From: Mandriva Security Team <security@mandriva.com.>
To: [email protected]Subject: MDKSA-2005:142 - Updated libtiff packages fixes vulnerability
Message-Id: <E1E5bTI-0004kV-LP@mercury.mandriva.com.>
Sender: QATeam User <qateam@mercury.mandriva.com.>
Date: Wed, 17 Aug 2005 21:53:40 -0600
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: libtiff
Advisory ID: MDKSA-2005:142
Date: August 17th, 2005
Affected versions: 10.0, 10.1, 10.2, Corporate 3.0,
Corporate Server 2.1,
Multi Network Firewall 2.0
______________________________________________________________________
Problem Description:
Wouter Hanegraaff discovered that the TIFF library did not sufficiently
validate the "YCbCr subsampling" value in TIFF image headers. Decoding
a malicious image with a zero value resulted in an arithmetic exception,
which can cause a program that uses the TIFF library to crash.
The updated packages are patched to protect against this vulnerability.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2452
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
cc0fa1b1b5fd12c4083cc9eb98a5458f 10.0/RPMS/libtiff-progs-3.5.7-11.7.100mdk.i586.rpm
8fb0219e7d642d2fdc241d8927421d48 10.0/RPMS/libtiff3-3.5.7-11.7.100mdk.i586.rpm
cbfd4d23c8ac8562c92e55a035d80a67 10.0/RPMS/libtiff3-devel-3.5.7-11.7.100mdk.i586.rpm
e74038d540e7d00a1b050f7b26cd56a9 10.0/RPMS/libtiff3-static-devel-3.5.7-11.7.100mdk.i586.rpm
f7d3fce17d5e63a28f9438a29e640aa4 10.0/SRPMS/libtiff-3.5.7-11.7.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
a3b989bdce7af31d4886466ff1441526 amd64/10.0/RPMS/lib64tiff3-3.5.7-11.7.100mdk.amd64.rpm
97d58685556a85cb2ab884f7ebadb536 amd64/10.0/RPMS/lib64tiff3-devel-3.5.7-11.7.100mdk.amd64.rpm
8b8ddac45016f59118a7779ff6d027c6 amd64/10.0/RPMS/lib64tiff3-static-devel-3.5.7-11.7.100mdk.amd64.rpm
30c99b6bb385cd3dfc98d50c8a3c9196 amd64/10.0/RPMS/libtiff-progs-3.5.7-11.7.100mdk.amd64.rpm
f7d3fce17d5e63a28f9438a29e640aa4 amd64/10.0/SRPMS/libtiff-3.5.7-11.7.100mdk.src.rpm
Mandrakelinux 10.1:
c76c200a605c1f0584782fb49518e29d 10.1/RPMS/libtiff-progs-3.6.1-4.4.101mdk.i586.rpm
773afaac9d2ed45b124216a7b8059f55 10.1/RPMS/libtiff3-3.6.1-4.4.101mdk.i586.rpm
bcc744f04a6a8b772fa3c63ad5e5bda3 10.1/RPMS/libtiff3-devel-3.6.1-4.4.101mdk.i586.rpm
c2f0a831fc371041221c54f288e99bb2 10.1/RPMS/libtiff3-static-devel-3.6.1-4.4.101mdk.i586.rpm
835e5009fabee9050f055d951a3d0f8a 10.1/SRPMS/libtiff-3.6.1-4.4.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
d2cec129a11f6c1181c486eed8a024ab x86_64/10.1/RPMS/lib64tiff3-3.6.1-4.4.101mdk.x86_64.rpm
73321d2e2a109f6993c8e44879284139 x86_64/10.1/RPMS/lib64tiff3-devel-3.6.1-4.4.101mdk.x86_64.rpm
28f7ea7a0ee1954a64e0c9d1ca17f224 x86_64/10.1/RPMS/lib64tiff3-static-devel-3.6.1-4.4.101mdk.x86_64.rpm
f2c2b82c083d035f32e105437c00ef40 x86_64/10.1/RPMS/libtiff-progs-3.6.1-4.4.101mdk.x86_64.rpm
835e5009fabee9050f055d951a3d0f8a x86_64/10.1/SRPMS/libtiff-3.6.1-4.4.101mdk.src.rpm
Mandrakelinux 10.2:
ddfec22eb079ad3e3c3e181581a32515 10.2/RPMS/libtiff-progs-3.6.1-11.1.102mdk.i586.rpm
85002ad26c89bd5f00f49aa7848914ed 10.2/RPMS/libtiff3-3.6.1-11.1.102mdk.i586.rpm
1680f0094d4a1f4d7783a63536992342 10.2/RPMS/libtiff3-devel-3.6.1-11.1.102mdk.i586.rpm
ab5d56da0e46e583d7d5559b460c015b 10.2/RPMS/libtiff3-static-devel-3.6.1-11.1.102mdk.i586.rpm
60bd2c3885e06f49e97ed114ea22c260 10.2/SRPMS/libtiff-3.6.1-11.1.102mdk.src.rpm
Mandrakelinux 10.2/X86_64:
b19a75b4230c1a67febfbbd1d7e3bd0b x86_64/10.2/RPMS/lib64tiff3-3.6.1-11.1.102mdk.x86_64.rpm
dd11b518706b082c138aa4a7a427235d x86_64/10.2/RPMS/lib64tiff3-devel-3.6.1-11.1.102mdk.x86_64.rpm
78da0140db6312a7813e21da700cc129 x86_64/10.2/RPMS/lib64tiff3-static-devel-3.6.1-11.1.102mdk.x86_64.rpm
1a3d856456e521653f3f94b29b561b1d x86_64/10.2/RPMS/libtiff-progs-3.6.1-11.1.102mdk.x86_64.rpm
60bd2c3885e06f49e97ed114ea22c260 x86_64/10.2/SRPMS/libtiff-3.6.1-11.1.102mdk.src.rpm
Multi Network Firewall 2.0:
29096b79d63f19c6e6602b6fe8859bae mnf/2.0/RPMS/libtiff3-3.5.7-11.7.M20mdk.i586.rpm
6983f0e032014df1ffeeb14306e5d410 mnf/2.0/SRPMS/libtiff-3.5.7-11.7.M20mdk.src.rpm
Corporate Server 2.1:
e17fd0f6fdf37c67d7cc94223806b652 corporate/2.1/RPMS/libtiff3-3.5.7-6.2.C21mdk.i586.rpm
ae1dee85cddb636fa9126fd14e5c9384 corporate/2.1/RPMS/libtiff3-devel-3.5.7-6.2.C21mdk.i586.rpm
659cc8d21c830f379ebf92d45fe92b0c corporate/2.1/RPMS/libtiff3-progs-3.5.7-6.2.C21mdk.i586.rpm
473e992205374da87b91cb8fdd9b6d65 corporate/2.1/RPMS/libtiff3-static-devel-3.5.7-6.2.C21mdk.i586.rpm
261d009314678a8e54d903234e53f2d5 corporate/2.1/SRPMS/libtiff-3.5.7-6.2.C21mdk.src.rpm
Corporate Server 2.1/X86_64:
b9a3c705853bfc458adbbe7b9b35292c x86_64/corporate/2.1/RPMS/libtiff3-3.5.7-6.2.C21mdk.x86_64.rpm
ccb61469627ec442bbb1606e2c5493fe x86_64/corporate/2.1/RPMS/libtiff3-devel-3.5.7-6.2.C21mdk.x86_64.rpm
ed0414cff8b668737b401b3874295fb0 x86_64/corporate/2.1/RPMS/libtiff3-progs-3.5.7-6.2.C21mdk.x86_64.rpm
2cb106b7e639a4adbf866fcf0bcb95a2 x86_64/corporate/2.1/RPMS/libtiff3-static-devel-3.5.7-6.2.C21mdk.x86_64.rpm
261d009314678a8e54d903234e53f2d5 x86_64/corporate/2.1/SRPMS/libtiff-3.5.7-6.2.C21mdk.src.rpm
Corporate 3.0:
5d467dc33e472e58f78111bef860b052 corporate/3.0/RPMS/libtiff-progs-3.5.7-11.7.C30mdk.i586.rpm
c6e92b32bb20db8d058299b3da175a55 corporate/3.0/RPMS/libtiff3-3.5.7-11.7.C30mdk.i586.rpm
e104fdfdfc2e3df51e459a5e56169c41 corporate/3.0/RPMS/libtiff3-devel-3.5.7-11.7.C30mdk.i586.rpm
e725905e66036c32093aaa4b478e5c6a corporate/3.0/RPMS/libtiff3-static-devel-3.5.7-11.7.C30mdk.i586.rpm
6bd7338ff5198c5f9edd77b31ecf7190 corporate/3.0/SRPMS/libtiff-3.5.7-11.7.C30mdk.src.rpm
Corporate 3.0/X86_64:
3c87ea4b94f226decf5a8e751ec9ad17 x86_64/corporate/3.0/RPMS/lib64tiff3-3.5.7-11.7.C30mdk.x86_64.rpm
5b5663889c26d6c52de85dc300bcab18 x86_64/corporate/3.0/RPMS/lib64tiff3-devel-3.5.7-11.7.C30mdk.x86_64.rpm
aa63bf920d4c74f6ce6cabc896846241 x86_64/corporate/3.0/RPMS/lib64tiff3-static-devel-3.5.7-11.7.C30mdk.x86_64.rpm
022ac2f20e0c349d7dcce42e6cbe7a6c x86_64/corporate/3.0/RPMS/libtiff-progs-3.5.7-11.7.C30mdk.x86_64.rpm
6bd7338ff5198c5f9edd77b31ecf7190 x86_64/corporate/3.0/SRPMS/libtiff-3.5.7-11.7.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFDBAZEmqjQ0CJFipgRAmp9AJkBTO4Jn7u56BUqf/sIe1zuaQTBggCfdb/8
To/G8qtCJOu5vcXbCtCA68w=
=8pu+
-----END PGP SIGNATURE-----