lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed, 08 Aug 2012 14:58:00 +0200
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2012:127 ] libtiff

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2012:127
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : libtiff
 Date    : August 8, 2012
 Affected: 2011., Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability was found and corrected in libtiff:
 
 A heap-based buffer overflow flaw was found in the way tiff2pdf, a
 TIFF image to a PDF document conversion tool, of libtiff, a library
 of functions for manipulating TIFF (Tagged Image File Format) image
 format files, performed write of TIFF image content into particular PDF
 document file, when not properly initialized T2P context struct pointer
 has been provided by tiff2pdf (application requesting the conversion)
 as one of parameters for the routine performing the write. A remote
 attacker could provide a specially-crafted TIFF image format file,
 that when processed by tiff2pdf would lead to tiff2pdf executable
 crash or, potentially, arbitrary code execution with the privileges
 of the user running the tiff2pdf binary (CVE-2012-3401).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3401
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2011:
 415c8a711e94429c4187a4620f9d3eec  2011/i586/libtiff3-3.9.5-1.3-mdv2011.0.i586.rpm
 b99c8d1bfa16a1158a3e03692ba56335  2011/i586/libtiff-devel-3.9.5-1.3-mdv2011.0.i586.rpm
 a96608f5fae7aa711d1b64cbc76ca752  2011/i586/libtiff-progs-3.9.5-1.3-mdv2011.0.i586.rpm
 11a1fb628ef761d33294aef1eff34565  2011/i586/libtiff-static-devel-3.9.5-1.3-mdv2011.0.i586.rpm 
 9a9505df7408b0c75192ac502fd18504  2011/SRPMS/libtiff-3.9.5-1.3.src.rpm

 Mandriva Linux 2011/X86_64:
 c18a5d5069de99d93b3411998e6960d0  2011/x86_64/lib64tiff3-3.9.5-1.3-mdv2011.0.x86_64.rpm
 e326395e5ddf305ac322d1c57f436cd4  2011/x86_64/lib64tiff-devel-3.9.5-1.3-mdv2011.0.x86_64.rpm
 c8de4431798dcbd235c82e8764d348ad  2011/x86_64/lib64tiff-static-devel-3.9.5-1.3-mdv2011.0.x86_64.rpm
 ba66bfb07baed4c0848a64c2b7d94183  2011/x86_64/libtiff-progs-3.9.5-1.3-mdv2011.0.x86_64.rpm 
 9a9505df7408b0c75192ac502fd18504  2011/SRPMS/libtiff-3.9.5-1.3.src.rpm

 Mandriva Enterprise Server 5:
 3e94f2cd1306ce817f03b9e0d383d87a  mes5/i586/libtiff3-3.8.2-12.8mdvmes5.2.i586.rpm
 c08735b0c0f665235f422b05b59aaaae  mes5/i586/libtiff3-devel-3.8.2-12.8mdvmes5.2.i586.rpm
 fad7566f026aefd3fbae97f48e02aa91  mes5/i586/libtiff3-static-devel-3.8.2-12.8mdvmes5.2.i586.rpm
 1b5263306ed5890541f2ebcd5374aad9  mes5/i586/libtiff-progs-3.8.2-12.8mdvmes5.2.i586.rpm 
 4c0ee36afa646eaeaae78bdf425c399d  mes5/SRPMS/libtiff-3.8.2-12.8mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 09c6eddf7c45e53fe672c40fdefc7f6f  mes5/x86_64/lib64tiff3-3.8.2-12.8mdvmes5.2.x86_64.rpm
 7cde1e5ae217118a09ab14b898e59563  mes5/x86_64/lib64tiff3-devel-3.8.2-12.8mdvmes5.2.x86_64.rpm
 af9cb316c7a9a130267d089c1cfd64a5  mes5/x86_64/lib64tiff3-static-devel-3.8.2-12.8mdvmes5.2.x86_64.rpm
 2a716b33ff39a3518f57a4757c6c585c  mes5/x86_64/libtiff-progs-3.8.2-12.8mdvmes5.2.x86_64.rpm 
 4c0ee36afa646eaeaae78bdf425c399d  mes5/SRPMS/libtiff-3.8.2-12.8mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFQIjWKmqjQ0CJFipgRAu9aAKCFPFCguG+r8YzSC6NoNbuJqDHbowCfSCaK
zRjfu/1Oe46lSLkAwaBsCqM=
=3KUE
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ