Paketname
libtiff
Datum
2009-07-13
Advisory ID
MDVSA-2009:150
Betroffene Versionen
2009.0 x86_64 , CS4.0 x86_64 , MNF2.0 i586 , 2009.1 i586 , 2009.0 i586 , 2008.1 i586 , CS3.0 x86_64 , CS4.0 i586 , CS3.0 i586 , 2008.1 x86_64 , 2009.1 x86_64

Problembeschreibung

Multiple vulnerabilities has been found and corrected in libtiff:

Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2
allows context-dependent attackers to cause a denial of service (crash)
via a crafted TIFF image, a different vulnerability than CVE-2008-2327
(CVE-2009-2285).

Fix several places in tiff2rgba and rgb2ycbcr that were being careless
about possible integer overflow in calculation of buffer sizes
(CVE-2009-2347).

This update provides fixes for these vulnerabilities.

Aktualisierte Pakete

2009.0 x86_64

 89138d743bbf89abf1f0f879bc2ed829  2009.0/x86_64/lib64tiff3-3.8.2-12.1mdv2009.0.x86_64.rpm
 f5f55f26af4641878dc3a057a764f83a  2009.0/x86_64/lib64tiff3-devel-3.8.2-12.1mdv2009.0.x86_64.rpm
 5a99217d3a034504b4fc4d120764d793  2009.0/x86_64/lib64tiff3-static-devel-3.8.2-12.1mdv2009.0.x86_64.rpm
 5abd09147419ec5b4008306a424c22d8  2009.0/x86_64/libtiff-progs-3.8.2-12.1mdv2009.0.x86_64.rpm 
 52799196d155f1582dbf5a76ffd93e0e  2009.0/SRPMS/libtiff-3.8.2-12.1mdv2009.0.src.rpm

CS4.0 x86_64

 36e6479eacb594dfbb34deff16b99ba5  corporate/4.0/x86_64/lib64tiff3-3.6.1-12.8.20060mlcs4.x86_64.rpm
 0c37e2b3981cb44f25734ad4903aad11  corporate/4.0/x86_64/lib64tiff3-devel-3.6.1-12.8.20060mlcs4.x86_64.rpm
 08a1408d4aef9a858900c2e7444d2b66  corporate/4.0/x86_64/lib64tiff3-static-devel-3.6.1-12.8.20060mlcs4.x86_64.rpm
 ff20e3e86ddb53df420bb3ce78f894ac  corporate/4.0/x86_64/libtiff-progs-3.6.1-12.8.20060mlcs4.x86_64.rpm 
 b205c0dc185b0a55bd5521d3f6e416f0  corporate/4.0/SRPMS/libtiff-3.6.1-12.8.20060mlcs4.src.rpm

MNF2.0 i586

 134c05da89014e53836b7e6a230a766d  mnf/2.0/i586/libtiff3-3.5.7-11.15.C30mdk.i586.rpm
 81c805e63e9c9c98e135c9b7a6cc1925  mnf/2.0/i586/libtiff3-devel-3.5.7-11.15.C30mdk.i586.rpm
 9aa2e598ce292505a2ef2f3718401e05  mnf/2.0/i586/libtiff3-static-devel-3.5.7-11.15.C30mdk.i586.rpm
 cefb377ab47ead9e47594e9b9e78b676  mnf/2.0/i586/libtiff-progs-3.5.7-11.15.C30mdk.i586.rpm 
 b34af1bd2ec1986ff9dc65efe5d87c43  mnf/2.0/SRPMS/libtiff-3.5.7-11.15.C30mdk.src.rpm

2009.1 i586

 0a1eace7d782a42df040267874fed9f1  2009.1/i586/libtiff3-3.8.2-13.1mdv2009.1.i586.rpm
 7dd6bd104131b115130e6feeba9d4766  2009.1/i586/libtiff3-devel-3.8.2-13.1mdv2009.1.i586.rpm
 32658d8a98def2e32a757bfb6ea64d28  2009.1/i586/libtiff3-static-devel-3.8.2-13.1mdv2009.1.i586.rpm
 53d18d66fc849a6128e5961d95892e7c  2009.1/i586/libtiff-progs-3.8.2-13.1mdv2009.1.i586.rpm 
 27b6b2d285832c2ab5e8a2c25a6102b3  2009.1/SRPMS/libtiff-3.8.2-13.1mdv2009.1.src.rpm

2009.0 i586

 75efa7472bffceaecb10016c22621de7  2009.0/i586/libtiff3-3.8.2-12.1mdv2009.0.i586.rpm
 aa82f5e49bb942688cbc85d55318b290  2009.0/i586/libtiff3-devel-3.8.2-12.1mdv2009.0.i586.rpm
 0a93799b79a70ab2a900d12030907e78  2009.0/i586/libtiff3-static-devel-3.8.2-12.1mdv2009.0.i586.rpm
 efe9ac463f0b551859c8349c8c63e288  2009.0/i586/libtiff-progs-3.8.2-12.1mdv2009.0.i586.rpm 
 52799196d155f1582dbf5a76ffd93e0e  2009.0/SRPMS/libtiff-3.8.2-12.1mdv2009.0.src.rpm

2008.1 i586

 7c56d843d17efce1717654ceb4efe3e1  2008.1/i586/libtiff3-3.8.2-10.2mdv2008.1.i586.rpm
 9d02ed754eafe7a33b2fb4b5a8e7b1d1  2008.1/i586/libtiff3-devel-3.8.2-10.2mdv2008.1.i586.rpm
 619b12e1013c645db1aca659b1ea6805  2008.1/i586/libtiff3-static-devel-3.8.2-10.2mdv2008.1.i586.rpm
 5d94641411d637493e7e413045fa82a9  2008.1/i586/libtiff-progs-3.8.2-10.2mdv2008.1.i586.rpm 
 73795a036f1b81ca0c1233df6f7d8fad  2008.1/SRPMS/libtiff-3.8.2-10.2mdv2008.1.src.rpm

CS3.0 x86_64

 092479cb8de7b269197d06595b68f71c  corporate/3.0/x86_64/lib64tiff3-3.5.7-11.15.C30mdk.x86_64.rpm
 ea7f46c3e639d24f40449b599f5b2382  corporate/3.0/x86_64/lib64tiff3-devel-3.5.7-11.15.C30mdk.x86_64.rpm
 b414cd225488b9a68bbfc611fc72924f  corporate/3.0/x86_64/lib64tiff3-static-devel-3.5.7-11.15.C30mdk.x86_64.rpm
 9f008c60f557b086915e65e78a56ecfd  corporate/3.0/x86_64/libtiff-progs-3.5.7-11.15.C30mdk.x86_64.rpm 
 72c81050e7296c63de08282f2f369283  corporate/3.0/SRPMS/libtiff-3.5.7-11.15.C30mdk.src.rpm

CS4.0 i586

 25cd088ef8715634db5dedd68611125e  corporate/4.0/i586/libtiff3-3.6.1-12.8.20060mlcs4.i586.rpm
 e0df8bc6f18fa4e8585734a1541e6849  corporate/4.0/i586/libtiff3-devel-3.6.1-12.8.20060mlcs4.i586.rpm
 b44feabddefea2f192782b6ae313045c  corporate/4.0/i586/libtiff3-static-devel-3.6.1-12.8.20060mlcs4.i586.rpm
 8beb0af53dd07fb685c61a507dda9a00  corporate/4.0/i586/libtiff-progs-3.6.1-12.8.20060mlcs4.i586.rpm 
 b205c0dc185b0a55bd5521d3f6e416f0  corporate/4.0/SRPMS/libtiff-3.6.1-12.8.20060mlcs4.src.rpm

CS3.0 i586

 5e5facf365d83f647ba3b1c0afecb8c8  corporate/3.0/i586/libtiff3-3.5.7-11.15.C30mdk.i586.rpm
 288ab11a153d4df48c4fadadfab0b653  corporate/3.0/i586/libtiff3-devel-3.5.7-11.15.C30mdk.i586.rpm
 0fa52891fc9cafff6d4b6de9d8a23262  corporate/3.0/i586/libtiff3-static-devel-3.5.7-11.15.C30mdk.i586.rpm
 c4ba5b9ab1caf7cff8addc84d778f4d4  corporate/3.0/i586/libtiff-progs-3.5.7-11.15.C30mdk.i586.rpm 
 72c81050e7296c63de08282f2f369283  corporate/3.0/SRPMS/libtiff-3.5.7-11.15.C30mdk.src.rpm

2008.1 x86_64

 52e0eb4a0230bbdb245b787ba53c0903  2008.1/x86_64/lib64tiff3-3.8.2-10.2mdv2008.1.x86_64.rpm
 147525496bca6fcee3a741f2350e8441  2008.1/x86_64/lib64tiff3-devel-3.8.2-10.2mdv2008.1.x86_64.rpm
 c4ed6f9405dcb64edfebba00272f7596  2008.1/x86_64/lib64tiff3-static-devel-3.8.2-10.2mdv2008.1.x86_64.rpm
 0844ecf1e6941fbde9fc358e34a3136e  2008.1/x86_64/libtiff-progs-3.8.2-10.2mdv2008.1.x86_64.rpm 
 73795a036f1b81ca0c1233df6f7d8fad  2008.1/SRPMS/libtiff-3.8.2-10.2mdv2008.1.src.rpm

2009.1 x86_64

 26516d312785c5f9e2a5f37e1651ffbb  2009.1/x86_64/lib64tiff3-3.8.2-13.1mdv2009.1.x86_64.rpm
 91e72dcc4d1866b7978dfcd493393d2e  2009.1/x86_64/lib64tiff3-devel-3.8.2-13.1mdv2009.1.x86_64.rpm
 9a4d6177df03395106d00e7f8a009e2b  2009.1/x86_64/lib64tiff3-static-devel-3.8.2-13.1mdv2009.1.x86_64.rpm
 b0cffa6ebb21e850847089cad50f1e7a  2009.1/x86_64/libtiff-progs-3.8.2-13.1mdv2009.1.x86_64.rpm 
 27b6b2d285832c2ab5e8a2c25a6102b3  2009.1/SRPMS/libtiff-3.8.2-13.1mdv2009.1.src.rpm

Referenzen