Login
Newsletter
Werbung
Sicherheit: Ausführen beliebiger Kommandos in libtiff
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in libtiff
ID: MDVSA-2009:150
Distribution: Mandriva
Plattformen: Mandriva Corporate 3.0, Mandriva Multi Network Firewall 2.0, Mandriva Corporate 4.0, Mandriva 2008.1, Mandriva 2009.0, Mandriva 2009.1
Datum: Mo, 13. Juli 2009, 22:45
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2285
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2347
Applikationen: libtiff

Originalnachricht

 
This is a multi-part message in MIME format...

------------=_1247517931-13155-248


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:150
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : libtiff
 Date    : July 13, 2009
 Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0,
           Multi Network Firewall 2.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been found and corrected in libtiff:
 
 Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2
 allows context-dependent attackers to cause a denial of service (crash)
 via a crafted TIFF image, a different vulnerability than CVE-2008-2327
 (CVE-2009-2285).
 
 Fix several places in tiff2rgba and rgb2ycbcr that were being careless
 about possible integer overflow in calculation of buffer sizes
 (CVE-2009-2347).
 
 This update provides fixes for these vulnerabilities.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2285
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2347
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.1:
 7c56d843d17efce1717654ceb4efe3e1 
 2008.1/i586/libtiff3-3.8.2-10.2mdv2008.1.i586.rpm
 9d02ed754eafe7a33b2fb4b5a8e7b1d1 
 2008.1/i586/libtiff3-devel-3.8.2-10.2mdv2008.1.i586.rpm
 619b12e1013c645db1aca659b1ea6805 
 2008.1/i586/libtiff3-static-devel-3.8.2-10.2mdv2008.1.i586.rpm
 5d94641411d637493e7e413045fa82a9 
 2008.1/i586/libtiff-progs-3.8.2-10.2mdv2008.1.i586.rpm 
 73795a036f1b81ca0c1233df6f7d8fad 
 2008.1/SRPMS/libtiff-3.8.2-10.2mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 52e0eb4a0230bbdb245b787ba53c0903 
 2008.1/x86_64/lib64tiff3-3.8.2-10.2mdv2008.1.x86_64.rpm
 147525496bca6fcee3a741f2350e8441 
 2008.1/x86_64/lib64tiff3-devel-3.8.2-10.2mdv2008.1.x86_64.rpm
 c4ed6f9405dcb64edfebba00272f7596 
 2008.1/x86_64/lib64tiff3-static-devel-3.8.2-10.2mdv2008.1.x86_64.rpm
 0844ecf1e6941fbde9fc358e34a3136e 
 2008.1/x86_64/libtiff-progs-3.8.2-10.2mdv2008.1.x86_64.rpm 
 73795a036f1b81ca0c1233df6f7d8fad 
 2008.1/SRPMS/libtiff-3.8.2-10.2mdv2008.1.src.rpm

 Mandriva Linux 2009.0:
 75efa7472bffceaecb10016c22621de7 
 2009.0/i586/libtiff3-3.8.2-12.1mdv2009.0.i586.rpm
 aa82f5e49bb942688cbc85d55318b290 
 2009.0/i586/libtiff3-devel-3.8.2-12.1mdv2009.0.i586.rpm
 0a93799b79a70ab2a900d12030907e78 
 2009.0/i586/libtiff3-static-devel-3.8.2-12.1mdv2009.0.i586.rpm
 efe9ac463f0b551859c8349c8c63e288 
 2009.0/i586/libtiff-progs-3.8.2-12.1mdv2009.0.i586.rpm 
 52799196d155f1582dbf5a76ffd93e0e 
 2009.0/SRPMS/libtiff-3.8.2-12.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 89138d743bbf89abf1f0f879bc2ed829 
 2009.0/x86_64/lib64tiff3-3.8.2-12.1mdv2009.0.x86_64.rpm
 f5f55f26af4641878dc3a057a764f83a 
 2009.0/x86_64/lib64tiff3-devel-3.8.2-12.1mdv2009.0.x86_64.rpm
 5a99217d3a034504b4fc4d120764d793 
 2009.0/x86_64/lib64tiff3-static-devel-3.8.2-12.1mdv2009.0.x86_64.rpm
 5abd09147419ec5b4008306a424c22d8 
 2009.0/x86_64/libtiff-progs-3.8.2-12.1mdv2009.0.x86_64.rpm 
 52799196d155f1582dbf5a76ffd93e0e 
 2009.0/SRPMS/libtiff-3.8.2-12.1mdv2009.0.src.rpm

 Mandriva Linux 2009.1:
 0a1eace7d782a42df040267874fed9f1 
 2009.1/i586/libtiff3-3.8.2-13.1mdv2009.1.i586.rpm
 7dd6bd104131b115130e6feeba9d4766 
 2009.1/i586/libtiff3-devel-3.8.2-13.1mdv2009.1.i586.rpm
 32658d8a98def2e32a757bfb6ea64d28 
 2009.1/i586/libtiff3-static-devel-3.8.2-13.1mdv2009.1.i586.rpm
 53d18d66fc849a6128e5961d95892e7c 
 2009.1/i586/libtiff-progs-3.8.2-13.1mdv2009.1.i586.rpm 
 27b6b2d285832c2ab5e8a2c25a6102b3 
 2009.1/SRPMS/libtiff-3.8.2-13.1mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 26516d312785c5f9e2a5f37e1651ffbb 
 2009.1/x86_64/lib64tiff3-3.8.2-13.1mdv2009.1.x86_64.rpm
 91e72dcc4d1866b7978dfcd493393d2e 
 2009.1/x86_64/lib64tiff3-devel-3.8.2-13.1mdv2009.1.x86_64.rpm
 9a4d6177df03395106d00e7f8a009e2b 
 2009.1/x86_64/lib64tiff3-static-devel-3.8.2-13.1mdv2009.1.x86_64.rpm
 b0cffa6ebb21e850847089cad50f1e7a 
 2009.1/x86_64/libtiff-progs-3.8.2-13.1mdv2009.1.x86_64.rpm 
 27b6b2d285832c2ab5e8a2c25a6102b3 
 2009.1/SRPMS/libtiff-3.8.2-13.1mdv2009.1.src.rpm

 Corporate 3.0:
 5e5facf365d83f647ba3b1c0afecb8c8 
 corporate/3.0/i586/libtiff3-3.5.7-11.15.C30mdk.i586.rpm
 288ab11a153d4df48c4fadadfab0b653 
 corporate/3.0/i586/libtiff3-devel-3.5.7-11.15.C30mdk.i586.rpm
 0fa52891fc9cafff6d4b6de9d8a23262 
 corporate/3.0/i586/libtiff3-static-devel-3.5.7-11.15.C30mdk.i586.rpm
 c4ba5b9ab1caf7cff8addc84d778f4d4 
 corporate/3.0/i586/libtiff-progs-3.5.7-11.15.C30mdk.i586.rpm 
 72c81050e7296c63de08282f2f369283 
 corporate/3.0/SRPMS/libtiff-3.5.7-11.15.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 092479cb8de7b269197d06595b68f71c 
 corporate/3.0/x86_64/lib64tiff3-3.5.7-11.15.C30mdk.x86_64.rpm
 ea7f46c3e639d24f40449b599f5b2382 
 corporate/3.0/x86_64/lib64tiff3-devel-3.5.7-11.15.C30mdk.x86_64.rpm
 b414cd225488b9a68bbfc611fc72924f 
 corporate/3.0/x86_64/lib64tiff3-static-devel-3.5.7-11.15.C30mdk.x86_64.rpm
 9f008c60f557b086915e65e78a56ecfd 
 corporate/3.0/x86_64/libtiff-progs-3.5.7-11.15.C30mdk.x86_64.rpm 
 72c81050e7296c63de08282f2f369283 
 corporate/3.0/SRPMS/libtiff-3.5.7-11.15.C30mdk.src.rpm

 Corporate 4.0:
 25cd088ef8715634db5dedd68611125e 
 corporate/4.0/i586/libtiff3-3.6.1-12.8.20060mlcs4.i586.rpm
 e0df8bc6f18fa4e8585734a1541e6849 
 corporate/4.0/i586/libtiff3-devel-3.6.1-12.8.20060mlcs4.i586.rpm
 b44feabddefea2f192782b6ae313045c 
 corporate/4.0/i586/libtiff3-static-devel-3.6.1-12.8.20060mlcs4.i586.rpm
 8beb0af53dd07fb685c61a507dda9a00 
 corporate/4.0/i586/libtiff-progs-3.6.1-12.8.20060mlcs4.i586.rpm 
 b205c0dc185b0a55bd5521d3f6e416f0 
 corporate/4.0/SRPMS/libtiff-3.6.1-12.8.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 36e6479eacb594dfbb34deff16b99ba5 
 corporate/4.0/x86_64/lib64tiff3-3.6.1-12.8.20060mlcs4.x86_64.rpm
 0c37e2b3981cb44f25734ad4903aad11 
 corporate/4.0/x86_64/lib64tiff3-devel-3.6.1-12.8.20060mlcs4.x86_64.rpm
 08a1408d4aef9a858900c2e7444d2b66 
 corporate/4.0/x86_64/lib64tiff3-static-devel-3.6.1-12.8.20060mlcs4.x86_64.rpm
 ff20e3e86ddb53df420bb3ce78f894ac 
 corporate/4.0/x86_64/libtiff-progs-3.6.1-12.8.20060mlcs4.x86_64.rpm 
 b205c0dc185b0a55bd5521d3f6e416f0 
 corporate/4.0/SRPMS/libtiff-3.6.1-12.8.20060mlcs4.src.rpm

 Multi Network Firewall 2.0:
 134c05da89014e53836b7e6a230a766d 
 mnf/2.0/i586/libtiff3-3.5.7-11.15.C30mdk.i586.rpm
 81c805e63e9c9c98e135c9b7a6cc1925 
 mnf/2.0/i586/libtiff3-devel-3.5.7-11.15.C30mdk.i586.rpm
 9aa2e598ce292505a2ef2f3718401e05 
 mnf/2.0/i586/libtiff3-static-devel-3.5.7-11.15.C30mdk.i586.rpm
 cefb377ab47ead9e47594e9b9e78b676 
 mnf/2.0/i586/libtiff-progs-3.5.7-11.15.C30mdk.i586.rpm 
 b34af1bd2ec1986ff9dc65efe5d87c43 
 mnf/2.0/SRPMS/libtiff-3.5.7-11.15.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKW3ZnmqjQ0CJFipgRAnkvAJ98BXT7+cg9tL9H8hucbF5UmcpcPQCgko2O
HW+jXwDDqrNF1u8bY2AmHLA=
=vJdX
-----END PGP SIGNATURE-----


------------=_1247517931-13155-248
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva? 
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1247517931-13155-248--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung