MDKSA-2005:142 - Updated libtiff packages fixes vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: libtiff
Advisory ID: MDKSA-2005:142
Date: August 17th, 2005
Affected versions: 10.0, 10.1, 10.2, Corporate 3.0,
Corporate Server 2.1,
Multi Network Firewall 2.0
______________________________________________________________________
Problem Description:
Wouter Hanegraaff discovered that the TIFF library did not sufficiently
validate the "YCbCr subsampling" value in TIFF image headers. Decoding
a malicious image with a zero value resulted in an arithmetic exception,
which can cause a program that uses the TIFF library to crash.
The updated packages are patched to protect against this vulnerability.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2452
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
cc0fa1b1b5fd12c4083cc9eb98a5458f
10.0/RPMS/libtiff-progs-3.5.7-11.7.100mdk.i586.rpm
8fb0219e7d642d2fdc241d8927421d48 10.0/RPMS/libtiff3-3.5.7-11.7.100mdk.i586.rpm
cbfd4d23c8ac8562c92e55a035d80a67
10.0/RPMS/libtiff3-devel-3.5.7-11.7.100mdk.i586.rpm
e74038d540e7d00a1b050f7b26cd56a9
10.0/RPMS/libtiff3-static-devel-3.5.7-11.7.100mdk.i586.rpm
f7d3fce17d5e63a28f9438a29e640aa4 10.0/SRPMS/libtiff-3.5.7-11.7.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
a3b989bdce7af31d4886466ff1441526
amd64/10.0/RPMS/lib64tiff3-3.5.7-11.7.100mdk.amd64.rpm
97d58685556a85cb2ab884f7ebadb536
amd64/10.0/RPMS/lib64tiff3-devel-3.5.7-11.7.100mdk.amd64.rpm
8b8ddac45016f59118a7779ff6d027c6
amd64/10.0/RPMS/lib64tiff3-static-devel-3.5.7-11.7.100mdk.amd64.rpm
30c99b6bb385cd3dfc98d50c8a3c9196
amd64/10.0/RPMS/libtiff-progs-3.5.7-11.7.100mdk.amd64.rpm
f7d3fce17d5e63a28f9438a29e640aa4
amd64/10.0/SRPMS/libtiff-3.5.7-11.7.100mdk.src.rpm
Mandrakelinux 10.1:
c76c200a605c1f0584782fb49518e29d
10.1/RPMS/libtiff-progs-3.6.1-4.4.101mdk.i586.rpm
773afaac9d2ed45b124216a7b8059f55 10.1/RPMS/libtiff3-3.6.1-4.4.101mdk.i586.rpm
bcc744f04a6a8b772fa3c63ad5e5bda3
10.1/RPMS/libtiff3-devel-3.6.1-4.4.101mdk.i586.rpm
c2f0a831fc371041221c54f288e99bb2
10.1/RPMS/libtiff3-static-devel-3.6.1-4.4.101mdk.i586.rpm
835e5009fabee9050f055d951a3d0f8a 10.1/SRPMS/libtiff-3.6.1-4.4.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
d2cec129a11f6c1181c486eed8a024ab
x86_64/10.1/RPMS/lib64tiff3-3.6.1-4.4.101mdk.x86_64.rpm
73321d2e2a109f6993c8e44879284139
x86_64/10.1/RPMS/lib64tiff3-devel-3.6.1-4.4.101mdk.x86_64.rpm
28f7ea7a0ee1954a64e0c9d1ca17f224
x86_64/10.1/RPMS/lib64tiff3-static-devel-3.6.1-4.4.101mdk.x86_64.rpm
f2c2b82c083d035f32e105437c00ef40
x86_64/10.1/RPMS/libtiff-progs-3.6.1-4.4.101mdk.x86_64.rpm
835e5009fabee9050f055d951a3d0f8a
x86_64/10.1/SRPMS/libtiff-3.6.1-4.4.101mdk.src.rpm
Mandrakelinux 10.2:
ddfec22eb079ad3e3c3e181581a32515
10.2/RPMS/libtiff-progs-3.6.1-11.1.102mdk.i586.rpm
85002ad26c89bd5f00f49aa7848914ed 10.2/RPMS/libtiff3-3.6.1-11.1.102mdk.i586.rpm
1680f0094d4a1f4d7783a63536992342
10.2/RPMS/libtiff3-devel-3.6.1-11.1.102mdk.i586.rpm
ab5d56da0e46e583d7d5559b460c015b
10.2/RPMS/libtiff3-static-devel-3.6.1-11.1.102mdk.i586.rpm
60bd2c3885e06f49e97ed114ea22c260 10.2/SRPMS/libtiff-3.6.1-11.1.102mdk.src.rpm
Mandrakelinux 10.2/X86_64:
b19a75b4230c1a67febfbbd1d7e3bd0b
x86_64/10.2/RPMS/lib64tiff3-3.6.1-11.1.102mdk.x86_64.rpm
dd11b518706b082c138aa4a7a427235d
x86_64/10.2/RPMS/lib64tiff3-devel-3.6.1-11.1.102mdk.x86_64.rpm
78da0140db6312a7813e21da700cc129
x86_64/10.2/RPMS/lib64tiff3-static-devel-3.6.1-11.1.102mdk.x86_64.rpm
1a3d856456e521653f3f94b29b561b1d
x86_64/10.2/RPMS/libtiff-progs-3.6.1-11.1.102mdk.x86_64.rpm
60bd2c3885e06f49e97ed114ea22c260
x86_64/10.2/SRPMS/libtiff-3.6.1-11.1.102mdk.src.rpm
Multi Network Firewall 2.0:
29096b79d63f19c6e6602b6fe8859bae
mnf/2.0/RPMS/libtiff3-3.5.7-11.7.M20mdk.i586.rpm
6983f0e032014df1ffeeb14306e5d410
mnf/2.0/SRPMS/libtiff-3.5.7-11.7.M20mdk.src.rpm
Corporate Server 2.1:
e17fd0f6fdf37c67d7cc94223806b652
corporate/2.1/RPMS/libtiff3-3.5.7-6.2.C21mdk.i586.rpm
ae1dee85cddb636fa9126fd14e5c9384
corporate/2.1/RPMS/libtiff3-devel-3.5.7-6.2.C21mdk.i586.rpm
659cc8d21c830f379ebf92d45fe92b0c
corporate/2.1/RPMS/libtiff3-progs-3.5.7-6.2.C21mdk.i586.rpm
473e992205374da87b91cb8fdd9b6d65
corporate/2.1/RPMS/libtiff3-static-devel-3.5.7-6.2.C21mdk.i586.rpm
261d009314678a8e54d903234e53f2d5
corporate/2.1/SRPMS/libtiff-3.5.7-6.2.C21mdk.src.rpm
Corporate Server 2.1/X86_64:
b9a3c705853bfc458adbbe7b9b35292c
x86_64/corporate/2.1/RPMS/libtiff3-3.5.7-6.2.C21mdk.x86_64.rpm
ccb61469627ec442bbb1606e2c5493fe
x86_64/corporate/2.1/RPMS/libtiff3-devel-3.5.7-6.2.C21mdk.x86_64.rpm
ed0414cff8b668737b401b3874295fb0
x86_64/corporate/2.1/RPMS/libtiff3-progs-3.5.7-6.2.C21mdk.x86_64.rpm
2cb106b7e639a4adbf866fcf0bcb95a2
x86_64/corporate/2.1/RPMS/libtiff3-static-devel-3.5.7-6.2.C21mdk.x86_64.rpm
261d009314678a8e54d903234e53f2d5
x86_64/corporate/2.1/SRPMS/libtiff-3.5.7-6.2.C21mdk.src.rpm
Corporate 3.0:
5d467dc33e472e58f78111bef860b052
corporate/3.0/RPMS/libtiff-progs-3.5.7-11.7.C30mdk.i586.rpm
c6e92b32bb20db8d058299b3da175a55
corporate/3.0/RPMS/libtiff3-3.5.7-11.7.C30mdk.i586.rpm
e104fdfdfc2e3df51e459a5e56169c41
corporate/3.0/RPMS/libtiff3-devel-3.5.7-11.7.C30mdk.i586.rpm
e725905e66036c32093aaa4b478e5c6a
corporate/3.0/RPMS/libtiff3-static-devel-3.5.7-11.7.C30mdk.i586.rpm
6bd7338ff5198c5f9edd77b31ecf7190
corporate/3.0/SRPMS/libtiff-3.5.7-11.7.C30mdk.src.rpm
Corporate 3.0/X86_64:
3c87ea4b94f226decf5a8e751ec9ad17
x86_64/corporate/3.0/RPMS/lib64tiff3-3.5.7-11.7.C30mdk.x86_64.rpm
5b5663889c26d6c52de85dc300bcab18
x86_64/corporate/3.0/RPMS/lib64tiff3-devel-3.5.7-11.7.C30mdk.x86_64.rpm
aa63bf920d4c74f6ce6cabc896846241
x86_64/corporate/3.0/RPMS/lib64tiff3-static-devel-3.5.7-11.7.C30mdk.x86_64.rpm
022ac2f20e0c349d7dcce42e6cbe7a6c
x86_64/corporate/3.0/RPMS/libtiff-progs-3.5.7-11.7.C30mdk.x86_64.rpm
6bd7338ff5198c5f9edd77b31ecf7190
x86_64/corporate/3.0/SRPMS/libtiff-3.5.7-11.7.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFDBAZEmqjQ0CJFipgRAmp9AJkBTO4Jn7u56BUqf/sIe1zuaQTBggCfdb/8
To/G8qtCJOu5vcXbCtCA68w=
=8pu+
-----END PGP SIGNATURE-----