Mandriva Linux Security Advisory 2011-064 - Buffer overflow in LibTIFF allows remote attackers to execute arbitrary code or cause a denial of service via a crafted TIFF image with JPEG encoding. Heap-based buffer overflow in the thunder decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a.tiff file that has an unexpected BitsPerSample value.
6ac748ece14189ec17ddd69410b44f068bff96190b2fe40bcf033768554b799f
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2011:064
http://www.mandriva.com/security/
_______________________________________________________________________
Package : libtiff
Date : April 4, 2011
Affected: 2009.0, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities were discovered and corrected in libtiff:
Buffer overflow in LibTIFF allows remote attackers to execute arbitrary
code or cause a denial of service (application crash) via a crafted
TIFF image with JPEG encoding (CVE-2011-0191).
Heap-based buffer overflow in the thunder (aka ThunderScan) decoder
in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers
to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a
.tiff file that has an unexpected BitsPerSample value (CVE-2011-1167).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0191
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1167
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.0:
469f83f325486ac28efade864c4c04dd 2009.0/i586/libtiff3-3.8.2-12.5mdv2009.0.i586.rpm
60ed02c79ace2efc9d360c6a254484d8 2009.0/i586/libtiff3-devel-3.8.2-12.5mdv2009.0.i586.rpm
9eec6c7a71319a0dbe42043e3ce0143c 2009.0/i586/libtiff3-static-devel-3.8.2-12.5mdv2009.0.i586.rpm
c83359e62f148232dbf4716c3db1da27 2009.0/i586/libtiff-progs-3.8.2-12.5mdv2009.0.i586.rpm
394324226f6347b8adde7d5a3b94e616 2009.0/SRPMS/libtiff-3.8.2-12.5mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
12d1c6b013d1001804dcff1607ba0cbf 2009.0/x86_64/lib64tiff3-3.8.2-12.5mdv2009.0.x86_64.rpm
7160228a5f9eb015f7c39b034e4168fe 2009.0/x86_64/lib64tiff3-devel-3.8.2-12.5mdv2009.0.x86_64.rpm
dd60de9c42e6e6db115866b0729d11a6 2009.0/x86_64/lib64tiff3-static-devel-3.8.2-12.5mdv2009.0.x86_64.rpm
019b6c2c67897e9e15b61c5bd5290d7c 2009.0/x86_64/libtiff-progs-3.8.2-12.5mdv2009.0.x86_64.rpm
394324226f6347b8adde7d5a3b94e616 2009.0/SRPMS/libtiff-3.8.2-12.5mdv2009.0.src.rpm
Mandriva Linux 2010.0:
516da8a4ac19bd931ec94c948e2202b3 2010.0/i586/libtiff3-3.9.1-4.4mdv2010.0.i586.rpm
bb474b98be4cee2d5ce83b18a97e0b0a 2010.0/i586/libtiff-devel-3.9.1-4.4mdv2010.0.i586.rpm
91bbafe5b93099fa6bc91a4ae2c792c5 2010.0/i586/libtiff-progs-3.9.1-4.4mdv2010.0.i586.rpm
cfe592e3c30c76e9e814c828f4e9c850 2010.0/i586/libtiff-static-devel-3.9.1-4.4mdv2010.0.i586.rpm
82734445474583997f82f61a6bca5477 2010.0/SRPMS/libtiff-3.9.1-4.4mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
89d02f64104cdeefcfff27251ac493e3 2010.0/x86_64/lib64tiff3-3.9.1-4.4mdv2010.0.x86_64.rpm
184361a7a031fd0040ef210289e659ad 2010.0/x86_64/lib64tiff-devel-3.9.1-4.4mdv2010.0.x86_64.rpm
ea63a95bea50aa8c6173b7e018b52c16 2010.0/x86_64/lib64tiff-static-devel-3.9.1-4.4mdv2010.0.x86_64.rpm
b683c3de7768e3be291f3cd0810f29f7 2010.0/x86_64/libtiff-progs-3.9.1-4.4mdv2010.0.x86_64.rpm
82734445474583997f82f61a6bca5477 2010.0/SRPMS/libtiff-3.9.1-4.4mdv2010.0.src.rpm
Mandriva Linux 2010.1:
6cae776a3869cba91324d4db8c3e445b 2010.1/i586/libtiff3-3.9.2-2.4mdv2010.2.i586.rpm
9eb7c8e16bdccb2a08bbd51b842d6b8a 2010.1/i586/libtiff-devel-3.9.2-2.4mdv2010.2.i586.rpm
b22f03fcab8549799bd989a1ac5b9505 2010.1/i586/libtiff-progs-3.9.2-2.4mdv2010.2.i586.rpm
5207df22c3ce3a1dc5487e5a9f1386f5 2010.1/i586/libtiff-static-devel-3.9.2-2.4mdv2010.2.i586.rpm
edc5ff22e092f6c0c761ea064beec57e 2010.1/SRPMS/libtiff-3.9.2-2.4mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64:
fead69647d8429a2e0f3bde99440a81e 2010.1/x86_64/lib64tiff3-3.9.2-2.4mdv2010.2.x86_64.rpm
f8eefcab2c69e31dc9e59b7c5fd1370a 2010.1/x86_64/lib64tiff-devel-3.9.2-2.4mdv2010.2.x86_64.rpm
a14aa71d4721718fc2312f04b76163db 2010.1/x86_64/lib64tiff-static-devel-3.9.2-2.4mdv2010.2.x86_64.rpm
cd214410be00ea40859776ac4f95f1da 2010.1/x86_64/libtiff-progs-3.9.2-2.4mdv2010.2.x86_64.rpm
edc5ff22e092f6c0c761ea064beec57e 2010.1/SRPMS/libtiff-3.9.2-2.4mdv2010.2.src.rpm
Corporate 4.0:
26f8d583111883193418679358070dac corporate/4.0/i586/libtiff3-3.6.1-12.11.20060mlcs4.i586.rpm
6cc27c218fc154873d80b9f20d0026a0 corporate/4.0/i586/libtiff3-devel-3.6.1-12.11.20060mlcs4.i586.rpm
d2cc27f255b5c06ac0270501742d075a corporate/4.0/i586/libtiff3-static-devel-3.6.1-12.11.20060mlcs4.i586.rpm
1dce21141558e525afac04376ee88b0e corporate/4.0/i586/libtiff-progs-3.6.1-12.11.20060mlcs4.i586.rpm
b71b082cfc6e374765bdcc433074876e corporate/4.0/SRPMS/libtiff-3.6.1-12.11.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
909321cebadb1a6a98363111aafaa51f corporate/4.0/x86_64/lib64tiff3-3.6.1-12.11.20060mlcs4.x86_64.rpm
1e65799b8f71945b8577caa953f26f1a corporate/4.0/x86_64/lib64tiff3-devel-3.6.1-12.11.20060mlcs4.x86_64.rpm
e0f3f375533db24c097249e2865d67c5 corporate/4.0/x86_64/lib64tiff3-static-devel-3.6.1-12.11.20060mlcs4.x86_64.rpm
45d3bf776d6b0bf18b6dd475719d5109 corporate/4.0/x86_64/libtiff-progs-3.6.1-12.11.20060mlcs4.x86_64.rpm
b71b082cfc6e374765bdcc433074876e corporate/4.0/SRPMS/libtiff-3.6.1-12.11.20060mlcs4.src.rpm
Mandriva Enterprise Server 5:
0e74dc01232af741c73b5429222c104b mes5/i586/libtiff3-3.8.2-12.5mdvmes5.2.i586.rpm
cf4880e23bca7320947faffb7493fe1c mes5/i586/libtiff3-devel-3.8.2-12.5mdvmes5.2.i586.rpm
35e2c51269229b05e8127d8ff7a70559 mes5/i586/libtiff3-static-devel-3.8.2-12.5mdvmes5.2.i586.rpm
053e112ce08dee96024c78cf1cc62c68 mes5/i586/libtiff-progs-3.8.2-12.5mdvmes5.2.i586.rpm
b11fe44b7f27853a08cb447713ba2b5d mes5/SRPMS/libtiff-3.8.2-12.5mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
8b9eee08db52a402ff116c6f4f66e1cc mes5/x86_64/lib64tiff3-3.8.2-12.5mdvmes5.2.x86_64.rpm
ae5a101036721b2f2cb852861dd9195a mes5/x86_64/lib64tiff3-devel-3.8.2-12.5mdvmes5.2.x86_64.rpm
deb731157dd46e649eb01fb66bb9c4ca mes5/x86_64/lib64tiff3-static-devel-3.8.2-12.5mdvmes5.2.x86_64.rpm
cf1e27dfce8783ba6dfa4d0d07949f8d mes5/x86_64/libtiff-progs-3.8.2-12.5mdvmes5.2.x86_64.rpm
b11fe44b7f27853a08cb447713ba2b5d mes5/SRPMS/libtiff-3.8.2-12.5mdvmes5.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFNmbcVmqjQ0CJFipgRAhpFAKCtkISR0abadP0ESPSt/5N9ZMtkHQCggcfu
Vxz/7h+yOk4y1oCT/+u7P34=
=+u6N
-----END PGP SIGNATURE-----