|
|
| Problem Description |
Several vulnerabilities have been discovered in the libtiff package:
Chris Evans discovered several problems in the RLE (run length
encoding) decoders that could lead to arbitrary code execution.
(CAN-2004-0803)
Matthias Clasen discovered a division by zero through an integer
overflow. (CAN-2004-0804)
Dmitry V. Levin discovered several integer overflows that caused
malloc issues which can result to either plain crash or memory
corruption. (CAN-2004-0886)
| Updated Packages |
Mandrakelinux 9.2
342e0d46d16b48bf732061c0c0aef9d6 9.2/RPMS/libtiff-progs-3.5.7-11.3.92mdk.i586.rpm 8d7505fbef628f238f0f8f6a2c4c4ce6 9.2/RPMS/libtiff3-3.5.7-11.3.92mdk.i586.rpm 3a5d661ee581b681ca2c66e3d7b0fad4 9.2/RPMS/libtiff3-devel-3.5.7-11.3.92mdk.i586.rpm fd754879c44546c1d39568efbe7ebc32 9.2/RPMS/libtiff3-static-devel-3.5.7-11.3.92mdk.i586.rpm 7ababace2eca1f1dbfb230edb327e997 9.2/SRPMS/libtiff-3.5.7-11.3.92mdk.src.rpm
Mandrakelinux 9.2/AMD64
97281fdf37e1a5159b128e3db7b7066b amd64/9.2/RPMS/lib64tiff3-3.5.7-11.3.92mdk.amd64.rpm edeb5789fdc7aae046cdae4b2a5d9771 amd64/9.2/RPMS/lib64tiff3-devel-3.5.7-11.3.92mdk.amd64.rpm ea32d0fd16551af256217c3b4e0abea0 amd64/9.2/RPMS/lib64tiff3-static-devel-3.5.7-11.3.92mdk.amd64.rpm fe4055ad1f177b872b409613c0d57ba9 amd64/9.2/RPMS/libtiff-progs-3.5.7-11.3.92mdk.amd64.rpm 7ababace2eca1f1dbfb230edb327e997 amd64/9.2/SRPMS/libtiff-3.5.7-11.3.92mdk.src.rpm
Mandrakelinux 10.0
576f3f4425bc5fd3964ee756c7b07911 10.0/RPMS/libtiff-progs-3.5.7-11.3.100mdk.i586.rpm c90b3f50c9b77df8c371f67bfa3e2b70 10.0/RPMS/libtiff3-3.5.7-11.3.100mdk.i586.rpm 2d311351cccdaaa562c111df431b5991 10.0/RPMS/libtiff3-devel-3.5.7-11.3.100mdk.i586.rpm 97305d2953e6cb6803eed50258f986bf 10.0/RPMS/libtiff3-static-devel-3.5.7-11.3.100mdk.i586.rpm 5ed026a15c36fbf9549aab45e3b316a8 10.0/SRPMS/libtiff-3.5.7-11.3.100mdk.src.rpm
Mandrakelinux 10.0/AMD64
fe25717aa92b9ab9605e56c698b3d503 amd64/10.0/RPMS/lib64tiff3-3.5.7-11.3.100mdk.amd64.rpm 1aa9f1f774688a7f2b0ff9eaf262b0bd amd64/10.0/RPMS/lib64tiff3-devel-3.5.7-11.3.100mdk.amd64.rpm e54c029e1773c399ce5bf5ae10ff039c amd64/10.0/RPMS/lib64tiff3-static-devel-3.5.7-11.3.100mdk.amd64.rpm 9af6fface533b9154f31c9465ebe6627 amd64/10.0/RPMS/libtiff-progs-3.5.7-11.3.100mdk.amd64.rpm 5ed026a15c36fbf9549aab45e3b316a8 amd64/10.0/SRPMS/libtiff-3.5.7-11.3.100mdk.src.rpm
Mandrakelinux 10.1
7dcb2330042ffaee65f56cfaf0553e4d 10.1/RPMS/libtiff-progs-3.6.1-4.1.101mdk.i586.rpm b00b86dc87d2df8a5291f9b9f4072dc6 10.1/RPMS/libtiff3-3.6.1-4.1.101mdk.i586.rpm b703ca13608128f0dd9082fa19a96e81 10.1/RPMS/libtiff3-devel-3.6.1-4.1.101mdk.i586.rpm 9184467d0082e2dc326aed69e62d942c 10.1/RPMS/libtiff3-static-devel-3.6.1-4.1.101mdk.i586.rpm 42ab2d8496c895d2eb148e690a173908 10.1/SRPMS/libtiff-3.6.1-4.1.101mdk.src.rpm
Mandrakelinux 10.1/X86_64
4b6d19bdb6b92d1af4419d07bab26c07 x86_64/10.1/RPMS/lib64tiff3-3.6.1-4.1.101mdk.x86_64.rpm d8fc0d774b7868b63a1eebca47b7985b x86_64/10.1/RPMS/lib64tiff3-devel-3.6.1-4.1.101mdk.x86_64.rpm e1372c616d8c2b7e554b4ece876f94dd x86_64/10.1/RPMS/lib64tiff3-static-devel-3.6.1-4.1.101mdk.x86_64.rpm 147017e9ae739510b2a4cc4aefe35089 x86_64/10.1/RPMS/libtiff-progs-3.6.1-4.1.101mdk.x86_64.rpm 42ab2d8496c895d2eb148e690a173908 x86_64/10.1/SRPMS/libtiff-3.6.1-4.1.101mdk.src.rpm
Multi Network Firewall 8.2
b0f9f6c27d00b5108df636362c6257a0 mnf8.2/RPMS/libtiff3-3.5.5-9.3.M82mdk.i586.rpm 379fd60beb9138056a957ccbd026da69 mnf8.2/SRPMS/libtiff-3.5.5-9.3.M82mdk.src.rpm
Corporate Server 2.1
6c4379d187d9ec039662798e9b362355 corporate/2.1/RPMS/libtiff3-3.5.7-5.3.C21mdk.i586.rpm 85c13f580bb2d63d4d58abc1aaacc2cb corporate/2.1/RPMS/libtiff3-devel-3.5.7-5.3.C21mdk.i586.rpm e3777ef5ae71981647917a33e1c61dc5 corporate/2.1/RPMS/libtiff3-progs-3.5.7-5.3.C21mdk.i586.rpm 814c3358360b600e6315809014ba6d0f corporate/2.1/RPMS/libtiff3-static-devel-3.5.7-5.3.C21mdk.i586.rpm 8f2e9fe94535910dfddac0f808857b21 corporate/2.1/SRPMS/libtiff-3.5.7-5.3.C21mdk.src.rpm
Corporate Server 2.1/X86_64
7a1e261ba70abb98379c25a0137d3262 x86_64/corporate/2.1/RPMS/libtiff3-3.5.7-5.3.C21mdk.x86_64.rpm 56922155c2d3b3f5701523e5a435091b x86_64/corporate/2.1/RPMS/libtiff3-devel-3.5.7-5.3.C21mdk.x86_64.rpm f108ffef73d357abe75745f4127e2003 x86_64/corporate/2.1/RPMS/libtiff3-progs-3.5.7-5.3.C21mdk.x86_64.rpm 8492ab4eb68912cb7c68094b1f2ad4d2 x86_64/corporate/2.1/RPMS/libtiff3-static-devel-3.5.7-5.3.C21mdk.x86_64.rpm 8f2e9fe94535910dfddac0f808857b21 x86_64/corporate/2.1/SRPMS/libtiff-3.5.7-5.3.C21mdk.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0886
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0804
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0803
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.