[Security Announce] [ MDKSA-2006:042 ] - Updated libtiff packages fix vulnerability
Posted on: 02/17/2006 10:52 PM

The Mandriva Security Team published a new security update for Mandriva Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:042
http://www.mandriva.com/security/
_______________________________________________________________________

Package : libtiff
Date : February 17, 2006
Affected: 10.1, 10.2, 2006.0, Corporate 2.1, Corporate 3.0,
Multi Network Firewall 2.0
_______________________________________________________________________

Problem Description:

Stack-based buffer overflow in libTIFF before 3.7.2 allows remote
attackers to execute arbitrary code via a TIFF file with a malformed
BitsPerSample tag. Although some of the previous updates appear to
already catch this issue, this update adds some additional checks.

The updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1544
_______________________________________________________________________

Updated Packages:

Mandriva Linux 10.1:
9530bfcd8e569b46eba4dd512e0bfe5a 10.1/RPMS/libtiff3-3.6.1-4.5.101mdk.i586.rpm
483c2c0896b6cf200e7c51311b074a27 10.1/RPMS/libtiff3-devel-3.6.1-4.5.101mdk.i586.rpm
07cbbe83a27bd3a92c23bcff410f3e13 10.1/RPMS/libtiff3-static-devel-3.6.1-4.5.101mdk.i586.rpm
5bbdf0e8b3d5e9cc98a0c291d9629f1a 10.1/RPMS/libtiff-progs-3.6.1-4.5.101mdk.i586.rpm
3a506f7863e4763bedfd59eace7fa35d 10.1/SRPMS/libtiff-3.6.1-4.5.101mdk.src.rpm

Mandriva Linux 10.1/X86_64:
654b54562e56514e58ef4399994828fa x86_64/10.1/RPMS/lib64tiff3-3.6.1-4.5.101mdk.x86_64.rpm
343bbae6a7abe46b24a202a02821a07e x86_64/10.1/RPMS/lib64tiff3-devel-3.6.1-4.5.101mdk.x86_64.rpm
6d0de9e296c970d08a564083e21a2786 x86_64/10.1/RPMS/lib64tiff3-static-devel-3.6.1-4.5.101mdk.x86_64.rpm
7e0eccb8d37af9b708b388a6d4d75d54 x86_64/10.1/RPMS/libtiff-progs-3.6.1-4.5.101mdk.x86_64.rpm
3a506f7863e4763bedfd59eace7fa35d x86_64/10.1/SRPMS/libtiff-3.6.1-4.5.101mdk.src.rpm

Mandriva Linux 10.2:
c068584c7aa1ae89efb36ce0c5b14160 10.2/RPMS/libtiff3-3.6.1-11.2.102mdk.i586.rpm
6eb5cf9446d9a496e8aae64dc7492c2b 10.2/RPMS/libtiff3-devel-3.6.1-11.2.102mdk.i586.rpm
45f8f2c2150e0a61987f5cfd260e8b95 10.2/RPMS/libtiff3-static-devel-3.6.1-11.2.102mdk.i586.rpm
506c68775de8e38d241ffe9b3781157f 10.2/RPMS/libtiff-progs-3.6.1-11.2.102mdk.i586.rpm
f7e150907d233e23ef76ea789b2d7c44 10.2/SRPMS/libtiff-3.6.1-11.2.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
d1bceb9a12fed4fbcd0649252a1ecd1b x86_64/10.2/RPMS/lib64tiff3-3.6.1-11.2.102mdk.x86_64.rpm
1a434979ec411035eae2374a65642f52 x86_64/10.2/RPMS/lib64tiff3-devel-3.6.1-11.2.102mdk.x86_64.rpm
9b1cf2d651f192e8791ee334c1992708 x86_64/10.2/RPMS/lib64tiff3-static-devel-3.6.1-11.2.102mdk.x86_64.rpm
ca642fa17270dcd6a6ac7b09b00be8e3 x86_64/10.2/RPMS/libtiff-progs-3.6.1-11.2.102mdk.x86_64.rpm
f7e150907d233e23ef76ea789b2d7c44 x86_64/10.2/SRPMS/libtiff-3.6.1-11.2.102mdk.src.rpm

Mandriva Linux 2006.0:
a348fb50ca0b796b8de29c5a73d948cd 2006.0/RPMS/libtiff3-3.6.1-12.1.20060mdk.i586.rpm
c8b9e7ac743064143fa4e2ec33d7a0be 2006.0/RPMS/libtiff3-devel-3.6.1-12.1.20060mdk.i586.rpm
423e3c0e276dc3cbd2133f28c4455a01 2006.0/RPMS/libtiff3-static-devel-3.6.1-12.1.20060mdk.i586.rpm
a662c2a15e11ce1904f1c2b16e307b47 2006.0/RPMS/libtiff-progs-3.6.1-12.1.20060mdk.i586.rpm
5b3c613b0cf4914f2ea7980bee0b1075 2006.0/SRPMS/libtiff-3.6.1-12.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
412a93e90c8ca0033222fb4fa285c40c x86_64/2006.0/RPMS/lib64tiff3-3.6.1-12.1.20060mdk.x86_64.rpm
a616419d1dac42e6378568d506af3243 x86_64/2006.0/RPMS/lib64tiff3-devel-3.6.1-12.1.20060mdk.x86_64.rpm
a2b13420b237f20594c99e67f41280b9 x86_64/2006.0/RPMS/lib64tiff3-static-devel-3.6.1-12.1.20060mdk.x86_64.rpm
b123710dd7bac780cafa6b364d0c66c6 x86_64/2006.0/RPMS/libtiff-progs-3.6.1-12.1.20060mdk.x86_64.rpm
5b3c613b0cf4914f2ea7980bee0b1075 x86_64/2006.0/SRPMS/libtiff-3.6.1-12.1.20060mdk.src.rpm

Corporate Server 2.1:
65625cf6d2423e08cb55aa3072ea8bc0 corporate/2.1/RPMS/libtiff3-3.5.7-6.3.C21mdk.i586.rpm
c2885652d48ee7ab99eb9d8cbd1c9b96 corporate/2.1/RPMS/libtiff3-devel-3.5.7-6.3.C21mdk.i586.rpm
46d494dc83316008bc9d42afe1d3cae1 corporate/2.1/RPMS/libtiff3-progs-3.5.7-6.3.C21mdk.i586.rpm
8dbb15a50d95c1eb6ce10a196ded4a33 corporate/2.1/RPMS/libtiff3-static-devel-3.5.7-6.3.C21mdk.i586.rpm
f59c7c98fbf88e7b9fdc4b8700b57c73 corporate/2.1/SRPMS/libtiff-3.5.7-6.3.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
f8a50f3bdd54476f4feddaf38766e327 x86_64/corporate/2.1/RPMS/libtiff3-3.5.7-6.3.C21mdk.x86_64.rpm
6a27ba65a07c0bfd85d6af99c458b16e x86_64/corporate/2.1/RPMS/libtiff3-devel-3.5.7-6.3.C21mdk.x86_64.rpm
834b25ee89971b460f2d4e5b30a43d70 x86_64/corporate/2.1/RPMS/libtiff3-progs-3.5.7-6.3.C21mdk.x86_64.rpm
b4af9bc083105212ce679785a563f848 x86_64/corporate/2.1/RPMS/libtiff3-static-devel-3.5.7-6.3.C21mdk.x86_64.rpm
f59c7c98fbf88e7b9fdc4b8700b57c73 x86_64/corporate/2.1/SRPMS/libtiff-3.5.7-6.3.C21mdk.src.rpm

Corporate 3.0:
3e938fac8a5ab8a63d00b09b9da396e4 corporate/3.0/RPMS/libtiff3-3.5.7-11.8.C30mdk.i586.rpm
b69459e20122fd6eb003c6b3b156a7c4 corporate/3.0/RPMS/libtiff3-devel-3.5.7-11.8.C30mdk.i586.rpm
883ee31b2a0dda864356d834e79651fc corporate/3.0/RPMS/libtiff3-static-devel-3.5.7-11.8.C30mdk.i586.rpm
86b6d48a497624f5adc80d8729e654a1 corporate/3.0/RPMS/libtiff-progs-3.5.7-11.8.C30mdk.i586.rpm
f834190347e2d9882bac86ac8ee6bb16 corporate/3.0/SRPMS/libtiff-3.5.7-11.8.C30mdk.src.rpm

Corporate 3.0/X86_64:
3d3ee562fb7d7503c21fa54f163fe061 x86_64/corporate/3.0/RPMS/lib64tiff3-3.5.7-11.8.C30mdk.x86_64.rpm
42b9a9ffd0e4895d434319d848f841bf x86_64/corporate/3.0/RPMS/lib64tiff3-devel-3.5.7-11.8.C30mdk.x86_64.rpm
3952bcda92d9825531f8cec3a038ea67 x86_64/corporate/3.0/RPMS/lib64tiff3-static-devel-3.5.7-11.8.C30mdk.x86_64.rpm
074665c6eb7034690e3631e1d8daa8f3 x86_64/corporate/3.0/RPMS/libtiff-progs-3.5.7-11.8.C30mdk.x86_64.rpm
f834190347e2d9882bac86ac8ee6bb16 x86_64/corporate/3.0/SRPMS/libtiff-3.5.7-11.8.C30mdk.src.rpm

Multi Network Firewall 2.0:
b63546d645da0f9c2ef4c70e7e0180c2 mnf/2.0/RPMS/libtiff3-3.5.7-11.8.M20mdk.i586.rpm
1871103683da18c6621fca20f600e2a9 mnf/2.0/SRPMS/libtiff-3.5.7-11.8.M20mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
lt;security*mandriva.comgt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFD9hdSmqjQ0CJFipgRAjhIAKDw53VTb92zjEFsG2zoShRhngc6ewCfdZjl
JsCiG5atLjW6h+ZGC4txfMc=
=WYx8
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/security_announce_mdksa_2006042__updated_libtiff_packages_fix_vulnerability.html)