Login
Newsletter
Werbung
Sicherheit: Pufferüberlauf in libtiff
Aktuelle Meldungen Distributionen
Name: Pufferüberlauf in libtiff
ID: MDVSA-2008:184
Distribution: Mandriva
Plattformen: Mandriva Corporate 3.0, Mandriva Multi Network Firewall 2.0, Mandriva Corporate 4.0, Mandriva 2007.1, Mandriva 2008.0, Mandriva 2008.1
Datum: Mi, 3. September 2008, 21:15
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2327
Applikationen: libtiff

Originalnachricht

 
This is a multi-part message in MIME format...

------------=_1220469336-11275-8785


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2008:184
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : libtiff
 Date    : September 3, 2008
 Affected: 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0,
           Multi Network Firewall 2.0
 _______________________________________________________________________

 Problem Description:

 Drew Yaro of the Apple Product Security Team reported multiple uses of
 uninitialized values in libtiff's LZW compression algorithm decoder.
 An attacker could create a carefully crafted LZW-encoded TIFF file that
 would cause an application linked to libtiff to crash or potentially
 execute arbitrary code (CVE-2008-2327).
 
 The updated packages have been patched to prevent this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2327
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2007.1:
 5453e1e862c9516bf754ff5dd0510e99 
 2007.1/i586/libtiff3-3.8.2-8.1mdv2007.1.i586.rpm
 c41cc4f89c2a576b31f55604020686b9 
 2007.1/i586/libtiff3-devel-3.8.2-8.1mdv2007.1.i586.rpm
 3a84a5b36810fc04266b0e8db40cf95a 
 2007.1/i586/libtiff3-static-devel-3.8.2-8.1mdv2007.1.i586.rpm
 2e184a5e809f31357e1238d4ffb0e7e7 
 2007.1/i586/libtiff-progs-3.8.2-8.1mdv2007.1.i586.rpm 
 6f0b7a336c92b3f6026882f16fea8e36 
 2007.1/SRPMS/libtiff-3.8.2-8.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 712950c98f929999cb7a53dad56db456 
 2007.1/x86_64/lib64tiff3-3.8.2-8.1mdv2007.1.x86_64.rpm
 820be023570529dbcbc4682a687aa59d 
 2007.1/x86_64/lib64tiff3-devel-3.8.2-8.1mdv2007.1.x86_64.rpm
 741e09ecc07a42f95ba97f99daf8b474 
 2007.1/x86_64/lib64tiff3-static-devel-3.8.2-8.1mdv2007.1.x86_64.rpm
 5f44d3ec3d223be06ecdeacae2fc3c04 
 2007.1/x86_64/libtiff-progs-3.8.2-8.1mdv2007.1.x86_64.rpm 
 6f0b7a336c92b3f6026882f16fea8e36 
 2007.1/SRPMS/libtiff-3.8.2-8.1mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 f48e75c73b1485dd999147f6916d714b 
 2008.0/i586/libtiff3-3.8.2-8.1mdv2008.0.i586.rpm
 1f81e09035972f2dd658b740913027f8 
 2008.0/i586/libtiff3-devel-3.8.2-8.1mdv2008.0.i586.rpm
 38cb329a1841478e36a4c2f78c2b9d0f 
 2008.0/i586/libtiff3-static-devel-3.8.2-8.1mdv2008.0.i586.rpm
 a69b25380f8eb9dff4cae5731aa1576b 
 2008.0/i586/libtiff-progs-3.8.2-8.1mdv2008.0.i586.rpm 
 4062ab04fafcc0b310643bdbcc39e343 
 2008.0/SRPMS/libtiff-3.8.2-8.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 e06c6562905343841510dc6149321ea7 
 2008.0/x86_64/lib64tiff3-3.8.2-8.1mdv2008.0.x86_64.rpm
 2645a673dd22ff97b87f315e228a6e8a 
 2008.0/x86_64/lib64tiff3-devel-3.8.2-8.1mdv2008.0.x86_64.rpm
 3b35439a9606085a451c85fb87762476 
 2008.0/x86_64/lib64tiff3-static-devel-3.8.2-8.1mdv2008.0.x86_64.rpm
 712fa17a6debde8aaa02b6b63f25e99c 
 2008.0/x86_64/libtiff-progs-3.8.2-8.1mdv2008.0.x86_64.rpm 
 4062ab04fafcc0b310643bdbcc39e343 
 2008.0/SRPMS/libtiff-3.8.2-8.1mdv2008.0.src.rpm

 Mandriva Linux 2008.1:
 96ab6a2cbd02a41d51d28852ba8c542a 
 2008.1/i586/libtiff3-3.8.2-10.1mdv2008.1.i586.rpm
 586ed80dcca4c1512fa0a8f344c4b1ca 
 2008.1/i586/libtiff3-devel-3.8.2-10.1mdv2008.1.i586.rpm
 8536b2918799e028e92946ae5a9f8bfa 
 2008.1/i586/libtiff3-static-devel-3.8.2-10.1mdv2008.1.i586.rpm
 0e311bd531287bd6f71aede0ab233375 
 2008.1/i586/libtiff-progs-3.8.2-10.1mdv2008.1.i586.rpm 
 991200fe0e312eb8532e76a42a5f5f36 
 2008.1/SRPMS/libtiff-3.8.2-10.1mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 67aba91807aa52b92baefac9f51e5991 
 2008.1/x86_64/lib64tiff3-3.8.2-10.1mdv2008.1.x86_64.rpm
 60bfa4862afb7b8719fa17c7661a422f 
 2008.1/x86_64/lib64tiff3-devel-3.8.2-10.1mdv2008.1.x86_64.rpm
 6e96394972e36c83768433e2b2ad36a7 
 2008.1/x86_64/lib64tiff3-static-devel-3.8.2-10.1mdv2008.1.x86_64.rpm
 0a16cd2b222893004166293534b9edde 
 2008.1/x86_64/libtiff-progs-3.8.2-10.1mdv2008.1.x86_64.rpm 
 991200fe0e312eb8532e76a42a5f5f36 
 2008.1/SRPMS/libtiff-3.8.2-10.1mdv2008.1.src.rpm

 Corporate 3.0:
 518e89f46b971a1bb21ae1c014247924 
 corporate/3.0/i586/libtiff3-3.5.7-11.14.C30mdk.i586.rpm
 d60decb8c0b256b22f78aadbe8eebe0c 
 corporate/3.0/i586/libtiff3-devel-3.5.7-11.14.C30mdk.i586.rpm
 b3f257066e07132549b2d5027736c028 
 corporate/3.0/i586/libtiff3-static-devel-3.5.7-11.14.C30mdk.i586.rpm
 2907ac3739e1718f7908ce64c3fd7867 
 corporate/3.0/i586/libtiff-progs-3.5.7-11.14.C30mdk.i586.rpm 
 e08892c5ded68d96e16862f8b69946ab 
 corporate/3.0/SRPMS/libtiff-3.5.7-11.14.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 bec82cc9258d4500374b06871f420492 
 corporate/3.0/x86_64/lib64tiff3-3.5.7-11.14.C30mdk.x86_64.rpm
 3baa1d2a9aef965ec71ed15ba8bf1a20 
 corporate/3.0/x86_64/lib64tiff3-devel-3.5.7-11.14.C30mdk.x86_64.rpm
 02a22843046e7a3a3208e20ff95f633a 
 corporate/3.0/x86_64/lib64tiff3-static-devel-3.5.7-11.14.C30mdk.x86_64.rpm
 529cb32db1c9e2f21278ec3154498278 
 corporate/3.0/x86_64/libtiff-progs-3.5.7-11.14.C30mdk.x86_64.rpm 
 e08892c5ded68d96e16862f8b69946ab 
 corporate/3.0/SRPMS/libtiff-3.5.7-11.14.C30mdk.src.rpm

 Corporate 4.0:
 700cb8f74636fbb25f2dd2a8d73c3841 
 corporate/4.0/i586/libtiff3-3.6.1-12.7.20060mlcs4.i586.rpm
 305bb87c84edf3261491526a9deef8f9 
 corporate/4.0/i586/libtiff3-devel-3.6.1-12.7.20060mlcs4.i586.rpm
 46bdebacb26f5f05ce572e7de85277e8 
 corporate/4.0/i586/libtiff3-static-devel-3.6.1-12.7.20060mlcs4.i586.rpm
 b637cbfec742d8a2c06106cb94c36b5a 
 corporate/4.0/i586/libtiff-progs-3.6.1-12.7.20060mlcs4.i586.rpm 
 bb4663c662718a57113cf78d7e8c7b13 
 corporate/4.0/SRPMS/libtiff-3.6.1-12.7.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 e655bb4c3a7b87eb363dcfd24f139dcf 
 corporate/4.0/x86_64/lib64tiff3-3.6.1-12.7.20060mlcs4.x86_64.rpm
 f9676f4f1400c9311d320a88d67d8b91 
 corporate/4.0/x86_64/lib64tiff3-devel-3.6.1-12.7.20060mlcs4.x86_64.rpm
 5c0dccb5f0168c4e43672d9d7982d49f 
 corporate/4.0/x86_64/lib64tiff3-static-devel-3.6.1-12.7.20060mlcs4.x86_64.rpm
 87a216a31e01f158135a23095fd341a1 
 corporate/4.0/x86_64/libtiff-progs-3.6.1-12.7.20060mlcs4.x86_64.rpm 
 bb4663c662718a57113cf78d7e8c7b13 
 corporate/4.0/SRPMS/libtiff-3.6.1-12.7.20060mlcs4.src.rpm

 Multi Network Firewall 2.0:
 5acf2c9864c31560ac109574e94caef0 
 mnf/2.0/i586/libtiff3-3.5.7-11.14.C30mdk.i586.rpm 
 b2f1fc5125dd9e951d6d38ead8050461 
 mnf/2.0/SRPMS/libtiff-3.5.7-11.14.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFIvrMbmqjQ0CJFipgRAqv6AJ9eEBD7LXdc9E8dpYGimLzumWjvUgCgxA3+
gSpOlHU8sZnY2OoFJ9KzkMw=
=8p0b
-----END PGP SIGNATURE-----


------------=_1220469336-11275-8785
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva? 
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1220469336-11275-8785--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung