Nom du paquet
libtiff
Date
2009-12-03
Advisory ID
MDVSA-2009:169-1
Affected versions
2008.0 i586 , 2008.0 x86_64

Problem description

Multiple vulnerabilities has been found and corrected in libtiff:

Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2
allows context-dependent attackers to cause a denial of service (crash)
via a crafted TIFF image, a different vulnerability than CVE-2008-2327
(CVE-2009-2285).

Fix several places in tiff2rgba and rgb2ycbcr that were being careless
about possible integer overflow in calculation of buffer sizes
(CVE-2009-2347).

This update provides fixes for these vulnerabilities.

Update:

Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers

Updated packages

2008.0 i586

 6942dec4f625c5ca859cbf2c35445d19  2008.0/i586/libtiff3-3.8.2-8.2mdv2008.0.i586.rpm
 693b50058e610310fe22274ebcbd4a5e  2008.0/i586/libtiff3-devel-3.8.2-8.2mdv2008.0.i586.rpm
 63c42fbe6a60eb5c5c0614d1b1ca6495  2008.0/i586/libtiff3-static-devel-3.8.2-8.2mdv2008.0.i586.rpm
 cf3bbc57b9eade53f75dfc5b28de96c6  2008.0/i586/libtiff-progs-3.8.2-8.2mdv2008.0.i586.rpm 
 dd7d7876d10944c42ca76e8c71eb4c35  2008.0/SRPMS/libtiff-3.8.2-8.2mdv2008.0.src.rpm

2008.0 x86_64

 b4c14d385a14e9dbca6ccf1c37cdf1a4  2008.0/x86_64/lib64tiff3-3.8.2-8.2mdv2008.0.x86_64.rpm
 97329de609ab88d18dccee7631825466  2008.0/x86_64/lib64tiff3-devel-3.8.2-8.2mdv2008.0.x86_64.rpm
 0740aa57941c1b9413b463ef7267138d  2008.0/x86_64/lib64tiff3-static-devel-3.8.2-8.2mdv2008.0.x86_64.rpm
 8f5619fd9995c58d83cf5c6b44576452  2008.0/x86_64/libtiff-progs-3.8.2-8.2mdv2008.0.x86_64.rpm 
 dd7d7876d10944c42ca76e8c71eb4c35  2008.0/SRPMS/libtiff-3.8.2-8.2mdv2008.0.src.rpm

References