LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: August 15th, 2014
Linux Advisory Watch: August 8th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: 2012:127: libtiff Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake A vulnerability was found and corrected in libtiff: A heap-based buffer overflow flaw was found in the way tiff2pdf, a TIFF image to a PDF document conversion tool, of libtiff, a library of functions for manipulating TIFF (Tagged Image File Format) image [More...]
 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2012:127
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : libtiff
 Date    : August 8, 2012
 Affected: 2011., Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability was found and corrected in libtiff:
 
 A heap-based buffer overflow flaw was found in the way tiff2pdf, a
 TIFF image to a PDF document conversion tool, of libtiff, a library
 of functions for manipulating TIFF (Tagged Image File Format) image
 format files, performed write of TIFF image content into particular PDF
 document file, when not properly initialized T2P context struct pointer
 has been provided by tiff2pdf (application requesting the conversion)
 as one of parameters for the routine performing the write. A remote
 attacker could provide a specially-crafted TIFF image format file,
 that when processed by tiff2pdf would lead to tiff2pdf executable
 crash or, potentially, arbitrary code execution with the privileges
 of the user running the tiff2pdf binary (CVE-2012-3401).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3401
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2011:
 415c8a711e94429c4187a4620f9d3eec  2011/i586/libtiff3-3.9.5-1.3-mdv2011.0.i586.rpm
 b99c8d1bfa16a1158a3e03692ba56335  2011/i586/libtiff-devel-3.9.5-1.3-mdv2011.0.i586.rpm
 a96608f5fae7aa711d1b64cbc76ca752  2011/i586/libtiff-progs-3.9.5-1.3-mdv2011.0.i586.rpm
 11a1fb628ef761d33294aef1eff34565  2011/i586/libtiff-static-devel-3.9.5-1.3-mdv2011.0.i586.rpm 
 9a9505df7408b0c75192ac502fd18504  2011/SRPMS/libtiff-3.9.5-1.3.src.rpm

 Mandriva Linux 2011/X86_64:
 c18a5d5069de99d93b3411998e6960d0  2011/x86_64/lib64tiff3-3.9.5-1.3-mdv2011.0.x86_64.rpm
 e326395e5ddf305ac322d1c57f436cd4  2011/x86_64/lib64tiff-devel-3.9.5-1.3-mdv2011.0.x86_64.rpm
 c8de4431798dcbd235c82e8764d348ad  2011/x86_64/lib64tiff-static-devel-3.9.5-1.3-mdv2011.0.x86_64.rpm
 ba66bfb07baed4c0848a64c2b7d94183  2011/x86_64/libtiff-progs-3.9.5-1.3-mdv2011.0.x86_64.rpm 
 9a9505df7408b0c75192ac502fd18504  2011/SRPMS/libtiff-3.9.5-1.3.src.rpm

 Mandriva Enterprise Server 5:
 3e94f2cd1306ce817f03b9e0d383d87a  mes5/i586/libtiff3-3.8.2-12.8mdvmes5.2.i586.rpm
 c08735b0c0f665235f422b05b59aaaae  mes5/i586/libtiff3-devel-3.8.2-12.8mdvmes5.2.i586.rpm
 fad7566f026aefd3fbae97f48e02aa91  mes5/i586/libtiff3-static-devel-3.8.2-12.8mdvmes5.2.i586.rpm
 1b5263306ed5890541f2ebcd5374aad9  mes5/i586/libtiff-progs-3.8.2-12.8mdvmes5.2.i586.rpm 
 4c0ee36afa646eaeaae78bdf425c399d  mes5/SRPMS/libtiff-3.8.2-12.8mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 09c6eddf7c45e53fe672c40fdefc7f6f  mes5/x86_64/lib64tiff3-3.8.2-12.8mdvmes5.2.x86_64.rpm
 7cde1e5ae217118a09ab14b898e59563  mes5/x86_64/lib64tiff3-devel-3.8.2-12.8mdvmes5.2.x86_64.rpm
 af9cb316c7a9a130267d089c1cfd64a5  mes5/x86_64/lib64tiff3-static-devel-3.8.2-12.8mdvmes5.2.x86_64.rpm
 2a716b33ff39a3518f57a4757c6c585c  mes5/x86_64/libtiff-progs-3.8.2-12.8mdvmes5.2.x86_64.rpm 
 4c0ee36afa646eaeaae78bdf425c399d  mes5/SRPMS/libtiff-3.8.2-12.8mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Attackers Can ‘Steal’ Bandwidth From BitTorrent Seeders, Research Finds
Linux Kernel Development Gets Two-Factor Authentication
Hacking cars and traffic lights at Def Con
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.