Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

MDKSA-2004:109 - Updated libtiff packages fix multiple vulnerabilities
From: Mandrake Linux Security Team <security () linux-mandrake com>
Date: 20 Oct 2004 04:32:31 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           libtiff
 Advisory ID:            MDKSA-2004:109
 Date:                   October 19th, 2004

 Affected versions:      10.0, 9.2, Corporate Server 2.1,
                         Multi Network Firewall 8.2
 ______________________________________________________________________

 Problem Description:

 Several vulnerabilities have been discovered in the libtiff package:
 
 Chris Evans discovered several problems in the RLE (run length              
 encoding) decoders that could lead to arbitrary code execution.
 (CAN-2004-0803) 
     
 Matthias Clasen discovered a division by zero through an integer            
 overflow. (CAN-2004-0804)
 
 Dmitry V. Levin discovered several integer overflows that caused            
 malloc issues which can result to either plain crash or memory              
 corruption. (CAN-2004-0886) 
        
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0803
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0804
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0886
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 576f3f4425bc5fd3964ee756c7b07911  10.0/RPMS/libtiff-progs-3.5.7-11.3.100mdk.i586.rpm
 c90b3f50c9b77df8c371f67bfa3e2b70  10.0/RPMS/libtiff3-3.5.7-11.3.100mdk.i586.rpm
 2d311351cccdaaa562c111df431b5991  10.0/RPMS/libtiff3-devel-3.5.7-11.3.100mdk.i586.rpm
 97305d2953e6cb6803eed50258f986bf  10.0/RPMS/libtiff3-static-devel-3.5.7-11.3.100mdk.i586.rpm
 5ed026a15c36fbf9549aab45e3b316a8  10.0/SRPMS/libtiff-3.5.7-11.3.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 fe25717aa92b9ab9605e56c698b3d503  amd64/10.0/RPMS/lib64tiff3-3.5.7-11.3.100mdk.amd64.rpm
 1aa9f1f774688a7f2b0ff9eaf262b0bd  amd64/10.0/RPMS/lib64tiff3-devel-3.5.7-11.3.100mdk.amd64.rpm
 e54c029e1773c399ce5bf5ae10ff039c  amd64/10.0/RPMS/lib64tiff3-static-devel-3.5.7-11.3.100mdk.amd64.rpm
 9af6fface533b9154f31c9465ebe6627  amd64/10.0/RPMS/libtiff-progs-3.5.7-11.3.100mdk.amd64.rpm
 5ed026a15c36fbf9549aab45e3b316a8  amd64/10.0/SRPMS/libtiff-3.5.7-11.3.100mdk.src.rpm

 Corporate Server 2.1:
 6c4379d187d9ec039662798e9b362355  corporate/2.1/RPMS/libtiff3-3.5.7-5.3.C21mdk.i586.rpm
 85c13f580bb2d63d4d58abc1aaacc2cb  corporate/2.1/RPMS/libtiff3-devel-3.5.7-5.3.C21mdk.i586.rpm
 e3777ef5ae71981647917a33e1c61dc5  corporate/2.1/RPMS/libtiff3-progs-3.5.7-5.3.C21mdk.i586.rpm
 814c3358360b600e6315809014ba6d0f  corporate/2.1/RPMS/libtiff3-static-devel-3.5.7-5.3.C21mdk.i586.rpm
 8f2e9fe94535910dfddac0f808857b21  corporate/2.1/SRPMS/libtiff-3.5.7-5.3.C21mdk.src.rpm

 Corporate Server 2.1/x86_64:
 7a1e261ba70abb98379c25a0137d3262  x86_64/corporate/2.1/RPMS/libtiff3-3.5.7-5.3.C21mdk.x86_64.rpm
 56922155c2d3b3f5701523e5a435091b  x86_64/corporate/2.1/RPMS/libtiff3-devel-3.5.7-5.3.C21mdk.x86_64.rpm
 f108ffef73d357abe75745f4127e2003  x86_64/corporate/2.1/RPMS/libtiff3-progs-3.5.7-5.3.C21mdk.x86_64.rpm
 8492ab4eb68912cb7c68094b1f2ad4d2  x86_64/corporate/2.1/RPMS/libtiff3-static-devel-3.5.7-5.3.C21mdk.x86_64.rpm
 8f2e9fe94535910dfddac0f808857b21  x86_64/corporate/2.1/SRPMS/libtiff-3.5.7-5.3.C21mdk.src.rpm

 Mandrakelinux 9.2:
 342e0d46d16b48bf732061c0c0aef9d6  9.2/RPMS/libtiff-progs-3.5.7-11.3.92mdk.i586.rpm
 8d7505fbef628f238f0f8f6a2c4c4ce6  9.2/RPMS/libtiff3-3.5.7-11.3.92mdk.i586.rpm
 3a5d661ee581b681ca2c66e3d7b0fad4  9.2/RPMS/libtiff3-devel-3.5.7-11.3.92mdk.i586.rpm
 fd754879c44546c1d39568efbe7ebc32  9.2/RPMS/libtiff3-static-devel-3.5.7-11.3.92mdk.i586.rpm
 7ababace2eca1f1dbfb230edb327e997  9.2/SRPMS/libtiff-3.5.7-11.3.92mdk.src.rpm

 Mandrakelinux 9.2/AMD64:
 97281fdf37e1a5159b128e3db7b7066b  amd64/9.2/RPMS/lib64tiff3-3.5.7-11.3.92mdk.amd64.rpm
 edeb5789fdc7aae046cdae4b2a5d9771  amd64/9.2/RPMS/lib64tiff3-devel-3.5.7-11.3.92mdk.amd64.rpm
 ea32d0fd16551af256217c3b4e0abea0  amd64/9.2/RPMS/lib64tiff3-static-devel-3.5.7-11.3.92mdk.amd64.rpm
 fe4055ad1f177b872b409613c0d57ba9  amd64/9.2/RPMS/libtiff-progs-3.5.7-11.3.92mdk.amd64.rpm
 7ababace2eca1f1dbfb230edb327e997  amd64/9.2/SRPMS/libtiff-3.5.7-11.3.92mdk.src.rpm

 Multi Network Firewall 8.2:
 b0f9f6c27d00b5108df636362c6257a0  mnf8.2/RPMS/libtiff3-3.5.5-9.3.M82mdk.i586.rpm
 379fd60beb9138056a957ccbd026da69  mnf8.2/SRPMS/libtiff-3.5.5-9.3.M82mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBdepfmqjQ0CJFipgRAsAqAJ46l450VXTsbDQ6ZqmSDAnbdVP81gCg5YL8
8ltMT/xV+7GPLMQdgvTZ0r4=
=b2oa
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
  • MDKSA-2004:109 - Updated libtiff packages fix multiple vulnerabilities Mandrake Linux Security Team (Oct 20)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault