lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <E1E5bTI-0004kV-LP@mercury.mandriva.com>
Date: Wed, 17 Aug 2005 21:53:40 -0600
From: Mandriva Security Team <security@...driva.com>
To: bugtraq@...urityfocus.com
Subject: MDKSA-2005:142 - Updated libtiff packages fixes vulnerability


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           libtiff
 Advisory ID:            MDKSA-2005:142
 Date:                   August 17th, 2005

 Affected versions:	 10.0, 10.1, 10.2, Corporate 3.0,
			 Corporate Server 2.1,
			 Multi Network Firewall 2.0
 ______________________________________________________________________

 Problem Description:

 Wouter Hanegraaff discovered that the TIFF library did not sufficiently
 validate the "YCbCr subsampling" value in TIFF image headers. Decoding 
 a malicious image with a zero value resulted in an arithmetic exception, 
 which can cause a program that uses the TIFF library to crash. 
 
 The updated packages are patched to protect against this vulnerability.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2452
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 cc0fa1b1b5fd12c4083cc9eb98a5458f  10.0/RPMS/libtiff-progs-3.5.7-11.7.100mdk.i586.rpm
 8fb0219e7d642d2fdc241d8927421d48  10.0/RPMS/libtiff3-3.5.7-11.7.100mdk.i586.rpm
 cbfd4d23c8ac8562c92e55a035d80a67  10.0/RPMS/libtiff3-devel-3.5.7-11.7.100mdk.i586.rpm
 e74038d540e7d00a1b050f7b26cd56a9  10.0/RPMS/libtiff3-static-devel-3.5.7-11.7.100mdk.i586.rpm
 f7d3fce17d5e63a28f9438a29e640aa4  10.0/SRPMS/libtiff-3.5.7-11.7.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 a3b989bdce7af31d4886466ff1441526  amd64/10.0/RPMS/lib64tiff3-3.5.7-11.7.100mdk.amd64.rpm
 97d58685556a85cb2ab884f7ebadb536  amd64/10.0/RPMS/lib64tiff3-devel-3.5.7-11.7.100mdk.amd64.rpm
 8b8ddac45016f59118a7779ff6d027c6  amd64/10.0/RPMS/lib64tiff3-static-devel-3.5.7-11.7.100mdk.amd64.rpm
 30c99b6bb385cd3dfc98d50c8a3c9196  amd64/10.0/RPMS/libtiff-progs-3.5.7-11.7.100mdk.amd64.rpm
 f7d3fce17d5e63a28f9438a29e640aa4  amd64/10.0/SRPMS/libtiff-3.5.7-11.7.100mdk.src.rpm

 Mandrakelinux 10.1:
 c76c200a605c1f0584782fb49518e29d  10.1/RPMS/libtiff-progs-3.6.1-4.4.101mdk.i586.rpm
 773afaac9d2ed45b124216a7b8059f55  10.1/RPMS/libtiff3-3.6.1-4.4.101mdk.i586.rpm
 bcc744f04a6a8b772fa3c63ad5e5bda3  10.1/RPMS/libtiff3-devel-3.6.1-4.4.101mdk.i586.rpm
 c2f0a831fc371041221c54f288e99bb2  10.1/RPMS/libtiff3-static-devel-3.6.1-4.4.101mdk.i586.rpm
 835e5009fabee9050f055d951a3d0f8a  10.1/SRPMS/libtiff-3.6.1-4.4.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 d2cec129a11f6c1181c486eed8a024ab  x86_64/10.1/RPMS/lib64tiff3-3.6.1-4.4.101mdk.x86_64.rpm
 73321d2e2a109f6993c8e44879284139  x86_64/10.1/RPMS/lib64tiff3-devel-3.6.1-4.4.101mdk.x86_64.rpm
 28f7ea7a0ee1954a64e0c9d1ca17f224  x86_64/10.1/RPMS/lib64tiff3-static-devel-3.6.1-4.4.101mdk.x86_64.rpm
 f2c2b82c083d035f32e105437c00ef40  x86_64/10.1/RPMS/libtiff-progs-3.6.1-4.4.101mdk.x86_64.rpm
 835e5009fabee9050f055d951a3d0f8a  x86_64/10.1/SRPMS/libtiff-3.6.1-4.4.101mdk.src.rpm

 Mandrakelinux 10.2:
 ddfec22eb079ad3e3c3e181581a32515  10.2/RPMS/libtiff-progs-3.6.1-11.1.102mdk.i586.rpm
 85002ad26c89bd5f00f49aa7848914ed  10.2/RPMS/libtiff3-3.6.1-11.1.102mdk.i586.rpm
 1680f0094d4a1f4d7783a63536992342  10.2/RPMS/libtiff3-devel-3.6.1-11.1.102mdk.i586.rpm
 ab5d56da0e46e583d7d5559b460c015b  10.2/RPMS/libtiff3-static-devel-3.6.1-11.1.102mdk.i586.rpm
 60bd2c3885e06f49e97ed114ea22c260  10.2/SRPMS/libtiff-3.6.1-11.1.102mdk.src.rpm

 Mandrakelinux 10.2/X86_64:
 b19a75b4230c1a67febfbbd1d7e3bd0b  x86_64/10.2/RPMS/lib64tiff3-3.6.1-11.1.102mdk.x86_64.rpm
 dd11b518706b082c138aa4a7a427235d  x86_64/10.2/RPMS/lib64tiff3-devel-3.6.1-11.1.102mdk.x86_64.rpm
 78da0140db6312a7813e21da700cc129  x86_64/10.2/RPMS/lib64tiff3-static-devel-3.6.1-11.1.102mdk.x86_64.rpm
 1a3d856456e521653f3f94b29b561b1d  x86_64/10.2/RPMS/libtiff-progs-3.6.1-11.1.102mdk.x86_64.rpm
 60bd2c3885e06f49e97ed114ea22c260  x86_64/10.2/SRPMS/libtiff-3.6.1-11.1.102mdk.src.rpm

 Multi Network Firewall 2.0:
 29096b79d63f19c6e6602b6fe8859bae  mnf/2.0/RPMS/libtiff3-3.5.7-11.7.M20mdk.i586.rpm
 6983f0e032014df1ffeeb14306e5d410  mnf/2.0/SRPMS/libtiff-3.5.7-11.7.M20mdk.src.rpm

 Corporate Server 2.1:
 e17fd0f6fdf37c67d7cc94223806b652  corporate/2.1/RPMS/libtiff3-3.5.7-6.2.C21mdk.i586.rpm
 ae1dee85cddb636fa9126fd14e5c9384  corporate/2.1/RPMS/libtiff3-devel-3.5.7-6.2.C21mdk.i586.rpm
 659cc8d21c830f379ebf92d45fe92b0c  corporate/2.1/RPMS/libtiff3-progs-3.5.7-6.2.C21mdk.i586.rpm
 473e992205374da87b91cb8fdd9b6d65  corporate/2.1/RPMS/libtiff3-static-devel-3.5.7-6.2.C21mdk.i586.rpm
 261d009314678a8e54d903234e53f2d5  corporate/2.1/SRPMS/libtiff-3.5.7-6.2.C21mdk.src.rpm

 Corporate Server 2.1/X86_64:
 b9a3c705853bfc458adbbe7b9b35292c  x86_64/corporate/2.1/RPMS/libtiff3-3.5.7-6.2.C21mdk.x86_64.rpm
 ccb61469627ec442bbb1606e2c5493fe  x86_64/corporate/2.1/RPMS/libtiff3-devel-3.5.7-6.2.C21mdk.x86_64.rpm
 ed0414cff8b668737b401b3874295fb0  x86_64/corporate/2.1/RPMS/libtiff3-progs-3.5.7-6.2.C21mdk.x86_64.rpm
 2cb106b7e639a4adbf866fcf0bcb95a2  x86_64/corporate/2.1/RPMS/libtiff3-static-devel-3.5.7-6.2.C21mdk.x86_64.rpm
 261d009314678a8e54d903234e53f2d5  x86_64/corporate/2.1/SRPMS/libtiff-3.5.7-6.2.C21mdk.src.rpm

 Corporate 3.0:
 5d467dc33e472e58f78111bef860b052  corporate/3.0/RPMS/libtiff-progs-3.5.7-11.7.C30mdk.i586.rpm
 c6e92b32bb20db8d058299b3da175a55  corporate/3.0/RPMS/libtiff3-3.5.7-11.7.C30mdk.i586.rpm
 e104fdfdfc2e3df51e459a5e56169c41  corporate/3.0/RPMS/libtiff3-devel-3.5.7-11.7.C30mdk.i586.rpm
 e725905e66036c32093aaa4b478e5c6a  corporate/3.0/RPMS/libtiff3-static-devel-3.5.7-11.7.C30mdk.i586.rpm
 6bd7338ff5198c5f9edd77b31ecf7190  corporate/3.0/SRPMS/libtiff-3.5.7-11.7.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 3c87ea4b94f226decf5a8e751ec9ad17  x86_64/corporate/3.0/RPMS/lib64tiff3-3.5.7-11.7.C30mdk.x86_64.rpm
 5b5663889c26d6c52de85dc300bcab18  x86_64/corporate/3.0/RPMS/lib64tiff3-devel-3.5.7-11.7.C30mdk.x86_64.rpm
 aa63bf920d4c74f6ce6cabc896846241  x86_64/corporate/3.0/RPMS/lib64tiff3-static-devel-3.5.7-11.7.C30mdk.x86_64.rpm
 022ac2f20e0c349d7dcce42e6cbe7a6c  x86_64/corporate/3.0/RPMS/libtiff-progs-3.5.7-11.7.C30mdk.x86_64.rpm
 6bd7338ff5198c5f9edd77b31ecf7190  x86_64/corporate/3.0/SRPMS/libtiff-3.5.7-11.7.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDBAZEmqjQ0CJFipgRAmp9AJkBTO4Jn7u56BUqf/sIe1zuaQTBggCfdb/8
To/G8qtCJOu5vcXbCtCA68w=
=8pu+
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ