Advisories
Mandriva Advisories
|
 |
| Problem Description |
Wouter Hanegraaff discovered that the TIFF library did not sufficiently
validate the "YCbCr subsampling" value in TIFF image headers. Decoding
a malicious image with a zero value resulted in an arithmetic exception,
which can cause a program that uses the TIFF library to crash.
The updated packages are patched to protect against this vulnerability.
| Updated Packages |
Mandrakelinux 10.0
cc0fa1b1b5fd12c4083cc9eb98a5458f 10.0/RPMS/libtiff-progs-3.5.7-11.7.100mdk.i586.rpm 8fb0219e7d642d2fdc241d8927421d48 10.0/RPMS/libtiff3-3.5.7-11.7.100mdk.i586.rpm cbfd4d23c8ac8562c92e55a035d80a67 10.0/RPMS/libtiff3-devel-3.5.7-11.7.100mdk.i586.rpm e74038d540e7d00a1b050f7b26cd56a9 10.0/RPMS/libtiff3-static-devel-3.5.7-11.7.100mdk.i586.rpm f7d3fce17d5e63a28f9438a29e640aa4 10.0/SRPMS/libtiff-3.5.7-11.7.100mdk.src.rpm
Mandrakelinux 10.0/AMD64
a3b989bdce7af31d4886466ff1441526 amd64/10.0/RPMS/lib64tiff3-3.5.7-11.7.100mdk.amd64.rpm 97d58685556a85cb2ab884f7ebadb536 amd64/10.0/RPMS/lib64tiff3-devel-3.5.7-11.7.100mdk.amd64.rpm 8b8ddac45016f59118a7779ff6d027c6 amd64/10.0/RPMS/lib64tiff3-static-devel-3.5.7-11.7.100mdk.amd64.rpm 30c99b6bb385cd3dfc98d50c8a3c9196 amd64/10.0/RPMS/libtiff-progs-3.5.7-11.7.100mdk.amd64.rpm f7d3fce17d5e63a28f9438a29e640aa4 amd64/10.0/SRPMS/libtiff-3.5.7-11.7.100mdk.src.rpm
Mandrakelinux 10.1
c76c200a605c1f0584782fb49518e29d 10.1/RPMS/libtiff-progs-3.6.1-4.4.101mdk.i586.rpm 773afaac9d2ed45b124216a7b8059f55 10.1/RPMS/libtiff3-3.6.1-4.4.101mdk.i586.rpm bcc744f04a6a8b772fa3c63ad5e5bda3 10.1/RPMS/libtiff3-devel-3.6.1-4.4.101mdk.i586.rpm c2f0a831fc371041221c54f288e99bb2 10.1/RPMS/libtiff3-static-devel-3.6.1-4.4.101mdk.i586.rpm 835e5009fabee9050f055d951a3d0f8a 10.1/SRPMS/libtiff-3.6.1-4.4.101mdk.src.rpm
Mandrakelinux 10.1/X86_64
d2cec129a11f6c1181c486eed8a024ab x86_64/10.1/RPMS/lib64tiff3-3.6.1-4.4.101mdk.x86_64.rpm 73321d2e2a109f6993c8e44879284139 x86_64/10.1/RPMS/lib64tiff3-devel-3.6.1-4.4.101mdk.x86_64.rpm 28f7ea7a0ee1954a64e0c9d1ca17f224 x86_64/10.1/RPMS/lib64tiff3-static-devel-3.6.1-4.4.101mdk.x86_64.rpm f2c2b82c083d035f32e105437c00ef40 x86_64/10.1/RPMS/libtiff-progs-3.6.1-4.4.101mdk.x86_64.rpm 835e5009fabee9050f055d951a3d0f8a x86_64/10.1/SRPMS/libtiff-3.6.1-4.4.101mdk.src.rpm
Corporate Server 2.1
e17fd0f6fdf37c67d7cc94223806b652 corporate/2.1/RPMS/libtiff3-3.5.7-6.2.C21mdk.i586.rpm ae1dee85cddb636fa9126fd14e5c9384 corporate/2.1/RPMS/libtiff3-devel-3.5.7-6.2.C21mdk.i586.rpm 659cc8d21c830f379ebf92d45fe92b0c corporate/2.1/RPMS/libtiff3-progs-3.5.7-6.2.C21mdk.i586.rpm 473e992205374da87b91cb8fdd9b6d65 corporate/2.1/RPMS/libtiff3-static-devel-3.5.7-6.2.C21mdk.i586.rpm 261d009314678a8e54d903234e53f2d5 corporate/2.1/SRPMS/libtiff-3.5.7-6.2.C21mdk.src.rpm
Corporate Server 2.1/X86_64
b9a3c705853bfc458adbbe7b9b35292c x86_64/corporate/2.1/RPMS/libtiff3-3.5.7-6.2.C21mdk.x86_64.rpm ccb61469627ec442bbb1606e2c5493fe x86_64/corporate/2.1/RPMS/libtiff3-devel-3.5.7-6.2.C21mdk.x86_64.rpm ed0414cff8b668737b401b3874295fb0 x86_64/corporate/2.1/RPMS/libtiff3-progs-3.5.7-6.2.C21mdk.x86_64.rpm 2cb106b7e639a4adbf866fcf0bcb95a2 x86_64/corporate/2.1/RPMS/libtiff3-static-devel-3.5.7-6.2.C21mdk.x86_64.rpm 261d009314678a8e54d903234e53f2d5 x86_64/corporate/2.1/SRPMS/libtiff-3.5.7-6.2.C21mdk.src.rpm
Corporate Server 3.0
5d467dc33e472e58f78111bef860b052 corporate/3.0/RPMS/libtiff-progs-3.5.7-11.7.C30mdk.i586.rpm c6e92b32bb20db8d058299b3da175a55 corporate/3.0/RPMS/libtiff3-3.5.7-11.7.C30mdk.i586.rpm e104fdfdfc2e3df51e459a5e56169c41 corporate/3.0/RPMS/libtiff3-devel-3.5.7-11.7.C30mdk.i586.rpm e725905e66036c32093aaa4b478e5c6a corporate/3.0/RPMS/libtiff3-static-devel-3.5.7-11.7.C30mdk.i586.rpm 6bd7338ff5198c5f9edd77b31ecf7190 corporate/3.0/SRPMS/libtiff-3.5.7-11.7.C30mdk.src.rpm
Corporate Server 3.0/X86_64
3c87ea4b94f226decf5a8e751ec9ad17 x86_64/corporate/3.0/RPMS/lib64tiff3-3.5.7-11.7.C30mdk.x86_64.rpm 5b5663889c26d6c52de85dc300bcab18 x86_64/corporate/3.0/RPMS/lib64tiff3-devel-3.5.7-11.7.C30mdk.x86_64.rpm aa63bf920d4c74f6ce6cabc896846241 x86_64/corporate/3.0/RPMS/lib64tiff3-static-devel-3.5.7-11.7.C30mdk.x86_64.rpm 022ac2f20e0c349d7dcce42e6cbe7a6c x86_64/corporate/3.0/RPMS/libtiff-progs-3.5.7-11.7.C30mdk.x86_64.rpm 6bd7338ff5198c5f9edd77b31ecf7190 x86_64/corporate/3.0/SRPMS/libtiff-3.5.7-11.7.C30mdk.src.rpm
Multi Network Firewall 2.0
29096b79d63f19c6e6602b6fe8859bae mnf/2.0/RPMS/libtiff3-3.5.7-11.7.M20mdk.i586.rpm 6983f0e032014df1ffeeb14306e5d410 mnf/2.0/SRPMS/libtiff-3.5.7-11.7.M20mdk.src.rpm
Mandriva Linux LE2005
ddfec22eb079ad3e3c3e181581a32515 10.2/RPMS/libtiff-progs-3.6.1-11.1.102mdk.i586.rpm 85002ad26c89bd5f00f49aa7848914ed 10.2/RPMS/libtiff3-3.6.1-11.1.102mdk.i586.rpm 1680f0094d4a1f4d7783a63536992342 10.2/RPMS/libtiff3-devel-3.6.1-11.1.102mdk.i586.rpm ab5d56da0e46e583d7d5559b460c015b 10.2/RPMS/libtiff3-static-devel-3.6.1-11.1.102mdk.i586.rpm 60bd2c3885e06f49e97ed114ea22c260 10.2/SRPMS/libtiff-3.6.1-11.1.102mdk.src.rpm
Mandriva Linux LE2005/X86_64
b19a75b4230c1a67febfbbd1d7e3bd0b x86_64/10.2/RPMS/lib64tiff3-3.6.1-11.1.102mdk.x86_64.rpm dd11b518706b082c138aa4a7a427235d x86_64/10.2/RPMS/lib64tiff3-devel-3.6.1-11.1.102mdk.x86_64.rpm 78da0140db6312a7813e21da700cc129 x86_64/10.2/RPMS/lib64tiff3-static-devel-3.6.1-11.1.102mdk.x86_64.rpm 1a3d856456e521653f3f94b29b561b1d x86_64/10.2/RPMS/libtiff-progs-3.6.1-11.1.102mdk.x86_64.rpm 60bd2c3885e06f49e97ed114ea22c260 x86_64/10.2/SRPMS/libtiff-3.6.1-11.1.102mdk.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2452
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.