Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: <security <at> mandriva.com>
Subject: [ MDVSA-2011:064 ] libtiff
Newsgroups: gmane.linux.mandrake.security.announce
Date: Monday 4th April 2011 15:49:01 UTC (over 5 years ago)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2011:064
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : libtiff
 Date    : April 4, 2011
 Affected: 2009.0, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities were discovered and corrected in libtiff:
 
 Buffer overflow in LibTIFF allows remote attackers to execute arbitrary
 code or cause a denial of service (application crash) via a crafted
 TIFF image with JPEG encoding (CVE-2011-0191).
 
 Heap-based buffer overflow in the thunder (aka ThunderScan) decoder
 in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers
 to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a
 .tiff file that has an unexpected BitsPerSample value (CVE-2011-1167).
 
 Packages for 2009.0 are provided as of the Extended Maintenance
 Program. Please visit this link to learn more:
 http://store.mandriva.com/product_info.php?cPath=149&products_id=490
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0191
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1167
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 469f83f325486ac28efade864c4c04dd 
2009.0/i586/libtiff3-3.8.2-12.5mdv2009.0.i586.rpm
 60ed02c79ace2efc9d360c6a254484d8 
2009.0/i586/libtiff3-devel-3.8.2-12.5mdv2009.0.i586.rpm
 9eec6c7a71319a0dbe42043e3ce0143c 
2009.0/i586/libtiff3-static-devel-3.8.2-12.5mdv2009.0.i586.rpm
 c83359e62f148232dbf4716c3db1da27 
2009.0/i586/libtiff-progs-3.8.2-12.5mdv2009.0.i586.rpm 
 394324226f6347b8adde7d5a3b94e616 
2009.0/SRPMS/libtiff-3.8.2-12.5mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 12d1c6b013d1001804dcff1607ba0cbf 
2009.0/x86_64/lib64tiff3-3.8.2-12.5mdv2009.0.x86_64.rpm
 7160228a5f9eb015f7c39b034e4168fe 
2009.0/x86_64/lib64tiff3-devel-3.8.2-12.5mdv2009.0.x86_64.rpm
 dd60de9c42e6e6db115866b0729d11a6 
2009.0/x86_64/lib64tiff3-static-devel-3.8.2-12.5mdv2009.0.x86_64.rpm
 019b6c2c67897e9e15b61c5bd5290d7c 
2009.0/x86_64/libtiff-progs-3.8.2-12.5mdv2009.0.x86_64.rpm 
 394324226f6347b8adde7d5a3b94e616 
2009.0/SRPMS/libtiff-3.8.2-12.5mdv2009.0.src.rpm

 Mandriva Linux 2010.0:
 516da8a4ac19bd931ec94c948e2202b3 
2010.0/i586/libtiff3-3.9.1-4.4mdv2010.0.i586.rpm
 bb474b98be4cee2d5ce83b18a97e0b0a 
2010.0/i586/libtiff-devel-3.9.1-4.4mdv2010.0.i586.rpm
 91bbafe5b93099fa6bc91a4ae2c792c5 
2010.0/i586/libtiff-progs-3.9.1-4.4mdv2010.0.i586.rpm
 cfe592e3c30c76e9e814c828f4e9c850 
2010.0/i586/libtiff-static-devel-3.9.1-4.4mdv2010.0.i586.rpm 
 82734445474583997f82f61a6bca5477 
2010.0/SRPMS/libtiff-3.9.1-4.4mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 89d02f64104cdeefcfff27251ac493e3 
2010.0/x86_64/lib64tiff3-3.9.1-4.4mdv2010.0.x86_64.rpm
 184361a7a031fd0040ef210289e659ad 
2010.0/x86_64/lib64tiff-devel-3.9.1-4.4mdv2010.0.x86_64.rpm
 ea63a95bea50aa8c6173b7e018b52c16 
2010.0/x86_64/lib64tiff-static-devel-3.9.1-4.4mdv2010.0.x86_64.rpm
 b683c3de7768e3be291f3cd0810f29f7 
2010.0/x86_64/libtiff-progs-3.9.1-4.4mdv2010.0.x86_64.rpm 
 82734445474583997f82f61a6bca5477 
2010.0/SRPMS/libtiff-3.9.1-4.4mdv2010.0.src.rpm

 Mandriva Linux 2010.1:
 6cae776a3869cba91324d4db8c3e445b 
2010.1/i586/libtiff3-3.9.2-2.4mdv2010.2.i586.rpm
 9eb7c8e16bdccb2a08bbd51b842d6b8a 
2010.1/i586/libtiff-devel-3.9.2-2.4mdv2010.2.i586.rpm
 b22f03fcab8549799bd989a1ac5b9505 
2010.1/i586/libtiff-progs-3.9.2-2.4mdv2010.2.i586.rpm
 5207df22c3ce3a1dc5487e5a9f1386f5 
2010.1/i586/libtiff-static-devel-3.9.2-2.4mdv2010.2.i586.rpm 
 edc5ff22e092f6c0c761ea064beec57e 
2010.1/SRPMS/libtiff-3.9.2-2.4mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 fead69647d8429a2e0f3bde99440a81e 
2010.1/x86_64/lib64tiff3-3.9.2-2.4mdv2010.2.x86_64.rpm
 f8eefcab2c69e31dc9e59b7c5fd1370a 
2010.1/x86_64/lib64tiff-devel-3.9.2-2.4mdv2010.2.x86_64.rpm
 a14aa71d4721718fc2312f04b76163db 
2010.1/x86_64/lib64tiff-static-devel-3.9.2-2.4mdv2010.2.x86_64.rpm
 cd214410be00ea40859776ac4f95f1da 
2010.1/x86_64/libtiff-progs-3.9.2-2.4mdv2010.2.x86_64.rpm 
 edc5ff22e092f6c0c761ea064beec57e 
2010.1/SRPMS/libtiff-3.9.2-2.4mdv2010.2.src.rpm

 Corporate 4.0:
 26f8d583111883193418679358070dac 
corporate/4.0/i586/libtiff3-3.6.1-12.11.20060mlcs4.i586.rpm
 6cc27c218fc154873d80b9f20d0026a0 
corporate/4.0/i586/libtiff3-devel-3.6.1-12.11.20060mlcs4.i586.rpm
 d2cc27f255b5c06ac0270501742d075a 
corporate/4.0/i586/libtiff3-static-devel-3.6.1-12.11.20060mlcs4.i586.rpm
 1dce21141558e525afac04376ee88b0e 
corporate/4.0/i586/libtiff-progs-3.6.1-12.11.20060mlcs4.i586.rpm 
 b71b082cfc6e374765bdcc433074876e 
corporate/4.0/SRPMS/libtiff-3.6.1-12.11.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 909321cebadb1a6a98363111aafaa51f 
corporate/4.0/x86_64/lib64tiff3-3.6.1-12.11.20060mlcs4.x86_64.rpm
 1e65799b8f71945b8577caa953f26f1a 
corporate/4.0/x86_64/lib64tiff3-devel-3.6.1-12.11.20060mlcs4.x86_64.rpm
 e0f3f375533db24c097249e2865d67c5 
corporate/4.0/x86_64/lib64tiff3-static-devel-3.6.1-12.11.20060mlcs4.x86_64.rpm
 45d3bf776d6b0bf18b6dd475719d5109 
corporate/4.0/x86_64/libtiff-progs-3.6.1-12.11.20060mlcs4.x86_64.rpm 
 b71b082cfc6e374765bdcc433074876e 
corporate/4.0/SRPMS/libtiff-3.6.1-12.11.20060mlcs4.src.rpm

 Mandriva Enterprise Server 5:
 0e74dc01232af741c73b5429222c104b 
mes5/i586/libtiff3-3.8.2-12.5mdvmes5.2.i586.rpm
 cf4880e23bca7320947faffb7493fe1c 
mes5/i586/libtiff3-devel-3.8.2-12.5mdvmes5.2.i586.rpm
 35e2c51269229b05e8127d8ff7a70559 
mes5/i586/libtiff3-static-devel-3.8.2-12.5mdvmes5.2.i586.rpm
 053e112ce08dee96024c78cf1cc62c68 
mes5/i586/libtiff-progs-3.8.2-12.5mdvmes5.2.i586.rpm 
 b11fe44b7f27853a08cb447713ba2b5d 
mes5/SRPMS/libtiff-3.8.2-12.5mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 8b9eee08db52a402ff116c6f4f66e1cc 
mes5/x86_64/lib64tiff3-3.8.2-12.5mdvmes5.2.x86_64.rpm
 ae5a101036721b2f2cb852861dd9195a 
mes5/x86_64/lib64tiff3-devel-3.8.2-12.5mdvmes5.2.x86_64.rpm
 deb731157dd46e649eb01fb66bb9c4ca 
mes5/x86_64/lib64tiff3-static-devel-3.8.2-12.5mdvmes5.2.x86_64.rpm
 cf1e27dfce8783ba6dfa4d0d07949f8d 
mes5/x86_64/libtiff-progs-3.8.2-12.5mdvmes5.2.x86_64.rpm 
 b11fe44b7f27853a08cb447713ba2b5d 
mes5/SRPMS/libtiff-3.8.2-12.5mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFNmbcVmqjQ0CJFipgRAhpFAKCtkISR0abadP0ESPSt/5N9ZMtkHQCggcfu
Vxz/7h+yOk4y1oCT/+u7P34=
=+u6N
-----END PGP SIGNATURE-----
 
CD: 4ms