To: [email protected]Subject: [ MDVSA-2009:150 ] libtiff
Date: Mon, 13 Jul 2009 22:42:01 +0200
From: [email protected]
Reply-To: <xsecurity@mandriva.com.>
Message-Id: <E1MQSLZ-0005ON-R6@titan.mandriva.com.>
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:150
http://www.mandriva.com/security/
_______________________________________________________________________
Package : libtiff
Date : July 13, 2009
Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0,
Multi Network Firewall 2.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities has been found and corrected in libtiff:
Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2
allows context-dependent attackers to cause a denial of service (crash)
via a crafted TIFF image, a different vulnerability than CVE-2008-2327
(CVE-2009-2285).
Fix several places in tiff2rgba and rgb2ycbcr that were being careless
about possible integer overflow in calculation of buffer sizes
(CVE-2009-2347).
This update provides fixes for these vulnerabilities.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2285http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2347
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.1:
7c56d843d17efce1717654ceb4efe3e1 2008.1/i586/libtiff3-3.8.2-10.2mdv2008.1.i586.rpm
9d02ed754eafe7a33b2fb4b5a8e7b1d1 2008.1/i586/libtiff3-devel-3.8.2-10.2mdv2008.1.i586.rpm
619b12e1013c645db1aca659b1ea6805 2008.1/i586/libtiff3-static-devel-3.8.2-10.2mdv2008.1.i586.rpm
5d94641411d637493e7e413045fa82a9 2008.1/i586/libtiff-progs-3.8.2-10.2mdv2008.1.i586.rpm
73795a036f1b81ca0c1233df6f7d8fad 2008.1/SRPMS/libtiff-3.8.2-10.2mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
52e0eb4a0230bbdb245b787ba53c0903 2008.1/x86_64/lib64tiff3-3.8.2-10.2mdv2008.1.x86_64.rpm
147525496bca6fcee3a741f2350e8441 2008.1/x86_64/lib64tiff3-devel-3.8.2-10.2mdv2008.1.x86_64.rpm
c4ed6f9405dcb64edfebba00272f7596 2008.1/x86_64/lib64tiff3-static-devel-3.8.2-10.2mdv2008.1.x86_64.rpm
0844ecf1e6941fbde9fc358e34a3136e 2008.1/x86_64/libtiff-progs-3.8.2-10.2mdv2008.1.x86_64.rpm
73795a036f1b81ca0c1233df6f7d8fad 2008.1/SRPMS/libtiff-3.8.2-10.2mdv2008.1.src.rpm
Mandriva Linux 2009.0:
75efa7472bffceaecb10016c22621de7 2009.0/i586/libtiff3-3.8.2-12.1mdv2009.0.i586.rpm
aa82f5e49bb942688cbc85d55318b290 2009.0/i586/libtiff3-devel-3.8.2-12.1mdv2009.0.i586.rpm
0a93799b79a70ab2a900d12030907e78 2009.0/i586/libtiff3-static-devel-3.8.2-12.1mdv2009.0.i586.rpm
efe9ac463f0b551859c8349c8c63e288 2009.0/i586/libtiff-progs-3.8.2-12.1mdv2009.0.i586.rpm
52799196d155f1582dbf5a76ffd93e0e 2009.0/SRPMS/libtiff-3.8.2-12.1mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
89138d743bbf89abf1f0f879bc2ed829 2009.0/x86_64/lib64tiff3-3.8.2-12.1mdv2009.0.x86_64.rpm
f5f55f26af4641878dc3a057a764f83a 2009.0/x86_64/lib64tiff3-devel-3.8.2-12.1mdv2009.0.x86_64.rpm
5a99217d3a034504b4fc4d120764d793 2009.0/x86_64/lib64tiff3-static-devel-3.8.2-12.1mdv2009.0.x86_64.rpm
5abd09147419ec5b4008306a424c22d8 2009.0/x86_64/libtiff-progs-3.8.2-12.1mdv2009.0.x86_64.rpm
52799196d155f1582dbf5a76ffd93e0e 2009.0/SRPMS/libtiff-3.8.2-12.1mdv2009.0.src.rpm
Mandriva Linux 2009.1:
0a1eace7d782a42df040267874fed9f1 2009.1/i586/libtiff3-3.8.2-13.1mdv2009.1.i586.rpm
7dd6bd104131b115130e6feeba9d4766 2009.1/i586/libtiff3-devel-3.8.2-13.1mdv2009.1.i586.rpm
32658d8a98def2e32a757bfb6ea64d28 2009.1/i586/libtiff3-static-devel-3.8.2-13.1mdv2009.1.i586.rpm
53d18d66fc849a6128e5961d95892e7c 2009.1/i586/libtiff-progs-3.8.2-13.1mdv2009.1.i586.rpm
27b6b2d285832c2ab5e8a2c25a6102b3 2009.1/SRPMS/libtiff-3.8.2-13.1mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
26516d312785c5f9e2a5f37e1651ffbb 2009.1/x86_64/lib64tiff3-3.8.2-13.1mdv2009.1.x86_64.rpm
91e72dcc4d1866b7978dfcd493393d2e 2009.1/x86_64/lib64tiff3-devel-3.8.2-13.1mdv2009.1.x86_64.rpm
9a4d6177df03395106d00e7f8a009e2b 2009.1/x86_64/lib64tiff3-static-devel-3.8.2-13.1mdv2009.1.x86_64.rpm
b0cffa6ebb21e850847089cad50f1e7a 2009.1/x86_64/libtiff-progs-3.8.2-13.1mdv2009.1.x86_64.rpm
27b6b2d285832c2ab5e8a2c25a6102b3 2009.1/SRPMS/libtiff-3.8.2-13.1mdv2009.1.src.rpm
Corporate 3.0:
5e5facf365d83f647ba3b1c0afecb8c8 corporate/3.0/i586/libtiff3-3.5.7-11.15.C30mdk.i586.rpm
288ab11a153d4df48c4fadadfab0b653 corporate/3.0/i586/libtiff3-devel-3.5.7-11.15.C30mdk.i586.rpm
0fa52891fc9cafff6d4b6de9d8a23262 corporate/3.0/i586/libtiff3-static-devel-3.5.7-11.15.C30mdk.i586.rpm
c4ba5b9ab1caf7cff8addc84d778f4d4 corporate/3.0/i586/libtiff-progs-3.5.7-11.15.C30mdk.i586.rpm
72c81050e7296c63de08282f2f369283 corporate/3.0/SRPMS/libtiff-3.5.7-11.15.C30mdk.src.rpm
Corporate 3.0/X86_64:
092479cb8de7b269197d06595b68f71c corporate/3.0/x86_64/lib64tiff3-3.5.7-11.15.C30mdk.x86_64.rpm
ea7f46c3e639d24f40449b599f5b2382 corporate/3.0/x86_64/lib64tiff3-devel-3.5.7-11.15.C30mdk.x86_64.rpm
b414cd225488b9a68bbfc611fc72924f corporate/3.0/x86_64/lib64tiff3-static-devel-3.5.7-11.15.C30mdk.x86_64.rpm
9f008c60f557b086915e65e78a56ecfd corporate/3.0/x86_64/libtiff-progs-3.5.7-11.15.C30mdk.x86_64.rpm
72c81050e7296c63de08282f2f369283 corporate/3.0/SRPMS/libtiff-3.5.7-11.15.C30mdk.src.rpm
Corporate 4.0:
25cd088ef8715634db5dedd68611125e corporate/4.0/i586/libtiff3-3.6.1-12.8.20060mlcs4.i586.rpm
e0df8bc6f18fa4e8585734a1541e6849 corporate/4.0/i586/libtiff3-devel-3.6.1-12.8.20060mlcs4.i586.rpm
b44feabddefea2f192782b6ae313045c corporate/4.0/i586/libtiff3-static-devel-3.6.1-12.8.20060mlcs4.i586.rpm
8beb0af53dd07fb685c61a507dda9a00 corporate/4.0/i586/libtiff-progs-3.6.1-12.8.20060mlcs4.i586.rpm
b205c0dc185b0a55bd5521d3f6e416f0 corporate/4.0/SRPMS/libtiff-3.6.1-12.8.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
36e6479eacb594dfbb34deff16b99ba5 corporate/4.0/x86_64/lib64tiff3-3.6.1-12.8.20060mlcs4.x86_64.rpm
0c37e2b3981cb44f25734ad4903aad11 corporate/4.0/x86_64/lib64tiff3-devel-3.6.1-12.8.20060mlcs4.x86_64.rpm
08a1408d4aef9a858900c2e7444d2b66 corporate/4.0/x86_64/lib64tiff3-static-devel-3.6.1-12.8.20060mlcs4.x86_64.rpm
ff20e3e86ddb53df420bb3ce78f894ac corporate/4.0/x86_64/libtiff-progs-3.6.1-12.8.20060mlcs4.x86_64.rpm
b205c0dc185b0a55bd5521d3f6e416f0 corporate/4.0/SRPMS/libtiff-3.6.1-12.8.20060mlcs4.src.rpm
Multi Network Firewall 2.0:
134c05da89014e53836b7e6a230a766d mnf/2.0/i586/libtiff3-3.5.7-11.15.C30mdk.i586.rpm
81c805e63e9c9c98e135c9b7a6cc1925 mnf/2.0/i586/libtiff3-devel-3.5.7-11.15.C30mdk.i586.rpm
9aa2e598ce292505a2ef2f3718401e05 mnf/2.0/i586/libtiff3-static-devel-3.5.7-11.15.C30mdk.i586.rpm
cefb377ab47ead9e47594e9b9e78b676 mnf/2.0/i586/libtiff-progs-3.5.7-11.15.C30mdk.i586.rpm
b34af1bd2ec1986ff9dc65efe5d87c43 mnf/2.0/SRPMS/libtiff-3.5.7-11.15.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFKW3ZnmqjQ0CJFipgRAnkvAJ98BXT7+cg9tL9H8hucbF5UmcpcPQCgko2O
HW+jXwDDqrNF1u8bY2AmHLA=
=vJdX
-----END PGP SIGNATURE-----