lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1P1KyL-0003tX-1P@titan.mandriva.com>
Date: Thu, 30 Sep 2010 17:23:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:190 ] libtiff

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:190
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : libtiff
 Date    : September 30, 2010
 Affected: 2010.0, 2010.1
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in libtiff:
 
 libtiff allows remote attackers to cause a denial of service (memory
 corruption) or possibly execute arbitrary code via a crafted TIFF image
 (CVE-2010-3087).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3087
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2010.0:
 8da5ca0cc2a92b092601d1185525da3c  2010.0/i586/libtiff3-3.9.1-4.2mdv2010.0.i586.rpm
 1b974411049709e02efa46b455165101  2010.0/i586/libtiff-devel-3.9.1-4.2mdv2010.0.i586.rpm
 8b432e1863bb2dbd24a694b4b64cad89  2010.0/i586/libtiff-progs-3.9.1-4.2mdv2010.0.i586.rpm
 0c7d5f731a4abd9f7d784af1515cd4b2  2010.0/i586/libtiff-static-devel-3.9.1-4.2mdv2010.0.i586.rpm 
 da91763837c44f372b99b7e2acd75a78  2010.0/SRPMS/libtiff-3.9.1-4.2mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 7fc11e665c9cdb28746a71f598d0487d  2010.0/x86_64/lib64tiff3-3.9.1-4.2mdv2010.0.x86_64.rpm
 868a7bae3f7a398b8dbfa14bab49b6bc  2010.0/x86_64/lib64tiff-devel-3.9.1-4.2mdv2010.0.x86_64.rpm
 7e9bb51eaef512e5789c4536fed505a0  2010.0/x86_64/lib64tiff-static-devel-3.9.1-4.2mdv2010.0.x86_64.rpm
 d3a539d687681d3f4969d15648fc3fc7  2010.0/x86_64/libtiff-progs-3.9.1-4.2mdv2010.0.x86_64.rpm 
 da91763837c44f372b99b7e2acd75a78  2010.0/SRPMS/libtiff-3.9.1-4.2mdv2010.0.src.rpm

 Mandriva Linux 2010.1:
 d84de6ef887a4ec845b40c057b0867d2  2010.1/i586/libtiff3-3.9.2-2.2mdv2010.1.i586.rpm
 0bfe226ddb052019e2bd968b63f5b7e5  2010.1/i586/libtiff-devel-3.9.2-2.2mdv2010.1.i586.rpm
 805a4481b8cd4a534c5bd726c8d69d3e  2010.1/i586/libtiff-progs-3.9.2-2.2mdv2010.1.i586.rpm
 ff5e230a1846486cb2fd9890979e0904  2010.1/i586/libtiff-static-devel-3.9.2-2.2mdv2010.1.i586.rpm 
 bf48dc03b25d28066efdb425467c582a  2010.1/SRPMS/libtiff-3.9.2-2.2mdv2010.1.src.rpm

 Mandriva Linux 2010.1/X86_64:
 7e2f4e77a6a21b6d40e56ba749255663  2010.1/x86_64/lib64tiff3-3.9.2-2.2mdv2010.1.x86_64.rpm
 2cb3d2b40dab319c05e4433459f58d9a  2010.1/x86_64/lib64tiff-devel-3.9.2-2.2mdv2010.1.x86_64.rpm
 2bf4e1e3af663a6e5302569bf0c83e85  2010.1/x86_64/lib64tiff-static-devel-3.9.2-2.2mdv2010.1.x86_64.rpm
 70a28d16e45cdf605b8934db1d0b19bd  2010.1/x86_64/libtiff-progs-3.9.2-2.2mdv2010.1.x86_64.rpm 
 bf48dc03b25d28066efdb425467c582a  2010.1/SRPMS/libtiff-3.9.2-2.2mdv2010.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFMpH9WmqjQ0CJFipgRAil5AKCchlHDq/bl6HytFb8emgYjMpZI9gCg08CY
iRNp2xK+hnb6aKx2Y1GDp7E=
=+u1+
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ