LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: December 12th, 2014
Linux Security Week: December 9th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: Updated libtiff packages fix vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake Stack-based buffer overflow in libTIFF before 3.7.2 allows remote attackers to execute arbitrary code via a TIFF file with a malformed BitsPerSample tag. Although some of the previous updates appear to already catch this issue, this update adds some additional checks.
 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:042
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : libtiff
 Date    : February 17, 2006
 Affected: 10.1, 10.2, 2006.0, Corporate 2.1, Corporate 3.0,
           Multi Network Firewall 2.0
 _______________________________________________________________________
 
 Problem Description:
 
 Stack-based buffer overflow in libTIFF before 3.7.2 allows remote
 attackers to execute arbitrary code via a TIFF file with a malformed
 BitsPerSample tag.  Although some of the previous updates appear to
 already catch this issue, this update adds some additional checks.
  
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1544
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 10.1:
 9530bfcd8e569b46eba4dd512e0bfe5a  10.1/RPMS/libtiff3-3.6.1-4.5.101mdk.i586.rpm
 483c2c0896b6cf200e7c51311b074a27  10.1/RPMS/libtiff3-devel-3.6.1-4.5.101mdk.i586.rpm
 07cbbe83a27bd3a92c23bcff410f3e13  10.1/RPMS/libtiff3-static-devel-3.6.1-4.5.101mdk.i586.rpm
 5bbdf0e8b3d5e9cc98a0c291d9629f1a  10.1/RPMS/libtiff-progs-3.6.1-4.5.101mdk.i586.rpm
 3a506f7863e4763bedfd59eace7fa35d  10.1/SRPMS/libtiff-3.6.1-4.5.101mdk.src.rpm

 Mandriva Linux 10.1/X86_64:
 654b54562e56514e58ef4399994828fa  x86_64/10.1/RPMS/lib64tiff3-3.6.1-4.5.101mdk.x86_64.rpm
 343bbae6a7abe46b24a202a02821a07e  x86_64/10.1/RPMS/lib64tiff3-devel-3.6.1-4.5.101mdk.x86_64.rpm
 6d0de9e296c970d08a564083e21a2786  x86_64/10.1/RPMS/lib64tiff3-static-devel-3.6.1-4.5.101mdk.x86_64.rpm
 7e0eccb8d37af9b708b388a6d4d75d54  x86_64/10.1/RPMS/libtiff-progs-3.6.1-4.5.101mdk.x86_64.rpm
 3a506f7863e4763bedfd59eace7fa35d  x86_64/10.1/SRPMS/libtiff-3.6.1-4.5.101mdk.src.rpm

 Mandriva Linux 10.2:
 c068584c7aa1ae89efb36ce0c5b14160  10.2/RPMS/libtiff3-3.6.1-11.2.102mdk.i586.rpm
 6eb5cf9446d9a496e8aae64dc7492c2b  10.2/RPMS/libtiff3-devel-3.6.1-11.2.102mdk.i586.rpm
 45f8f2c2150e0a61987f5cfd260e8b95  10.2/RPMS/libtiff3-static-devel-3.6.1-11.2.102mdk.i586.rpm
 506c68775de8e38d241ffe9b3781157f  10.2/RPMS/libtiff-progs-3.6.1-11.2.102mdk.i586.rpm
 f7e150907d233e23ef76ea789b2d7c44  10.2/SRPMS/libtiff-3.6.1-11.2.102mdk.src.rpm

 Mandriva Linux 10.2/X86_64:
 d1bceb9a12fed4fbcd0649252a1ecd1b  x86_64/10.2/RPMS/lib64tiff3-3.6.1-11.2.102mdk.x86_64.rpm
 1a434979ec411035eae2374a65642f52  x86_64/10.2/RPMS/lib64tiff3-devel-3.6.1-11.2.102mdk.x86_64.rpm
 9b1cf2d651f192e8791ee334c1992708  x86_64/10.2/RPMS/lib64tiff3-static-devel-3.6.1-11.2.102mdk.x86_64.rpm
 ca642fa17270dcd6a6ac7b09b00be8e3  x86_64/10.2/RPMS/libtiff-progs-3.6.1-11.2.102mdk.x86_64.rpm
 f7e150907d233e23ef76ea789b2d7c44  x86_64/10.2/SRPMS/libtiff-3.6.1-11.2.102mdk.src.rpm

 Mandriva Linux 2006.0:
 a348fb50ca0b796b8de29c5a73d948cd  2006.0/RPMS/libtiff3-3.6.1-12.1.20060mdk.i586.rpm
 c8b9e7ac743064143fa4e2ec33d7a0be  2006.0/RPMS/libtiff3-devel-3.6.1-12.1.20060mdk.i586.rpm
 423e3c0e276dc3cbd2133f28c4455a01  2006.0/RPMS/libtiff3-static-devel-3.6.1-12.1.20060mdk.i586.rpm
 a662c2a15e11ce1904f1c2b16e307b47  2006.0/RPMS/libtiff-progs-3.6.1-12.1.20060mdk.i586.rpm
 5b3c613b0cf4914f2ea7980bee0b1075  2006.0/SRPMS/libtiff-3.6.1-12.1.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 412a93e90c8ca0033222fb4fa285c40c  x86_64/2006.0/RPMS/lib64tiff3-3.6.1-12.1.20060mdk.x86_64.rpm
 a616419d1dac42e6378568d506af3243  x86_64/2006.0/RPMS/lib64tiff3-devel-3.6.1-12.1.20060mdk.x86_64.rpm
 a2b13420b237f20594c99e67f41280b9  x86_64/2006.0/RPMS/lib64tiff3-static-devel-3.6.1-12.1.20060mdk.x86_64.rpm
 b123710dd7bac780cafa6b364d0c66c6  x86_64/2006.0/RPMS/libtiff-progs-3.6.1-12.1.20060mdk.x86_64.rpm
 5b3c613b0cf4914f2ea7980bee0b1075  x86_64/2006.0/SRPMS/libtiff-3.6.1-12.1.20060mdk.src.rpm

 Corporate Server 2.1:
 65625cf6d2423e08cb55aa3072ea8bc0  corporate/2.1/RPMS/libtiff3-3.5.7-6.3.C21mdk.i586.rpm
 c2885652d48ee7ab99eb9d8cbd1c9b96  corporate/2.1/RPMS/libtiff3-devel-3.5.7-6.3.C21mdk.i586.rpm
 46d494dc83316008bc9d42afe1d3cae1  corporate/2.1/RPMS/libtiff3-progs-3.5.7-6.3.C21mdk.i586.rpm
 8dbb15a50d95c1eb6ce10a196ded4a33  corporate/2.1/RPMS/libtiff3-static-devel-3.5.7-6.3.C21mdk.i586.rpm
 f59c7c98fbf88e7b9fdc4b8700b57c73  corporate/2.1/SRPMS/libtiff-3.5.7-6.3.C21mdk.src.rpm

 Corporate Server 2.1/X86_64:
 f8a50f3bdd54476f4feddaf38766e327  x86_64/corporate/2.1/RPMS/libtiff3-3.5.7-6.3.C21mdk.x86_64.rpm
 6a27ba65a07c0bfd85d6af99c458b16e  x86_64/corporate/2.1/RPMS/libtiff3-devel-3.5.7-6.3.C21mdk.x86_64.rpm
 834b25ee89971b460f2d4e5b30a43d70  x86_64/corporate/2.1/RPMS/libtiff3-progs-3.5.7-6.3.C21mdk.x86_64.rpm
 b4af9bc083105212ce679785a563f848  x86_64/corporate/2.1/RPMS/libtiff3-static-devel-3.5.7-6.3.C21mdk.x86_64.rpm
 f59c7c98fbf88e7b9fdc4b8700b57c73  x86_64/corporate/2.1/SRPMS/libtiff-3.5.7-6.3.C21mdk.src.rpm

 Corporate 3.0:
 3e938fac8a5ab8a63d00b09b9da396e4  corporate/3.0/RPMS/libtiff3-3.5.7-11.8.C30mdk.i586.rpm
 b69459e20122fd6eb003c6b3b156a7c4  corporate/3.0/RPMS/libtiff3-devel-3.5.7-11.8.C30mdk.i586.rpm
 883ee31b2a0dda864356d834e79651fc  corporate/3.0/RPMS/libtiff3-static-devel-3.5.7-11.8.C30mdk.i586.rpm
 86b6d48a497624f5adc80d8729e654a1  corporate/3.0/RPMS/libtiff-progs-3.5.7-11.8.C30mdk.i586.rpm
 f834190347e2d9882bac86ac8ee6bb16  corporate/3.0/SRPMS/libtiff-3.5.7-11.8.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 3d3ee562fb7d7503c21fa54f163fe061  x86_64/corporate/3.0/RPMS/lib64tiff3-3.5.7-11.8.C30mdk.x86_64.rpm
 42b9a9ffd0e4895d434319d848f841bf  x86_64/corporate/3.0/RPMS/lib64tiff3-devel-3.5.7-11.8.C30mdk.x86_64.rpm
 3952bcda92d9825531f8cec3a038ea67  x86_64/corporate/3.0/RPMS/lib64tiff3-static-devel-3.5.7-11.8.C30mdk.x86_64.rpm
 074665c6eb7034690e3631e1d8daa8f3  x86_64/corporate/3.0/RPMS/libtiff-progs-3.5.7-11.8.C30mdk.x86_64.rpm
 f834190347e2d9882bac86ac8ee6bb16  x86_64/corporate/3.0/SRPMS/libtiff-3.5.7-11.8.C30mdk.src.rpm

 Multi Network Firewall 2.0:
 b63546d645da0f9c2ef4c70e7e0180c2  mnf/2.0/RPMS/libtiff3-3.5.7-11.8.M20mdk.i586.rpm
 1871103683da18c6621fca20f600e2a9  mnf/2.0/SRPMS/libtiff-3.5.7-11.8.M20mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
The Difference Between Wi-Fi Security Protocols: WPA2-AES vs WPA2-TKIP
Segmenting for security: Five steps to protect your network
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.