MDVSA-2009:169

Package name

libtiff

Date

2009-07-28

Advisory ID

MDVSA-2009:169

Affected versions

MES5 i586 , MES5 x86_64

Problem description

Multiple vulnerabilities has been found and corrected in libtiff:

Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2
allows context-dependent attackers to cause a denial of service (crash)
via a crafted TIFF image, a different vulnerability than CVE-2008-2327
(CVE-2009-2285).

Fix several places in tiff2rgba and rgb2ycbcr that were being careless
about possible integer overflow in calculation of buffer sizes
(CVE-2009-2347).

This update provides fixes for these vulnerabilities.

Updated packages

MES5 i586

 2bf7a1b4771704f7c72408fe6b944fc0  mes5/i586/libtiff3-3.8.2-12.2mdvmes5.i586.rpm
 9b004f438542b42434091ee7f2ff2423  mes5/i586/libtiff3-devel-3.8.2-12.2mdvmes5.i586.rpm
 7126e7bace7b14ec2b1f5c42960e0ccd  mes5/i586/libtiff3-static-devel-3.8.2-12.2mdvmes5.i586.rpm
 ca0f7e4b41bfb512ed4a0d92becb6586  mes5/i586/libtiff-progs-3.8.2-12.2mdvmes5.i586.rpm 
 53acba6f85576fbfbe2a4a24ab88520f  mes5/SRPMS/libtiff-3.8.2-12.2mdvmes5.src.rpm

MES5 x86_64

 b20069dd869817ebc68fdc97cf8e4b02  mes5/x86_64/lib64tiff3-3.8.2-12.2mdvmes5.x86_64.rpm
 f526910543ec8d419c4b3034a72e9aa3  mes5/x86_64/lib64tiff3-devel-3.8.2-12.2mdvmes5.x86_64.rpm
 fe09a51765724e741458509feec0b14a  mes5/x86_64/lib64tiff3-static-devel-3.8.2-12.2mdvmes5.x86_64.rpm
 5795c86884009e482af8303c28436c04  mes5/x86_64/libtiff-progs-3.8.2-12.2mdvmes5.x86_64.rpm 
 53acba6f85576fbfbe2a4a24ab88520f  mes5/SRPMS/libtiff-3.8.2-12.2mdvmes5.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2347
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2285