exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2011-064

Mandriva Linux Security Advisory 2011-064
Posted Apr 4, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-064 - Buffer overflow in LibTIFF allows remote attackers to execute arbitrary code or cause a denial of service via a crafted TIFF image with JPEG encoding. Heap-based buffer overflow in the thunder decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a.tiff file that has an unexpected BitsPerSample value.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2011-0191, CVE-2011-1167
SHA-256 | 6ac748ece14189ec17ddd69410b44f068bff96190b2fe40bcf033768554b799f
Download | Favorite | View

Mandriva Linux Security Advisory 2011-064

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2011:064
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : libtiff
 Date    : April 4, 2011
 Affected: 2009.0, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities were discovered and corrected in libtiff:
 
 Buffer overflow in LibTIFF allows remote attackers to execute arbitrary
 code or cause a denial of service (application crash) via a crafted
 TIFF image with JPEG encoding (CVE-2011-0191).
 
 Heap-based buffer overflow in the thunder (aka ThunderScan) decoder
 in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers
 to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a
 .tiff file that has an unexpected BitsPerSample value (CVE-2011-1167).
 
 Packages for 2009.0 are provided as of the Extended Maintenance
 Program. Please visit this link to learn more:
 http://store.mandriva.com/product_info.php?cPath=149&products_id=490
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0191
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1167
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 469f83f325486ac28efade864c4c04dd  2009.0/i586/libtiff3-3.8.2-12.5mdv2009.0.i586.rpm
 60ed02c79ace2efc9d360c6a254484d8  2009.0/i586/libtiff3-devel-3.8.2-12.5mdv2009.0.i586.rpm
 9eec6c7a71319a0dbe42043e3ce0143c  2009.0/i586/libtiff3-static-devel-3.8.2-12.5mdv2009.0.i586.rpm
 c83359e62f148232dbf4716c3db1da27  2009.0/i586/libtiff-progs-3.8.2-12.5mdv2009.0.i586.rpm 
 394324226f6347b8adde7d5a3b94e616  2009.0/SRPMS/libtiff-3.8.2-12.5mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 12d1c6b013d1001804dcff1607ba0cbf  2009.0/x86_64/lib64tiff3-3.8.2-12.5mdv2009.0.x86_64.rpm
 7160228a5f9eb015f7c39b034e4168fe  2009.0/x86_64/lib64tiff3-devel-3.8.2-12.5mdv2009.0.x86_64.rpm
 dd60de9c42e6e6db115866b0729d11a6  2009.0/x86_64/lib64tiff3-static-devel-3.8.2-12.5mdv2009.0.x86_64.rpm
 019b6c2c67897e9e15b61c5bd5290d7c  2009.0/x86_64/libtiff-progs-3.8.2-12.5mdv2009.0.x86_64.rpm 
 394324226f6347b8adde7d5a3b94e616  2009.0/SRPMS/libtiff-3.8.2-12.5mdv2009.0.src.rpm

 Mandriva Linux 2010.0:
 516da8a4ac19bd931ec94c948e2202b3  2010.0/i586/libtiff3-3.9.1-4.4mdv2010.0.i586.rpm
 bb474b98be4cee2d5ce83b18a97e0b0a  2010.0/i586/libtiff-devel-3.9.1-4.4mdv2010.0.i586.rpm
 91bbafe5b93099fa6bc91a4ae2c792c5  2010.0/i586/libtiff-progs-3.9.1-4.4mdv2010.0.i586.rpm
 cfe592e3c30c76e9e814c828f4e9c850  2010.0/i586/libtiff-static-devel-3.9.1-4.4mdv2010.0.i586.rpm 
 82734445474583997f82f61a6bca5477  2010.0/SRPMS/libtiff-3.9.1-4.4mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 89d02f64104cdeefcfff27251ac493e3  2010.0/x86_64/lib64tiff3-3.9.1-4.4mdv2010.0.x86_64.rpm
 184361a7a031fd0040ef210289e659ad  2010.0/x86_64/lib64tiff-devel-3.9.1-4.4mdv2010.0.x86_64.rpm
 ea63a95bea50aa8c6173b7e018b52c16  2010.0/x86_64/lib64tiff-static-devel-3.9.1-4.4mdv2010.0.x86_64.rpm
 b683c3de7768e3be291f3cd0810f29f7  2010.0/x86_64/libtiff-progs-3.9.1-4.4mdv2010.0.x86_64.rpm 
 82734445474583997f82f61a6bca5477  2010.0/SRPMS/libtiff-3.9.1-4.4mdv2010.0.src.rpm

 Mandriva Linux 2010.1:
 6cae776a3869cba91324d4db8c3e445b  2010.1/i586/libtiff3-3.9.2-2.4mdv2010.2.i586.rpm
 9eb7c8e16bdccb2a08bbd51b842d6b8a  2010.1/i586/libtiff-devel-3.9.2-2.4mdv2010.2.i586.rpm
 b22f03fcab8549799bd989a1ac5b9505  2010.1/i586/libtiff-progs-3.9.2-2.4mdv2010.2.i586.rpm
 5207df22c3ce3a1dc5487e5a9f1386f5  2010.1/i586/libtiff-static-devel-3.9.2-2.4mdv2010.2.i586.rpm 
 edc5ff22e092f6c0c761ea064beec57e  2010.1/SRPMS/libtiff-3.9.2-2.4mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 fead69647d8429a2e0f3bde99440a81e  2010.1/x86_64/lib64tiff3-3.9.2-2.4mdv2010.2.x86_64.rpm
 f8eefcab2c69e31dc9e59b7c5fd1370a  2010.1/x86_64/lib64tiff-devel-3.9.2-2.4mdv2010.2.x86_64.rpm
 a14aa71d4721718fc2312f04b76163db  2010.1/x86_64/lib64tiff-static-devel-3.9.2-2.4mdv2010.2.x86_64.rpm
 cd214410be00ea40859776ac4f95f1da  2010.1/x86_64/libtiff-progs-3.9.2-2.4mdv2010.2.x86_64.rpm 
 edc5ff22e092f6c0c761ea064beec57e  2010.1/SRPMS/libtiff-3.9.2-2.4mdv2010.2.src.rpm

 Corporate 4.0:
 26f8d583111883193418679358070dac  corporate/4.0/i586/libtiff3-3.6.1-12.11.20060mlcs4.i586.rpm
 6cc27c218fc154873d80b9f20d0026a0  corporate/4.0/i586/libtiff3-devel-3.6.1-12.11.20060mlcs4.i586.rpm
 d2cc27f255b5c06ac0270501742d075a  corporate/4.0/i586/libtiff3-static-devel-3.6.1-12.11.20060mlcs4.i586.rpm
 1dce21141558e525afac04376ee88b0e  corporate/4.0/i586/libtiff-progs-3.6.1-12.11.20060mlcs4.i586.rpm 
 b71b082cfc6e374765bdcc433074876e  corporate/4.0/SRPMS/libtiff-3.6.1-12.11.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 909321cebadb1a6a98363111aafaa51f  corporate/4.0/x86_64/lib64tiff3-3.6.1-12.11.20060mlcs4.x86_64.rpm
 1e65799b8f71945b8577caa953f26f1a  corporate/4.0/x86_64/lib64tiff3-devel-3.6.1-12.11.20060mlcs4.x86_64.rpm
 e0f3f375533db24c097249e2865d67c5  corporate/4.0/x86_64/lib64tiff3-static-devel-3.6.1-12.11.20060mlcs4.x86_64.rpm
 45d3bf776d6b0bf18b6dd475719d5109  corporate/4.0/x86_64/libtiff-progs-3.6.1-12.11.20060mlcs4.x86_64.rpm 
 b71b082cfc6e374765bdcc433074876e  corporate/4.0/SRPMS/libtiff-3.6.1-12.11.20060mlcs4.src.rpm

 Mandriva Enterprise Server 5:
 0e74dc01232af741c73b5429222c104b  mes5/i586/libtiff3-3.8.2-12.5mdvmes5.2.i586.rpm
 cf4880e23bca7320947faffb7493fe1c  mes5/i586/libtiff3-devel-3.8.2-12.5mdvmes5.2.i586.rpm
 35e2c51269229b05e8127d8ff7a70559  mes5/i586/libtiff3-static-devel-3.8.2-12.5mdvmes5.2.i586.rpm
 053e112ce08dee96024c78cf1cc62c68  mes5/i586/libtiff-progs-3.8.2-12.5mdvmes5.2.i586.rpm 
 b11fe44b7f27853a08cb447713ba2b5d  mes5/SRPMS/libtiff-3.8.2-12.5mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 8b9eee08db52a402ff116c6f4f66e1cc  mes5/x86_64/lib64tiff3-3.8.2-12.5mdvmes5.2.x86_64.rpm
 ae5a101036721b2f2cb852861dd9195a  mes5/x86_64/lib64tiff3-devel-3.8.2-12.5mdvmes5.2.x86_64.rpm
 deb731157dd46e649eb01fb66bb9c4ca  mes5/x86_64/lib64tiff3-static-devel-3.8.2-12.5mdvmes5.2.x86_64.rpm
 cf1e27dfce8783ba6dfa4d0d07949f8d  mes5/x86_64/libtiff-progs-3.8.2-12.5mdvmes5.2.x86_64.rpm 
 b11fe44b7f27853a08cb447713ba2b5d  mes5/SRPMS/libtiff-3.8.2-12.5mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFNmbcVmqjQ0CJFipgRAhpFAKCtkISR0abadP0ESPSt/5N9ZMtkHQCggcfu
Vxz/7h+yOk4y1oCT/+u7P34=
=+u6N
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close