MDVSA-2009:169-1
- Package name
- libtiff
- Date
- 2009-12-03
- Advisory ID
- MDVSA-2009:169-1
- Affected versions
- 2008.0 i586 , 2008.0 x86_64
Problem description
Multiple vulnerabilities has been found and corrected in libtiff:
Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2
allows context-dependent attackers to cause a denial of service (crash)
via a crafted TIFF image, a different vulnerability than CVE-2008-2327
(CVE-2009-2285).
Fix several places in tiff2rgba and rgb2ycbcr that were being careless
about possible integer overflow in calculation of buffer sizes
(CVE-2009-2347).
This update provides fixes for these vulnerabilities.
Update:
Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers
Updated packages
2008.0 i586
6942dec4f625c5ca859cbf2c35445d19 2008.0/i586/libtiff3-3.8.2-8.2mdv2008.0.i586.rpm 693b50058e610310fe22274ebcbd4a5e 2008.0/i586/libtiff3-devel-3.8.2-8.2mdv2008.0.i586.rpm 63c42fbe6a60eb5c5c0614d1b1ca6495 2008.0/i586/libtiff3-static-devel-3.8.2-8.2mdv2008.0.i586.rpm cf3bbc57b9eade53f75dfc5b28de96c6 2008.0/i586/libtiff-progs-3.8.2-8.2mdv2008.0.i586.rpm dd7d7876d10944c42ca76e8c71eb4c35 2008.0/SRPMS/libtiff-3.8.2-8.2mdv2008.0.src.rpm
2008.0 x86_64
b4c14d385a14e9dbca6ccf1c37cdf1a4 2008.0/x86_64/lib64tiff3-3.8.2-8.2mdv2008.0.x86_64.rpm 97329de609ab88d18dccee7631825466 2008.0/x86_64/lib64tiff3-devel-3.8.2-8.2mdv2008.0.x86_64.rpm 0740aa57941c1b9413b463ef7267138d 2008.0/x86_64/lib64tiff3-static-devel-3.8.2-8.2mdv2008.0.x86_64.rpm 8f5619fd9995c58d83cf5c6b44576452 2008.0/x86_64/libtiff-progs-3.8.2-8.2mdv2008.0.x86_64.rpm dd7d7876d10944c42ca76e8c71eb4c35 2008.0/SRPMS/libtiff-3.8.2-8.2mdv2008.0.src.rpm