c948e2202b3  
2010.0/i586/libtiff3-3.9.1-4.4mdv2010.0.i586.rpm
 bb474b98be4cee2d5ce83b18a97e0b0a  
2010.0/i586/libtiff-devel-3.9.1-4.4mdv2010.0.i586.rpm
 91bbafe5b93099fa6bc91a4ae2c792c5  
2010.0/i586/libtiff-progs-3.9.1-4.4mdv2010.0.i586.rpm
 cfe592e3c30c76e9e814c828f4e9c850  
2010.0/i586/libtiff-static-devel-3.9.1-4.4mdv2010.0.i586.rpm 
 82734445474583997f82f61a6bca5477  
2010.0/SRPMS/libtiff-3.9.1-4.4mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 89d02f64104cdeefcfff27251ac493e3  
2010.0/x86_64/lib64tiff3-3.9.1-4.4mdv2010.0.x86_64.rpm
 184361a7a031fd0040ef210289e659ad  
2010.0/x86_64/lib64tiff-devel-3.9.1-4.4mdv2010.0.x86_64.rpm
 ea63a95bea50aa8c6173b7e018b52c16  
2010.0/x86_64/lib64tiff-static-devel-3.9.1-4.4mdv2010.0.x86_64.rpm
 b683c3de7768e3be291f3cd0810f29f7  
2010.0/x86_64/libtiff-progs-3.9.1-4.4mdv2010.0.x86_64.rpm 
 82734445474583997f82f61a6bca5477  
2010.0/SRPMS/libtiff-3.9.1-4.4mdv2010.0.src.rpm

 Mandriva Linux 2010.1:
 6cae776a3869cba91324d4db8c3e445b  
2010.1/i586/libtiff3-3.9.2-2.4mdv2010.2.i586.rpm
 9eb7c8e16bdccb2a08bbd51b842d6b8a  
2010.1/i586/libtiff-devel-3.9.2-2.4mdv2010.2.i586.rpm
 b22f03fcab8549799bd989a1ac5b9505  
2010.1/i586/libtiff-progs-3.9.2-2.4mdv2010.2.i586.rpm
 5207df22c3ce3a1dc5487e5a9f1386f5  
2010.1/i586/libtiff-static-devel-3.9.2-2.4mdv2010.2.i586.rpm 
 edc5ff22e092f6c0c761ea064beec57e  
2010.1/SRPMS/libtiff-3.9.2-2.4mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 fead69647d8429a2e0f3bde99440a81e  
2010.1/x86_64/lib64tiff3-3.9.2-2.4mdv2010.2.x86_64.rpm
 f8eefcab2c69e31dc9e59b7c5fd1370a  
2010.1/x86_64/lib64tiff-devel-3.9.2-2.4mdv2010.2.x86_64.rpm
 a14aa71d4721718fc2312f04b76163db  
2010.1/x86_64/lib64tiff-static-devel-3.9.2-2.4mdv2010.2.x86_64.rpm
 cd214410be00ea40859776ac4f95f1da  
2010.1/x86_64/libtiff-progs-3.9.2-2.4mdv2010.2.x86_64.rpm 
 edc5ff22e092f6c0c761ea064beec57e  
2010.1/SRPMS/libtiff-3.9.2-2.4mdv2010.2.src.rpm

 Corporate 4.0:
 26f8d583111883193418679358070dac  
corporate/4.0/i586/libtiff3-3.6.1-12.11.20060mlcs4.i586.rpm
 6cc27c218fc154873d80b9f20d0026a0  
corporate/4.0/i586/libtiff3-devel-3.6.1-12.11.20060mlcs4.i586.rpm
 d2cc27f255b5c06ac0270501742d075a  
corporate/4.0/i586/libtiff3-static-devel-3.6.1-12.11.20060mlcs4.i586.rpm
 1dce21141558e525afac04376ee88b0e  
corporate/4.0/i586/libtiff-progs-3.6.1-12.11.20060mlcs4.i586.rpm 
 b71b082cfc6e374765bdcc433074876e  
corporate/4.0/SRPMS/libtiff-3.6.1-12.11.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 909321cebadb1a6a98363111aafaa51f  
corporate/4.0/x86_64/lib64tiff3-3.6.1-12.11.20060mlcs4.x86_64.rpm
 1e65799b8f71945b8577caa953f26f1a  
corporate/4.0/x86_64/lib64tiff3-devel-3.6.1-12.11.20060mlcs4.x86_64.rpm
 e0f3f375533db24c097249e2865d67c5  
corporate/4.0/x86_64/lib64tiff3-static-devel-3.6.1-12.11.20060mlcs4.x86_64.rpm
 45d3bf776d6b0bf18b6dd475719d5109  
corporate/4.0/x86_64/libtiff-progs-3.6.1-12.11.20060mlcs4.x86_64.rpm 
 b71b082cfc6e374765bdcc433074876e  
corporate/4.0/SRPMS/libtiff-3.6.1-12.11.20060mlcs4.src.rpm

 Mandriva Enterprise Server 5:
 0e74dc01232af741c73b5429222c104b  
mes5/i586/libtiff3-3.8.2-12.5mdvmes5.2.i586.rpm
 cf4880e23bca7320947faffb7493fe1c  
mes5/i586/libtiff3-devel-3.8.2-12.5mdvmes5.2.i586.rpm
 35e2c51269229b05e8127d8ff7a70559  
mes5/i586/libtiff3-static-devel-3.8.2-12.5mdvmes5.2.i586.rpm
 053e112ce08dee96024c78cf1cc62c68  
mes5/i586/libtiff-progs-3.8.2-12.5mdvmes5.2.i586.rpm 
 b11fe44b7f27853a08cb447713ba2b5d  
mes5/SRPMS/libtiff-3.8.2-12.5mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 8b9eee08db52a402ff116c6f4f66e1cc  
mes5/x86_64/lib64tiff3-3.8.2-12.5mdvmes5.2.x86_64.rpm
 ae5a101036721b2f2cb852861dd9195a  
mes5/x86_64/lib64tiff3-devel-3.8.2-12.5mdvmes5.2.x86_64.rpm
 deb731157dd46e649eb01fb66bb9c4ca  
mes5/x86_64/lib64tiff3-static-devel-3.8.2-12.5mdvmes5.2.x86_64.rpm
 cf1e27dfce8783ba6dfa4d0d07949f8d  
mes5/x86_64/libtiff-progs-3.8.2-12.5mdvmes5.2.x86_64.rpm 
 b11fe44b7f27853a08cb447713ba2b5d  
mes5/SRPMS/libtiff-3.8.2-12.5mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFNmbcVmqjQ0CJFipgRAhpFAKCtkISR0abadP0ESPSt/5N9ZMtkHQCggcfu
Vxz/7h+yOk4y1oCT/+u7P34=
=+u6N
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/