lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <E1FADFk-00040U-As@mercury.mandriva.com>
Date: Fri, 17 Feb 2006 14:35:00 -0700
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDKSA-2006:042 ] - Updated libtiff packages fix vulnerability



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:042
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : libtiff
 Date    : February 17, 2006
 Affected: 10.1, 10.2, 2006.0, Corporate 2.1, Corporate 3.0,
           Multi Network Firewall 2.0
 _______________________________________________________________________
 
 Problem Description:
 
 Stack-based buffer overflow in libTIFF before 3.7.2 allows remote
 attackers to execute arbitrary code via a TIFF file with a malformed
 BitsPerSample tag.  Although some of the previous updates appear to
 already catch this issue, this update adds some additional checks.
  
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1544
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 10.1:
 9530bfcd8e569b46eba4dd512e0bfe5a  10.1/RPMS/libtiff3-3.6.1-4.5.101mdk.i586.rpm
 483c2c0896b6cf200e7c51311b074a27  10.1/RPMS/libtiff3-devel-3.6.1-4.5.101mdk.i586.rpm
 07cbbe83a27bd3a92c23bcff410f3e13  10.1/RPMS/libtiff3-static-devel-3.6.1-4.5.101mdk.i586.rpm
 5bbdf0e8b3d5e9cc98a0c291d9629f1a  10.1/RPMS/libtiff-progs-3.6.1-4.5.101mdk.i586.rpm
 3a506f7863e4763bedfd59eace7fa35d  10.1/SRPMS/libtiff-3.6.1-4.5.101mdk.src.rpm

 Mandriva Linux 10.1/X86_64:
 654b54562e56514e58ef4399994828fa  x86_64/10.1/RPMS/lib64tiff3-3.6.1-4.5.101mdk.x86_64.rpm
 343bbae6a7abe46b24a202a02821a07e  x86_64/10.1/RPMS/lib64tiff3-devel-3.6.1-4.5.101mdk.x86_64.rpm
 6d0de9e296c970d08a564083e21a2786  x86_64/10.1/RPMS/lib64tiff3-static-devel-3.6.1-4.5.101mdk.x86_64.rpm
 7e0eccb8d37af9b708b388a6d4d75d54  x86_64/10.1/RPMS/libtiff-progs-3.6.1-4.5.101mdk.x86_64.rpm
 3a506f7863e4763bedfd59eace7fa35d  x86_64/10.1/SRPMS/libtiff-3.6.1-4.5.101mdk.src.rpm

 Mandriva Linux 10.2:
 c068584c7aa1ae89efb36ce0c5b14160  10.2/RPMS/libtiff3-3.6.1-11.2.102mdk.i586.rpm
 6eb5cf9446d9a496e8aae64dc7492c2b  10.2/RPMS/libtiff3-devel-3.6.1-11.2.102mdk.i586.rpm
 45f8f2c2150e0a61987f5cfd260e8b95  10.2/RPMS/libtiff3-static-devel-3.6.1-11.2.102mdk.i586.rpm
 506c68775de8e38d241ffe9b3781157f  10.2/RPMS/libtiff-progs-3.6.1-11.2.102mdk.i586.rpm
 f7e150907d233e23ef76ea789b2d7c44  10.2/SRPMS/libtiff-3.6.1-11.2.102mdk.src.rpm

 Mandriva Linux 10.2/X86_64:
 d1bceb9a12fed4fbcd0649252a1ecd1b  x86_64/10.2/RPMS/lib64tiff3-3.6.1-11.2.102mdk.x86_64.rpm
 1a434979ec411035eae2374a65642f52  x86_64/10.2/RPMS/lib64tiff3-devel-3.6.1-11.2.102mdk.x86_64.rpm
 9b1cf2d651f192e8791ee334c1992708  x86_64/10.2/RPMS/lib64tiff3-static-devel-3.6.1-11.2.102mdk.x86_64.rpm
 ca642fa17270dcd6a6ac7b09b00be8e3  x86_64/10.2/RPMS/libtiff-progs-3.6.1-11.2.102mdk.x86_64.rpm
 f7e150907d233e23ef76ea789b2d7c44  x86_64/10.2/SRPMS/libtiff-3.6.1-11.2.102mdk.src.rpm

 Mandriva Linux 2006.0:
 a348fb50ca0b796b8de29c5a73d948cd  2006.0/RPMS/libtiff3-3.6.1-12.1.20060mdk.i586.rpm
 c8b9e7ac743064143fa4e2ec33d7a0be  2006.0/RPMS/libtiff3-devel-3.6.1-12.1.20060mdk.i586.rpm
 423e3c0e276dc3cbd2133f28c4455a01  2006.0/RPMS/libtiff3-static-devel-3.6.1-12.1.20060mdk.i586.rpm
 a662c2a15e11ce1904f1c2b16e307b47  2006.0/RPMS/libtiff-progs-3.6.1-12.1.20060mdk.i586.rpm
 5b3c613b0cf4914f2ea7980bee0b1075  2006.0/SRPMS/libtiff-3.6.1-12.1.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 412a93e90c8ca0033222fb4fa285c40c  x86_64/2006.0/RPMS/lib64tiff3-3.6.1-12.1.20060mdk.x86_64.rpm
 a616419d1dac42e6378568d506af3243  x86_64/2006.0/RPMS/lib64tiff3-devel-3.6.1-12.1.20060mdk.x86_64.rpm
 a2b13420b237f20594c99e67f41280b9  x86_64/2006.0/RPMS/lib64tiff3-static-devel-3.6.1-12.1.20060mdk.x86_64.rpm
 b123710dd7bac780cafa6b364d0c66c6  x86_64/2006.0/RPMS/libtiff-progs-3.6.1-12.1.20060mdk.x86_64.rpm
 5b3c613b0cf4914f2ea7980bee0b1075  x86_64/2006.0/SRPMS/libtiff-3.6.1-12.1.20060mdk.src.rpm

 Corporate Server 2.1:
 65625cf6d2423e08cb55aa3072ea8bc0  corporate/2.1/RPMS/libtiff3-3.5.7-6.3.C21mdk.i586.rpm
 c2885652d48ee7ab99eb9d8cbd1c9b96  corporate/2.1/RPMS/libtiff3-devel-3.5.7-6.3.C21mdk.i586.rpm
 46d494dc83316008bc9d42afe1d3cae1  corporate/2.1/RPMS/libtiff3-progs-3.5.7-6.3.C21mdk.i586.rpm
 8dbb15a50d95c1eb6ce10a196ded4a33  corporate/2.1/RPMS/libtiff3-static-devel-3.5.7-6.3.C21mdk.i586.rpm
 f59c7c98fbf88e7b9fdc4b8700b57c73  corporate/2.1/SRPMS/libtiff-3.5.7-6.3.C21mdk.src.rpm

 Corporate Server 2.1/X86_64:
 f8a50f3bdd54476f4feddaf38766e327  x86_64/corporate/2.1/RPMS/libtiff3-3.5.7-6.3.C21mdk.x86_64.rpm
 6a27ba65a07c0bfd85d6af99c458b16e  x86_64/corporate/2.1/RPMS/libtiff3-devel-3.5.7-6.3.C21mdk.x86_64.rpm
 834b25ee89971b460f2d4e5b30a43d70  x86_64/corporate/2.1/RPMS/libtiff3-progs-3.5.7-6.3.C21mdk.x86_64.rpm
 b4af9bc083105212ce679785a563f848  x86_64/corporate/2.1/RPMS/libtiff3-static-devel-3.5.7-6.3.C21mdk.x86_64.rpm
 f59c7c98fbf88e7b9fdc4b8700b57c73  x86_64/corporate/2.1/SRPMS/libtiff-3.5.7-6.3.C21mdk.src.rpm

 Corporate 3.0:
 3e938fac8a5ab8a63d00b09b9da396e4  corporate/3.0/RPMS/libtiff3-3.5.7-11.8.C30mdk.i586.rpm
 b69459e20122fd6eb003c6b3b156a7c4  corporate/3.0/RPMS/libtiff3-devel-3.5.7-11.8.C30mdk.i586.rpm
 883ee31b2a0dda864356d834e79651fc  corporate/3.0/RPMS/libtiff3-static-devel-3.5.7-11.8.C30mdk.i586.rpm
 86b6d48a497624f5adc80d8729e654a1  corporate/3.0/RPMS/libtiff-progs-3.5.7-11.8.C30mdk.i586.rpm
 f834190347e2d9882bac86ac8ee6bb16  corporate/3.0/SRPMS/libtiff-3.5.7-11.8.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 3d3ee562fb7d7503c21fa54f163fe061  x86_64/corporate/3.0/RPMS/lib64tiff3-3.5.7-11.8.C30mdk.x86_64.rpm
 42b9a9ffd0e4895d434319d848f841bf  x86_64/corporate/3.0/RPMS/lib64tiff3-devel-3.5.7-11.8.C30mdk.x86_64.rpm
 3952bcda92d9825531f8cec3a038ea67  x86_64/corporate/3.0/RPMS/lib64tiff3-static-devel-3.5.7-11.8.C30mdk.x86_64.rpm
 074665c6eb7034690e3631e1d8daa8f3  x86_64/corporate/3.0/RPMS/libtiff-progs-3.5.7-11.8.C30mdk.x86_64.rpm
 f834190347e2d9882bac86ac8ee6bb16  x86_64/corporate/3.0/SRPMS/libtiff-3.5.7-11.8.C30mdk.src.rpm

 Multi Network Firewall 2.0:
 b63546d645da0f9c2ef4c70e7e0180c2  mnf/2.0/RPMS/libtiff3-3.5.7-11.8.M20mdk.i586.rpm
 1871103683da18c6621fca20f600e2a9  mnf/2.0/SRPMS/libtiff-3.5.7-11.8.M20mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFD9hdSmqjQ0CJFipgRAjhIAKDw53VTb92zjEFsG2zoShRhngc6ewCfdZjl
JsCiG5atLjW6h+ZGC4txfMc=
=WYx8
-----END PGP SIGNATURE-----



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ