|
|
| Problem Description |
Multiple vulnerabilities has been found and corrected in libtiff:
Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2
allows context-dependent attackers to cause a denial of service (crash)
via a crafted TIFF image, a different vulnerability than CVE-2008-2327
(CVE-2009-2285).
Fix several places in tiff2rgba and rgb2ycbcr that were being careless
about possible integer overflow in calculation of buffer sizes
(CVE-2009-2347).
This update provides fixes for these vulnerabilities.
| Updated Packages |
Corporate Server 3.0
5e5facf365d83f647ba3b1c0afecb8c8 corporate/3.0/i586/libtiff3-3.5.7-11.15.C30mdk.i586.rpm 288ab11a153d4df48c4fadadfab0b653 corporate/3.0/i586/libtiff3-devel-3.5.7-11.15.C30mdk.i586.rpm 0fa52891fc9cafff6d4b6de9d8a23262 corporate/3.0/i586/libtiff3-static-devel-3.5.7-11.15.C30mdk.i586.rpm c4ba5b9ab1caf7cff8addc84d778f4d4 corporate/3.0/i586/libtiff-progs-3.5.7-11.15.C30mdk.i586.rpm 72c81050e7296c63de08282f2f369283 corporate/3.0/SRPMS/libtiff-3.5.7-11.15.C30mdk.src.rpm
Corporate Server 3.0/X86_64
092479cb8de7b269197d06595b68f71c corporate/3.0/x86_64/lib64tiff3-3.5.7-11.15.C30mdk.x86_64.rpm ea7f46c3e639d24f40449b599f5b2382 corporate/3.0/x86_64/lib64tiff3-devel-3.5.7-11.15.C30mdk.x86_64.rpm b414cd225488b9a68bbfc611fc72924f corporate/3.0/x86_64/lib64tiff3-static-devel-3.5.7-11.15.C30mdk.x86_64.rpm 9f008c60f557b086915e65e78a56ecfd corporate/3.0/x86_64/libtiff-progs-3.5.7-11.15.C30mdk.x86_64.rpm 72c81050e7296c63de08282f2f369283 corporate/3.0/SRPMS/libtiff-3.5.7-11.15.C30mdk.src.rpm
Multi Network Firewall 2.0
134c05da89014e53836b7e6a230a766d mnf/2.0/i586/libtiff3-3.5.7-11.15.C30mdk.i586.rpm 81c805e63e9c9c98e135c9b7a6cc1925 mnf/2.0/i586/libtiff3-devel-3.5.7-11.15.C30mdk.i586.rpm 9aa2e598ce292505a2ef2f3718401e05 mnf/2.0/i586/libtiff3-static-devel-3.5.7-11.15.C30mdk.i586.rpm cefb377ab47ead9e47594e9b9e78b676 mnf/2.0/i586/libtiff-progs-3.5.7-11.15.C30mdk.i586.rpm b34af1bd2ec1986ff9dc65efe5d87c43 mnf/2.0/SRPMS/libtiff-3.5.7-11.15.C30mdk.src.rpm
Corporate Server 4.0
25cd088ef8715634db5dedd68611125e corporate/4.0/i586/libtiff3-3.6.1-12.8.20060mlcs4.i586.rpm e0df8bc6f18fa4e8585734a1541e6849 corporate/4.0/i586/libtiff3-devel-3.6.1-12.8.20060mlcs4.i586.rpm b44feabddefea2f192782b6ae313045c corporate/4.0/i586/libtiff3-static-devel-3.6.1-12.8.20060mlcs4.i586.rpm 8beb0af53dd07fb685c61a507dda9a00 corporate/4.0/i586/libtiff-progs-3.6.1-12.8.20060mlcs4.i586.rpm b205c0dc185b0a55bd5521d3f6e416f0 corporate/4.0/SRPMS/libtiff-3.6.1-12.8.20060mlcs4.src.rpm
Corporate Server 4.0/X86_64
36e6479eacb594dfbb34deff16b99ba5 corporate/4.0/x86_64/lib64tiff3-3.6.1-12.8.20060mlcs4.x86_64.rpm 0c37e2b3981cb44f25734ad4903aad11 corporate/4.0/x86_64/lib64tiff3-devel-3.6.1-12.8.20060mlcs4.x86_64.rpm 08a1408d4aef9a858900c2e7444d2b66 corporate/4.0/x86_64/lib64tiff3-static-devel-3.6.1-12.8.20060mlcs4.x86_64.rpm ff20e3e86ddb53df420bb3ce78f894ac corporate/4.0/x86_64/libtiff-progs-3.6.1-12.8.20060mlcs4.x86_64.rpm b205c0dc185b0a55bd5521d3f6e416f0 corporate/4.0/SRPMS/libtiff-3.6.1-12.8.20060mlcs4.src.rpm
Mandriva Linux 2008.1
7c56d843d17efce1717654ceb4efe3e1 2008.1/i586/libtiff3-3.8.2-10.2mdv2008.1.i586.rpm 9d02ed754eafe7a33b2fb4b5a8e7b1d1 2008.1/i586/libtiff3-devel-3.8.2-10.2mdv2008.1.i586.rpm 619b12e1013c645db1aca659b1ea6805 2008.1/i586/libtiff3-static-devel-3.8.2-10.2mdv2008.1.i586.rpm 5d94641411d637493e7e413045fa82a9 2008.1/i586/libtiff-progs-3.8.2-10.2mdv2008.1.i586.rpm 73795a036f1b81ca0c1233df6f7d8fad 2008.1/SRPMS/libtiff-3.8.2-10.2mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64
52e0eb4a0230bbdb245b787ba53c0903 2008.1/x86_64/lib64tiff3-3.8.2-10.2mdv2008.1.x86_64.rpm 147525496bca6fcee3a741f2350e8441 2008.1/x86_64/lib64tiff3-devel-3.8.2-10.2mdv2008.1.x86_64.rpm c4ed6f9405dcb64edfebba00272f7596 2008.1/x86_64/lib64tiff3-static-devel-3.8.2-10.2mdv2008.1.x86_64.rpm 0844ecf1e6941fbde9fc358e34a3136e 2008.1/x86_64/libtiff-progs-3.8.2-10.2mdv2008.1.x86_64.rpm 73795a036f1b81ca0c1233df6f7d8fad 2008.1/SRPMS/libtiff-3.8.2-10.2mdv2008.1.src.rpm
Mandriva Linux 2009.0
75efa7472bffceaecb10016c22621de7 2009.0/i586/libtiff3-3.8.2-12.1mdv2009.0.i586.rpm aa82f5e49bb942688cbc85d55318b290 2009.0/i586/libtiff3-devel-3.8.2-12.1mdv2009.0.i586.rpm 0a93799b79a70ab2a900d12030907e78 2009.0/i586/libtiff3-static-devel-3.8.2-12.1mdv2009.0.i586.rpm efe9ac463f0b551859c8349c8c63e288 2009.0/i586/libtiff-progs-3.8.2-12.1mdv2009.0.i586.rpm 52799196d155f1582dbf5a76ffd93e0e 2009.0/SRPMS/libtiff-3.8.2-12.1mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64
89138d743bbf89abf1f0f879bc2ed829 2009.0/x86_64/lib64tiff3-3.8.2-12.1mdv2009.0.x86_64.rpm f5f55f26af4641878dc3a057a764f83a 2009.0/x86_64/lib64tiff3-devel-3.8.2-12.1mdv2009.0.x86_64.rpm 5a99217d3a034504b4fc4d120764d793 2009.0/x86_64/lib64tiff3-static-devel-3.8.2-12.1mdv2009.0.x86_64.rpm 5abd09147419ec5b4008306a424c22d8 2009.0/x86_64/libtiff-progs-3.8.2-12.1mdv2009.0.x86_64.rpm 52799196d155f1582dbf5a76ffd93e0e 2009.0/SRPMS/libtiff-3.8.2-12.1mdv2009.0.src.rpm
Mandriva Linux 2009.1
0a1eace7d782a42df040267874fed9f1 2009.1/i586/libtiff3-3.8.2-13.1mdv2009.1.i586.rpm 7dd6bd104131b115130e6feeba9d4766 2009.1/i586/libtiff3-devel-3.8.2-13.1mdv2009.1.i586.rpm 32658d8a98def2e32a757bfb6ea64d28 2009.1/i586/libtiff3-static-devel-3.8.2-13.1mdv2009.1.i586.rpm 53d18d66fc849a6128e5961d95892e7c 2009.1/i586/libtiff-progs-3.8.2-13.1mdv2009.1.i586.rpm 27b6b2d285832c2ab5e8a2c25a6102b3 2009.1/SRPMS/libtiff-3.8.2-13.1mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64
26516d312785c5f9e2a5f37e1651ffbb 2009.1/x86_64/lib64tiff3-3.8.2-13.1mdv2009.1.x86_64.rpm 91e72dcc4d1866b7978dfcd493393d2e 2009.1/x86_64/lib64tiff3-devel-3.8.2-13.1mdv2009.1.x86_64.rpm 9a4d6177df03395106d00e7f8a009e2b 2009.1/x86_64/lib64tiff3-static-devel-3.8.2-13.1mdv2009.1.x86_64.rpm b0cffa6ebb21e850847089cad50f1e7a 2009.1/x86_64/libtiff-progs-3.8.2-13.1mdv2009.1.x86_64.rpm 27b6b2d285832c2ab5e8a2c25a6102b3 2009.1/SRPMS/libtiff-3.8.2-13.1mdv2009.1.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2347
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2285
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.