exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2009-150

Mandriva Linux Security Advisory 2009-150
Posted Jul 13, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-150 - Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327. Fix several places in tiff2rgba and rgb2ycbcr that were being careless about possible integer overflow in calculation of buffer sizes. This update provides fixes for these vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability
systems | linux, mandriva
advisories | CVE-2009-2285, CVE-2009-2347
SHA-256 | 10574ff24efb8275b0d6a98f173fd59b823216304e43547bd800fc89a9846c46
Download | Favorite | View

Mandriva Linux Security Advisory 2009-150

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:150
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : libtiff
 Date    : July 13, 2009
 Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0,
           Multi Network Firewall 2.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been found and corrected in libtiff:
 
 Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2
 allows context-dependent attackers to cause a denial of service (crash)
 via a crafted TIFF image, a different vulnerability than CVE-2008-2327
 (CVE-2009-2285).
 
 Fix several places in tiff2rgba and rgb2ycbcr that were being careless
 about possible integer overflow in calculation of buffer sizes
 (CVE-2009-2347).
 
 This update provides fixes for these vulnerabilities.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2285
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2347
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.1:
 7c56d843d17efce1717654ceb4efe3e1  2008.1/i586/libtiff3-3.8.2-10.2mdv2008.1.i586.rpm
 9d02ed754eafe7a33b2fb4b5a8e7b1d1  2008.1/i586/libtiff3-devel-3.8.2-10.2mdv2008.1.i586.rpm
 619b12e1013c645db1aca659b1ea6805  2008.1/i586/libtiff3-static-devel-3.8.2-10.2mdv2008.1.i586.rpm
 5d94641411d637493e7e413045fa82a9  2008.1/i586/libtiff-progs-3.8.2-10.2mdv2008.1.i586.rpm 
 73795a036f1b81ca0c1233df6f7d8fad  2008.1/SRPMS/libtiff-3.8.2-10.2mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 52e0eb4a0230bbdb245b787ba53c0903  2008.1/x86_64/lib64tiff3-3.8.2-10.2mdv2008.1.x86_64.rpm
 147525496bca6fcee3a741f2350e8441  2008.1/x86_64/lib64tiff3-devel-3.8.2-10.2mdv2008.1.x86_64.rpm
 c4ed6f9405dcb64edfebba00272f7596  2008.1/x86_64/lib64tiff3-static-devel-3.8.2-10.2mdv2008.1.x86_64.rpm
 0844ecf1e6941fbde9fc358e34a3136e  2008.1/x86_64/libtiff-progs-3.8.2-10.2mdv2008.1.x86_64.rpm 
 73795a036f1b81ca0c1233df6f7d8fad  2008.1/SRPMS/libtiff-3.8.2-10.2mdv2008.1.src.rpm

 Mandriva Linux 2009.0:
 75efa7472bffceaecb10016c22621de7  2009.0/i586/libtiff3-3.8.2-12.1mdv2009.0.i586.rpm
 aa82f5e49bb942688cbc85d55318b290  2009.0/i586/libtiff3-devel-3.8.2-12.1mdv2009.0.i586.rpm
 0a93799b79a70ab2a900d12030907e78  2009.0/i586/libtiff3-static-devel-3.8.2-12.1mdv2009.0.i586.rpm
 efe9ac463f0b551859c8349c8c63e288  2009.0/i586/libtiff-progs-3.8.2-12.1mdv2009.0.i586.rpm 
 52799196d155f1582dbf5a76ffd93e0e  2009.0/SRPMS/libtiff-3.8.2-12.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 89138d743bbf89abf1f0f879bc2ed829  2009.0/x86_64/lib64tiff3-3.8.2-12.1mdv2009.0.x86_64.rpm
 f5f55f26af4641878dc3a057a764f83a  2009.0/x86_64/lib64tiff3-devel-3.8.2-12.1mdv2009.0.x86_64.rpm
 5a99217d3a034504b4fc4d120764d793  2009.0/x86_64/lib64tiff3-static-devel-3.8.2-12.1mdv2009.0.x86_64.rpm
 5abd09147419ec5b4008306a424c22d8  2009.0/x86_64/libtiff-progs-3.8.2-12.1mdv2009.0.x86_64.rpm 
 52799196d155f1582dbf5a76ffd93e0e  2009.0/SRPMS/libtiff-3.8.2-12.1mdv2009.0.src.rpm

 Mandriva Linux 2009.1:
 0a1eace7d782a42df040267874fed9f1  2009.1/i586/libtiff3-3.8.2-13.1mdv2009.1.i586.rpm
 7dd6bd104131b115130e6feeba9d4766  2009.1/i586/libtiff3-devel-3.8.2-13.1mdv2009.1.i586.rpm
 32658d8a98def2e32a757bfb6ea64d28  2009.1/i586/libtiff3-static-devel-3.8.2-13.1mdv2009.1.i586.rpm
 53d18d66fc849a6128e5961d95892e7c  2009.1/i586/libtiff-progs-3.8.2-13.1mdv2009.1.i586.rpm 
 27b6b2d285832c2ab5e8a2c25a6102b3  2009.1/SRPMS/libtiff-3.8.2-13.1mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 26516d312785c5f9e2a5f37e1651ffbb  2009.1/x86_64/lib64tiff3-3.8.2-13.1mdv2009.1.x86_64.rpm
 91e72dcc4d1866b7978dfcd493393d2e  2009.1/x86_64/lib64tiff3-devel-3.8.2-13.1mdv2009.1.x86_64.rpm
 9a4d6177df03395106d00e7f8a009e2b  2009.1/x86_64/lib64tiff3-static-devel-3.8.2-13.1mdv2009.1.x86_64.rpm
 b0cffa6ebb21e850847089cad50f1e7a  2009.1/x86_64/libtiff-progs-3.8.2-13.1mdv2009.1.x86_64.rpm 
 27b6b2d285832c2ab5e8a2c25a6102b3  2009.1/SRPMS/libtiff-3.8.2-13.1mdv2009.1.src.rpm

 Corporate 3.0:
 5e5facf365d83f647ba3b1c0afecb8c8  corporate/3.0/i586/libtiff3-3.5.7-11.15.C30mdk.i586.rpm
 288ab11a153d4df48c4fadadfab0b653  corporate/3.0/i586/libtiff3-devel-3.5.7-11.15.C30mdk.i586.rpm
 0fa52891fc9cafff6d4b6de9d8a23262  corporate/3.0/i586/libtiff3-static-devel-3.5.7-11.15.C30mdk.i586.rpm
 c4ba5b9ab1caf7cff8addc84d778f4d4  corporate/3.0/i586/libtiff-progs-3.5.7-11.15.C30mdk.i586.rpm 
 72c81050e7296c63de08282f2f369283  corporate/3.0/SRPMS/libtiff-3.5.7-11.15.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 092479cb8de7b269197d06595b68f71c  corporate/3.0/x86_64/lib64tiff3-3.5.7-11.15.C30mdk.x86_64.rpm
 ea7f46c3e639d24f40449b599f5b2382  corporate/3.0/x86_64/lib64tiff3-devel-3.5.7-11.15.C30mdk.x86_64.rpm
 b414cd225488b9a68bbfc611fc72924f  corporate/3.0/x86_64/lib64tiff3-static-devel-3.5.7-11.15.C30mdk.x86_64.rpm
 9f008c60f557b086915e65e78a56ecfd  corporate/3.0/x86_64/libtiff-progs-3.5.7-11.15.C30mdk.x86_64.rpm 
 72c81050e7296c63de08282f2f369283  corporate/3.0/SRPMS/libtiff-3.5.7-11.15.C30mdk.src.rpm

 Corporate 4.0:
 25cd088ef8715634db5dedd68611125e  corporate/4.0/i586/libtiff3-3.6.1-12.8.20060mlcs4.i586.rpm
 e0df8bc6f18fa4e8585734a1541e6849  corporate/4.0/i586/libtiff3-devel-3.6.1-12.8.20060mlcs4.i586.rpm
 b44feabddefea2f192782b6ae313045c  corporate/4.0/i586/libtiff3-static-devel-3.6.1-12.8.20060mlcs4.i586.rpm
 8beb0af53dd07fb685c61a507dda9a00  corporate/4.0/i586/libtiff-progs-3.6.1-12.8.20060mlcs4.i586.rpm 
 b205c0dc185b0a55bd5521d3f6e416f0  corporate/4.0/SRPMS/libtiff-3.6.1-12.8.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 36e6479eacb594dfbb34deff16b99ba5  corporate/4.0/x86_64/lib64tiff3-3.6.1-12.8.20060mlcs4.x86_64.rpm
 0c37e2b3981cb44f25734ad4903aad11  corporate/4.0/x86_64/lib64tiff3-devel-3.6.1-12.8.20060mlcs4.x86_64.rpm
 08a1408d4aef9a858900c2e7444d2b66  corporate/4.0/x86_64/lib64tiff3-static-devel-3.6.1-12.8.20060mlcs4.x86_64.rpm
 ff20e3e86ddb53df420bb3ce78f894ac  corporate/4.0/x86_64/libtiff-progs-3.6.1-12.8.20060mlcs4.x86_64.rpm 
 b205c0dc185b0a55bd5521d3f6e416f0  corporate/4.0/SRPMS/libtiff-3.6.1-12.8.20060mlcs4.src.rpm

 Multi Network Firewall 2.0:
 134c05da89014e53836b7e6a230a766d  mnf/2.0/i586/libtiff3-3.5.7-11.15.C30mdk.i586.rpm
 81c805e63e9c9c98e135c9b7a6cc1925  mnf/2.0/i586/libtiff3-devel-3.5.7-11.15.C30mdk.i586.rpm
 9aa2e598ce292505a2ef2f3718401e05  mnf/2.0/i586/libtiff3-static-devel-3.5.7-11.15.C30mdk.i586.rpm
 cefb377ab47ead9e47594e9b9e78b676  mnf/2.0/i586/libtiff-progs-3.5.7-11.15.C30mdk.i586.rpm 
 b34af1bd2ec1986ff9dc65efe5d87c43  mnf/2.0/SRPMS/libtiff-3.5.7-11.15.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKW3ZnmqjQ0CJFipgRAnkvAJ98BXT7+cg9tL9H8hucbF5UmcpcPQCgko2O
HW+jXwDDqrNF1u8bY2AmHLA=
=vJdX
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    8 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    11 Files
  • 23
    Apr 23rd
    68 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close