LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: October 24th, 2014
Linux Security Week: October 20th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandrake: libtiff multiple vulnerabilities fix Print E-mail
User Rating:      How can I rate this item?
Posted by Joe Shakespeare   
Mandrake Several vulnerabilities have been discovered in the libtiff package.

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           libtiff
 Advisory ID:            MDKSA-2005:001
 Date:                   January 6th, 2005

 Affected versions:      10.0, 10.1, 9.2, Corporate Server 2.1,
                         Multi Network Firewall 8.2
 ______________________________________________________________________

 Problem Description:

 Several vulnerabilities have been discovered in the libtiff package:

 iDefense reported the possibility of remote exploitation of an integer
 overflow in libtiff that may allow for the execution of arbitrary code.

 The overflow occurs in the parsing of TIFF files set with the
 STRIPOFFSETS flag.

 iDefense also reported a heap-based buffer overflow vulnerability
 within the LibTIFF package could allow attackers to execute arbitrary
 code. (CAN-2004-1308)

 The vulnerability specifically exists due to insufficient validation of
 user-supplied data when calculating the size of a directory entry.

 The updated packages are patched to protect against these
 vulnerabilities.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1183
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1308
 ______________________________________________________________________

 Updated Packages:

 Mandrakelinux 10.0:
 26419ea5f9e775c45927a2bea2eb25ff  10.0/RPMS/libtiff-progs-3.5.7-11.5.100mdk.i586.rpm
 cfb638e4f6150118347cef61e699d755  10.0/RPMS/libtiff3-3.5.7-11.5.100mdk.i586.rpm
 d76678e5f4d536deff8f5ec21a25b108  10.0/RPMS/libtiff3-devel-3.5.7-11.5.100mdk.i586.rpm
 61d7b33454e6d722e0626a25fc96a6d3  10.0/RPMS/libtiff3-static-devel-3.5.7-11.5.100mdk.i586.rpm
 0e93d8581db6de31c2cca71a7d8a9d9e  10.0/SRPMS/libtiff-3.5.7-11.5.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 f5a13fd14f3e4b6bd2543338e9ce4673  amd64/10.0/RPMS/lib64tiff3-3.5.7-11.5.100mdk.amd64.rpm
 cb7a9496c0336a50a6b586b634d273e6  amd64/10.0/RPMS/lib64tiff3-devel-3.5.7-11.5.100mdk.amd64.rpm
 c7e9ae6e41e528275056586c61b57a33  amd64/10.0/RPMS/lib64tiff3-static-devel-3.5.7-11.5.100mdk.amd64.rpm
 a7833fbba64ccf3034ea94db771a6ecf  amd64/10.0/RPMS/libtiff-progs-3.5.7-11.5.100mdk.amd64.rpm
 0e93d8581db6de31c2cca71a7d8a9d9e  amd64/10.0/SRPMS/libtiff-3.5.7-11.5.100mdk.src.rpm

 Mandrakelinux 10.1:
 844326b002681b1fbad9c373928bcc22  10.1/RPMS/libtiff-progs-3.6.1-4.3.101mdk.i586.rpm
 fc39dc40b6e4602cd11dbaaaaa8ccbfc  10.1/RPMS/libtiff3-3.6.1-4.3.101mdk.i586.rpm
 0831a29e721e3b34299a382c565b39be  10.1/RPMS/libtiff3-devel-3.6.1-4.3.101mdk.i586.rpm
 4de78902949d1da955531dfcc18ea673  10.1/RPMS/libtiff3-static-devel-3.6.1-4.3.101mdk.i586.rpm
 3bbd5c84878f47f0aeb6a29808daf075  10.1/SRPMS/libtiff-3.6.1-4.3.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 a194eae967e8b4de9b69600dea3aa154  x86_64/10.1/RPMS/lib64tiff3-3.6.1-4.3.101mdk.x86_64.rpm
 03113ffb0e828e5435a75f225b639d79  x86_64/10.1/RPMS/lib64tiff3-devel-3.6.1-4.3.101mdk.x86_64.rpm
 8799ead4440d3ed03bdb7a135b297fd2  x86_64/10.1/RPMS/lib64tiff3-static-devel-3.6.1-4.3.101mdk.x86_64.rpm
 2a5fa5a22cb394313449f12a99ced13f  x86_64/10.1/RPMS/libtiff-progs-3.6.1-4.3.101mdk.x86_64.rpm
 3bbd5c84878f47f0aeb6a29808daf075  x86_64/10.1/SRPMS/libtiff-3.6.1-4.3.101mdk.src.rpm

 Corporate Server 2.1:
 ff96fd5e53c8658a300705feb1bf64d7  corporate/2.1/RPMS/libtiff3-3.5.7-5.5.C21mdk.i586.rpm
 ac7e1c4f37efd05bf0df7b55b3abdefa  corporate/2.1/RPMS/libtiff3-devel-3.5.7-5.5.C21mdk.i586.rpm
 28f4daec69cc9edbb7eca8711cb38d2f  corporate/2.1/RPMS/libtiff3-progs-3.5.7-5.5.C21mdk.i586.rpm
 1f061eeb03c4731df3601aa7b9c2ef55  corporate/2.1/RPMS/libtiff3-static-devel-3.5.7-5.5.C21mdk.i586.rpm
 a2275152fe3f3959e3b954044df03a7b  corporate/2.1/SRPMS/libtiff-3.5.7-5.5.C21mdk.src.rpm

 Corporate Server 2.1/x86_64:
 153f5197d22280627cfa5b35878aa5e7  x86_64/corporate/2.1/RPMS/libtiff3-3.5.7-5.5.C21mdk.x86_64.rpm
 ddca70adfa8fc09333c020be403010ab  x86_64/corporate/2.1/RPMS/libtiff3-devel-3.5.7-5.5.C21mdk.x86_64.rpm
 be2dd3bdeadfe2a4d6e2c357ff72304b  x86_64/corporate/2.1/RPMS/libtiff3-progs-3.5.7-5.5.C21mdk.x86_64.rpm
 3f85152064fae9bed20168b3728af1ae  x86_64/corporate/2.1/RPMS/libtiff3-static-devel-3.5.7-5.5.C21mdk.x86_64.rpm
 a2275152fe3f3959e3b954044df03a7b  x86_64/corporate/2.1/SRPMS/libtiff-3.5.7-5.5.C21mdk.src.rpm

 Mandrakelinux 9.2:
 741e8f3ef01a5d16dd0c01d918860777  9.2/RPMS/libtiff-progs-3.5.7-11.5.92mdk.i586.rpm
 6346717fb39bc05185d29032d9844320  9.2/RPMS/libtiff3-3.5.7-11.5.92mdk.i586.rpm
 46a7727bf95b6d76bdcfce4e5a70c15d  9.2/RPMS/libtiff3-devel-3.5.7-11.5.92mdk.i586.rpm
 f3798634944b9ef94390ce06c20df998  9.2/RPMS/libtiff3-static-devel-3.5.7-11.5.92mdk.i586.rpm
 36e2ac6e7e96cfbd428149b3c9ccab55  9.2/SRPMS/libtiff-3.5.7-11.5.92mdk.src.rpm

 Mandrakelinux 9.2/AMD64:
 f81aa073cce93dd18fc35dc2ea0f3d9c  amd64/9.2/RPMS/lib64tiff3-3.5.7-11.5.92mdk.amd64.rpm
 f6e36bd732e8ccb00d873c7470251510  amd64/9.2/RPMS/lib64tiff3-devel-3.5.7-11.5.92mdk.amd64.rpm
 c60bb908bb2815451da0a3d57eccaf1f  amd64/9.2/RPMS/lib64tiff3-static-devel-3.5.7-11.5.92mdk.amd64.rpm
 67e5ce5b674c882bcca3974e6a2edc3b  amd64/9.2/RPMS/libtiff-progs-3.5.7-11.5.92mdk.amd64.rpm
 36e2ac6e7e96cfbd428149b3c9ccab55  amd64/9.2/SRPMS/libtiff-3.5.7-11.5.92mdk.src.rpm

 Multi Network Firewall 8.2:
 bd75dfaf6447560450d6d0f28d0817d8  mnf8.2/RPMS/libtiff3-3.5.5-9.5.M82mdk.i586.rpm
 e1c84b55ff13da157156a0ff67185c81  mnf8.2/SRPMS/libtiff-3.5.5-9.5.M82mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Pro-Privacy Senator Wyden on Fighting the NSA From Inside the System
NIST to hypervisor admins: secure your systems
Quick PHP patch beats slow research reveal
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.