_______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2006:042 http://www.mandriva.com/security/ _______________________________________________________________________ Package : libtiff Date : February 17, 2006 Affected: 10.1, 10.2, 2006.0, Corporate 2.1, Corporate 3.0, Multi Network Firewall 2.0 _______________________________________________________________________ Problem Description: Stack-based buffer overflow in libTIFF before 3.7.2 allows remote attackers to execute arbitrary code via a TIFF file with a malformed BitsPerSample tag. Although some of the previous updates appear to already catch this issue, this update adds some additional checks. The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1544 _______________________________________________________________________ Updated Packages: Mandriva Linux 10.1: 9530bfcd8e569b46eba4dd512e0bfe5a 10.1/RPMS/libtiff3-3.6.1-4.5.101mdk.i586.rpm 483c2c0896b6cf200e7c51311b074a27 10.1/RPMS/libtiff3-devel-3.6.1-4.5.101mdk.i586.rpm 07cbbe83a27bd3a92c23bcff410f3e13 10.1/RPMS/libtiff3-static-devel-3.6.1-4.5.101mdk.i586.rpm 5bbdf0e8b3d5e9cc98a0c291d9629f1a 10.1/RPMS/libtiff-progs-3.6.1-4.5.101mdk.i586.rpm 3a506f7863e4763bedfd59eace7fa35d 10.1/SRPMS/libtiff-3.6.1-4.5.101mdk.src.rpm Mandriva Linux 10.1/X86_64: 654b54562e56514e58ef4399994828fa x86_64/10.1/RPMS/lib64tiff3-3.6.1-4.5.101mdk.x86_64.rpm 343bbae6a7abe46b24a202a02821a07e x86_64/10.1/RPMS/lib64tiff3-devel-3.6.1-4.5.101mdk.x86_64.rpm 6d0de9e296c970d08a564083e21a2786 x86_64/10.1/RPMS/lib64tiff3-static-devel-3.6.1-4.5.101mdk.x86_64.rpm 7e0eccb8d37af9b708b388a6d4d75d54 x86_64/10.1/RPMS/libtiff-progs-3.6.1-4.5.101mdk.x86_64.rpm 3a506f7863e4763bedfd59eace7fa35d x86_64/10.1/SRPMS/libtiff-3.6.1-4.5.101mdk.src.rpm Mandriva Linux 10.2: c068584c7aa1ae89efb36ce0c5b14160 10.2/RPMS/libtiff3-3.6.1-11.2.102mdk.i586.rpm 6eb5cf9446d9a496e8aae64dc7492c2b 10.2/RPMS/libtiff3-devel-3.6.1-11.2.102mdk.i586.rpm 45f8f2c2150e0a61987f5cfd260e8b95 10.2/RPMS/libtiff3-static-devel-3.6.1-11.2.102mdk.i586.rpm 506c68775de8e38d241ffe9b3781157f 10.2/RPMS/libtiff-progs-3.6.1-11.2.102mdk.i586.rpm f7e150907d233e23ef76ea789b2d7c44 10.2/SRPMS/libtiff-3.6.1-11.2.102mdk.src.rpm Mandriva Linux 10.2/X86_64: d1bceb9a12fed4fbcd0649252a1ecd1b x86_64/10.2/RPMS/lib64tiff3-3.6.1-11.2.102mdk.x86_64.rpm 1a434979ec411035eae2374a65642f52 x86_64/10.2/RPMS/lib64tiff3-devel-3.6.1-11.2.102mdk.x86_64.rpm 9b1cf2d651f192e8791ee334c1992708 x86_64/10.2/RPMS/lib64tiff3-static-devel-3.6.1-11.2.102mdk.x86_64.rpm ca642fa17270dcd6a6ac7b09b00be8e3 x86_64/10.2/RPMS/libtiff-progs-3.6.1-11.2.102mdk.x86_64.rpm f7e150907d233e23ef76ea789b2d7c44 x86_64/10.2/SRPMS/libtiff-3.6.1-11.2.102mdk.src.rpm Mandriva Linux 2006.0: a348fb50ca0b796b8de29c5a73d948cd 2006.0/RPMS/libtiff3-3.6.1-12.1.20060mdk.i586.rpm c8b9e7ac743064143fa4e2ec33d7a0be 2006.0/RPMS/libtiff3-devel-3.6.1-12.1.20060mdk.i586.rpm 423e3c0e276dc3cbd2133f28c4455a01 2006.0/RPMS/libtiff3-static-devel-3.6.1-12.1.20060mdk.i586.rpm a662c2a15e11ce1904f1c2b16e307b47 2006.0/RPMS/libtiff-progs-3.6.1-12.1.20060mdk.i586.rpm 5b3c613b0cf4914f2ea7980bee0b1075 2006.0/SRPMS/libtiff-3.6.1-12.1.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 412a93e90c8ca0033222fb4fa285c40c x86_64/2006.0/RPMS/lib64tiff3-3.6.1-12.1.20060mdk.x86_64.rpm a616419d1dac42e6378568d506af3243 x86_64/2006.0/RPMS/lib64tiff3-devel-3.6.1-12.1.20060mdk.x86_64.rpm a2b13420b237f20594c99e67f41280b9 x86_64/2006.0/RPMS/lib64tiff3-static-devel-3.6.1-12.1.20060mdk.x86_64.rpm b123710dd7bac780cafa6b364d0c66c6 x86_64/2006.0/RPMS/libtiff-progs-3.6.1-12.1.20060mdk.x86_64.rpm 5b3c613b0cf4914f2ea7980bee0b1075 x86_64/2006.0/SRPMS/libtiff-3.6.1-12.1.20060mdk.src.rpm Corporate Server 2.1: 65625cf6d2423e08cb55aa3072ea8bc0 corporate/2.1/RPMS/libtiff3-3.5.7-6.3.C21mdk.i586.rpm c2885652d48ee7ab99eb9d8cbd1c9b96 corporate/2.1/RPMS/libtiff3-devel-3.5.7-6.3.C21mdk.i586.rpm 46d494dc83316008bc9d42afe1d3cae1 corporate/2.1/RPMS/libtiff3-progs-3.5.7-6.3.C21mdk.i586.rpm 8dbb15a50d95c1eb6ce10a196ded4a33 corporate/2.1/RPMS/libtiff3-static-devel-3.5.7-6.3.C21mdk.i586.rpm f59c7c98fbf88e7b9fdc4b8700b57c73 corporate/2.1/SRPMS/libtiff-3.5.7-6.3.C21mdk.src.rpm Corporate Server 2.1/X86_64: f8a50f3bdd54476f4feddaf38766e327 x86_64/corporate/2.1/RPMS/libtiff3-3.5.7-6.3.C21mdk.x86_64.rpm 6a27ba65a07c0bfd85d6af99c458b16e x86_64/corporate/2.1/RPMS/libtiff3-devel-3.5.7-6.3.C21mdk.x86_64.rpm 834b25ee89971b460f2d4e5b30a43d70 x86_64/corporate/2.1/RPMS/libtiff3-progs-3.5.7-6.3.C21mdk.x86_64.rpm b4af9bc083105212ce679785a563f848 x86_64/corporate/2.1/RPMS/libtiff3-static-devel-3.5.7-6.3.C21mdk.x86_64.rpm f59c7c98fbf88e7b9fdc4b8700b57c73 x86_64/corporate/2.1/SRPMS/libtiff-3.5.7-6.3.C21mdk.src.rpm Corporate 3.0: 3e938fac8a5ab8a63d00b09b9da396e4 corporate/3.0/RPMS/libtiff3-3.5.7-11.8.C30mdk.i586.rpm b69459e20122fd6eb003c6b3b156a7c4 corporate/3.0/RPMS/libtiff3-devel-3.5.7-11.8.C30mdk.i586.rpm 883ee31b2a0dda864356d834e79651fc corporate/3.0/RPMS/libtiff3-static-devel-3.5.7-11.8.C30mdk.i586.rpm 86b6d48a497624f5adc80d8729e654a1 corporate/3.0/RPMS/libtiff-progs-3.5.7-11.8.C30mdk.i586.rpm f834190347e2d9882bac86ac8ee6bb16 corporate/3.0/SRPMS/libtiff-3.5.7-11.8.C30mdk.src.rpm Corporate 3.0/X86_64: 3d3ee562fb7d7503c21fa54f163fe061 x86_64/corporate/3.0/RPMS/lib64tiff3-3.5.7-11.8.C30mdk.x86_64.rpm 42b9a9ffd0e4895d434319d848f841bf x86_64/corporate/3.0/RPMS/lib64tiff3-devel-3.5.7-11.8.C30mdk.x86_64.rpm 3952bcda92d9825531f8cec3a038ea67 x86_64/corporate/3.0/RPMS/lib64tiff3-static-devel-3.5.7-11.8.C30mdk.x86_64.rpm 074665c6eb7034690e3631e1d8daa8f3 x86_64/corporate/3.0/RPMS/libtiff-progs-3.5.7-11.8.C30mdk.x86_64.rpm f834190347e2d9882bac86ac8ee6bb16 x86_64/corporate/3.0/SRPMS/libtiff-3.5.7-11.8.C30mdk.src.rpm Multi Network Firewall 2.0: b63546d645da0f9c2ef4c70e7e0180c2 mnf/2.0/RPMS/libtiff3-3.5.7-11.8.M20mdk.i586.rpm 1871103683da18c6621fca20f600e2a9 mnf/2.0/SRPMS/libtiff-3.5.7-11.8.M20mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFD9hdSmqjQ0CJFipgRAjhIAKDw53VTb92zjEFsG2zoShRhngc6ewCfdZjl JsCiG5atLjW6h+ZGC4txfMc= =WYx8 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/