<<< Date Index >>>     <<< Thread Index >>>

MDKSA-2005:142 - Updated libtiff packages fixes vulnerability



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           libtiff
 Advisory ID:            MDKSA-2005:142
 Date:                   August 17th, 2005

 Affected versions:      10.0, 10.1, 10.2, Corporate 3.0,
                         Corporate Server 2.1,
                         Multi Network Firewall 2.0
 ______________________________________________________________________

 Problem Description:

 Wouter Hanegraaff discovered that the TIFF library did not sufficiently
 validate the "YCbCr subsampling" value in TIFF image headers. Decoding 
 a malicious image with a zero value resulted in an arithmetic exception, 
 which can cause a program that uses the TIFF library to crash. 
 
 The updated packages are patched to protect against this vulnerability.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2452
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 cc0fa1b1b5fd12c4083cc9eb98a5458f  
10.0/RPMS/libtiff-progs-3.5.7-11.7.100mdk.i586.rpm
 8fb0219e7d642d2fdc241d8927421d48  10.0/RPMS/libtiff3-3.5.7-11.7.100mdk.i586.rpm
 cbfd4d23c8ac8562c92e55a035d80a67  
10.0/RPMS/libtiff3-devel-3.5.7-11.7.100mdk.i586.rpm
 e74038d540e7d00a1b050f7b26cd56a9  
10.0/RPMS/libtiff3-static-devel-3.5.7-11.7.100mdk.i586.rpm
 f7d3fce17d5e63a28f9438a29e640aa4  10.0/SRPMS/libtiff-3.5.7-11.7.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 a3b989bdce7af31d4886466ff1441526  
amd64/10.0/RPMS/lib64tiff3-3.5.7-11.7.100mdk.amd64.rpm
 97d58685556a85cb2ab884f7ebadb536  
amd64/10.0/RPMS/lib64tiff3-devel-3.5.7-11.7.100mdk.amd64.rpm
 8b8ddac45016f59118a7779ff6d027c6  
amd64/10.0/RPMS/lib64tiff3-static-devel-3.5.7-11.7.100mdk.amd64.rpm
 30c99b6bb385cd3dfc98d50c8a3c9196  
amd64/10.0/RPMS/libtiff-progs-3.5.7-11.7.100mdk.amd64.rpm
 f7d3fce17d5e63a28f9438a29e640aa4  
amd64/10.0/SRPMS/libtiff-3.5.7-11.7.100mdk.src.rpm

 Mandrakelinux 10.1:
 c76c200a605c1f0584782fb49518e29d  
10.1/RPMS/libtiff-progs-3.6.1-4.4.101mdk.i586.rpm
 773afaac9d2ed45b124216a7b8059f55  10.1/RPMS/libtiff3-3.6.1-4.4.101mdk.i586.rpm
 bcc744f04a6a8b772fa3c63ad5e5bda3  
10.1/RPMS/libtiff3-devel-3.6.1-4.4.101mdk.i586.rpm
 c2f0a831fc371041221c54f288e99bb2  
10.1/RPMS/libtiff3-static-devel-3.6.1-4.4.101mdk.i586.rpm
 835e5009fabee9050f055d951a3d0f8a  10.1/SRPMS/libtiff-3.6.1-4.4.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 d2cec129a11f6c1181c486eed8a024ab  
x86_64/10.1/RPMS/lib64tiff3-3.6.1-4.4.101mdk.x86_64.rpm
 73321d2e2a109f6993c8e44879284139  
x86_64/10.1/RPMS/lib64tiff3-devel-3.6.1-4.4.101mdk.x86_64.rpm
 28f7ea7a0ee1954a64e0c9d1ca17f224  
x86_64/10.1/RPMS/lib64tiff3-static-devel-3.6.1-4.4.101mdk.x86_64.rpm
 f2c2b82c083d035f32e105437c00ef40  
x86_64/10.1/RPMS/libtiff-progs-3.6.1-4.4.101mdk.x86_64.rpm
 835e5009fabee9050f055d951a3d0f8a  
x86_64/10.1/SRPMS/libtiff-3.6.1-4.4.101mdk.src.rpm

 Mandrakelinux 10.2:
 ddfec22eb079ad3e3c3e181581a32515  
10.2/RPMS/libtiff-progs-3.6.1-11.1.102mdk.i586.rpm
 85002ad26c89bd5f00f49aa7848914ed  10.2/RPMS/libtiff3-3.6.1-11.1.102mdk.i586.rpm
 1680f0094d4a1f4d7783a63536992342  
10.2/RPMS/libtiff3-devel-3.6.1-11.1.102mdk.i586.rpm
 ab5d56da0e46e583d7d5559b460c015b  
10.2/RPMS/libtiff3-static-devel-3.6.1-11.1.102mdk.i586.rpm
 60bd2c3885e06f49e97ed114ea22c260  10.2/SRPMS/libtiff-3.6.1-11.1.102mdk.src.rpm

 Mandrakelinux 10.2/X86_64:
 b19a75b4230c1a67febfbbd1d7e3bd0b  
x86_64/10.2/RPMS/lib64tiff3-3.6.1-11.1.102mdk.x86_64.rpm
 dd11b518706b082c138aa4a7a427235d  
x86_64/10.2/RPMS/lib64tiff3-devel-3.6.1-11.1.102mdk.x86_64.rpm
 78da0140db6312a7813e21da700cc129  
x86_64/10.2/RPMS/lib64tiff3-static-devel-3.6.1-11.1.102mdk.x86_64.rpm
 1a3d856456e521653f3f94b29b561b1d  
x86_64/10.2/RPMS/libtiff-progs-3.6.1-11.1.102mdk.x86_64.rpm
 60bd2c3885e06f49e97ed114ea22c260  
x86_64/10.2/SRPMS/libtiff-3.6.1-11.1.102mdk.src.rpm

 Multi Network Firewall 2.0:
 29096b79d63f19c6e6602b6fe8859bae  
mnf/2.0/RPMS/libtiff3-3.5.7-11.7.M20mdk.i586.rpm
 6983f0e032014df1ffeeb14306e5d410  
mnf/2.0/SRPMS/libtiff-3.5.7-11.7.M20mdk.src.rpm

 Corporate Server 2.1:
 e17fd0f6fdf37c67d7cc94223806b652  
corporate/2.1/RPMS/libtiff3-3.5.7-6.2.C21mdk.i586.rpm
 ae1dee85cddb636fa9126fd14e5c9384  
corporate/2.1/RPMS/libtiff3-devel-3.5.7-6.2.C21mdk.i586.rpm
 659cc8d21c830f379ebf92d45fe92b0c  
corporate/2.1/RPMS/libtiff3-progs-3.5.7-6.2.C21mdk.i586.rpm
 473e992205374da87b91cb8fdd9b6d65  
corporate/2.1/RPMS/libtiff3-static-devel-3.5.7-6.2.C21mdk.i586.rpm
 261d009314678a8e54d903234e53f2d5  
corporate/2.1/SRPMS/libtiff-3.5.7-6.2.C21mdk.src.rpm

 Corporate Server 2.1/X86_64:
 b9a3c705853bfc458adbbe7b9b35292c  
x86_64/corporate/2.1/RPMS/libtiff3-3.5.7-6.2.C21mdk.x86_64.rpm
 ccb61469627ec442bbb1606e2c5493fe  
x86_64/corporate/2.1/RPMS/libtiff3-devel-3.5.7-6.2.C21mdk.x86_64.rpm
 ed0414cff8b668737b401b3874295fb0  
x86_64/corporate/2.1/RPMS/libtiff3-progs-3.5.7-6.2.C21mdk.x86_64.rpm
 2cb106b7e639a4adbf866fcf0bcb95a2  
x86_64/corporate/2.1/RPMS/libtiff3-static-devel-3.5.7-6.2.C21mdk.x86_64.rpm
 261d009314678a8e54d903234e53f2d5  
x86_64/corporate/2.1/SRPMS/libtiff-3.5.7-6.2.C21mdk.src.rpm

 Corporate 3.0:
 5d467dc33e472e58f78111bef860b052  
corporate/3.0/RPMS/libtiff-progs-3.5.7-11.7.C30mdk.i586.rpm
 c6e92b32bb20db8d058299b3da175a55  
corporate/3.0/RPMS/libtiff3-3.5.7-11.7.C30mdk.i586.rpm
 e104fdfdfc2e3df51e459a5e56169c41  
corporate/3.0/RPMS/libtiff3-devel-3.5.7-11.7.C30mdk.i586.rpm
 e725905e66036c32093aaa4b478e5c6a  
corporate/3.0/RPMS/libtiff3-static-devel-3.5.7-11.7.C30mdk.i586.rpm
 6bd7338ff5198c5f9edd77b31ecf7190  
corporate/3.0/SRPMS/libtiff-3.5.7-11.7.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 3c87ea4b94f226decf5a8e751ec9ad17  
x86_64/corporate/3.0/RPMS/lib64tiff3-3.5.7-11.7.C30mdk.x86_64.rpm
 5b5663889c26d6c52de85dc300bcab18  
x86_64/corporate/3.0/RPMS/lib64tiff3-devel-3.5.7-11.7.C30mdk.x86_64.rpm
 aa63bf920d4c74f6ce6cabc896846241  
x86_64/corporate/3.0/RPMS/lib64tiff3-static-devel-3.5.7-11.7.C30mdk.x86_64.rpm
 022ac2f20e0c349d7dcce42e6cbe7a6c  
x86_64/corporate/3.0/RPMS/libtiff-progs-3.5.7-11.7.C30mdk.x86_64.rpm
 6bd7338ff5198c5f9edd77b31ecf7190  
x86_64/corporate/3.0/SRPMS/libtiff-3.5.7-11.7.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDBAZEmqjQ0CJFipgRAmp9AJkBTO4Jn7u56BUqf/sIe1zuaQTBggCfdb/8
To/G8qtCJOu5vcXbCtCA68w=
=8pu+
-----END PGP SIGNATURE-----