Fedora Legacy Test Update Notification: libtiff

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2005-2163
Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2163
2005-03-05
---------------------------------------------------------------------

Name        : libtiff
Versions    : rh7.3: libtiff-3.5.7-2.2.legacy
Versions    : rh9: libtiff-3.5.7-11.2.legacy
Versions    : fc1: libtiff-3.5.7-14.2.legacy
Summary     : A library of functions for manipulating TIFF format image
              files.
Description :
The libtiff package contains a library of functions for manipulating
TIFF (Tagged Image File Format) image format files. TIFF is a widely
used file format for bitmapped images. TIFF files usually end in the
.tif extension and they are often quite large.

---------------------------------------------------------------------
Update Information:

Updated libtiff packages that fix various buffer and integer overflows
are now available.

The libtiff package contains a library of functions for manipulating
TIFF (Tagged Image File Format) image format files.

During a source code audit, Chris Evans discovered a number of integer
overflow bugs that affect libtiff. An attacker who has the ability to
trick a user into opening a malicious TIFF file could cause the
application linked to libtiff to crash or possibly execute arbitrary
code. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CAN-2004-0886 and CAN-2004-0804 to these issues.

Additionally, a number of buffer overflow bugs that affect libtiff have
been found. An attacker who has the ability to trick a user into opening
a malicious TIFF file could cause the application linked to libtiff to
crash or possibly execute arbitrary code. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0803 to
this issue.

iDEFENSE has reported an integer overflow bug that affects libtiff. An
attacker who has the ability to trick a user into opening a malicious
TIFF file could cause the application linked to libtiff to crash or
possibly execute arbitrary code. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-1308 to
this issue.

Dmitry V. Levin reported another integer overflow in the tiffdump
utility. An atacker who has the ability to trick a user into opening a
malicious TIFF file with tiffdump could possibly execute arbitrary code.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-1183 to this issue.

All users are advised to upgrade to these updated packages, which
contain backported fixes for these issues.

---------------------------------------------------------------------
Changelogs

rh73:
* Sat Feb 19 2005 Pekka Savola <pekkas@xxxxxxxxxx> 3.5.7-2.2.legacy
- Added security patches for CAN-2004-{1183,1308} from RHEL (#2163)

* Tue Oct 19 2004 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 3.5.7-2.1.legacy
- Added security patches for CAN-2004-0803 and CAN-2004-0886

rh9:
* Sat Feb 19 2005 Pekka Savola <pekkas@xxxxxxxxxx> 3.5.7-11.2.legacy
- Added security patches for CAN-2004-{1183,1308} from RHEL (#2163)

* Tue Oct 19 2004 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 3.5.7-11.1.legacy
- Added security patches for CAN-2004-0803 and CAN-2004-0886

fc1:
* Sat Feb 19 2005 Pekka Savola <pekkas@xxxxxxxxxx> 3.5.7-14.2.legacy
- Added security patches for CAN-2004-{1183,1308} from RHEL (#2163)

* Tue Oct 19 2004 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 3.5.7-14.1.legacy
- Added security patches for CAN-2004-0803 and CAN-2004-0886

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/
(sha1sums)

rh7.3:
524fd6c80901dbd665cfbf0b4ba1eea276a95cca redhat/7.3/updates-testing/i386/libtiff-3.5.7-2.2.legacy.i386.rpm
3ced2ba5eac07c60515a41d73dbfb0df36cfc962 redhat/7.3/updates-testing/i386/libtiff-devel-3.5.7-2.2.legacy.i386.rpm
864581d2f1d76fcc5d0540173338a84a7a3ffe80 redhat/7.3/updates-testing/SRPMS/libtiff-3.5.7-2.2.legacy.src.rpm

rh9:
a17298a3be3e3d6f7fce2108ac226ff8ef26ee39 redhat/9/updates-testing/i386/libtiff-3.5.7-11.2.legacy.i386.rpm
b35700b8e8ee819565998a033f484ebd7e837646 redhat/9/updates-testing/i386/libtiff-devel-3.5.7-11.2.legacy.i386.rpm
2024a97a377a37851d3a4be92403eaad0a7b1be2 redhat/9/updates-testing/SRPMS/libtiff-3.5.7-11.2.legacy.src.rpm

fc1:
8dd2d8035eaf4b0e41cc7ac68536b752387a1cc8 fedora/1/updates-testing/i386/libtiff-3.5.7-14.2.legacy.i386.rpm
4475fb4f26ab358d1c9bf8b6e8da060eace1a8dd fedora/1/updates-testing/i386/libtiff-devel-3.5.7-14.2.legacy.i386.rpm
f854a97125ca806b9a1c04c985f9939c6b6f7611 fedora/1/updates-testing/SRPMS/libtiff-3.5.7-14.2.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.

Attachment: signature.asc
Description: OpenPGP digital signature

--

fedora-legacy-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-legacy-list
[Index of Archives]     [Fedora Development]     [Fedora Announce]     [Fedora Legacy Announce]     [Fedora Config]     [PAM]     [Fedora General Discussion]     [Big List of Linux Books]     [Gimp]     [Yosemite Questions]

  Powered by Linux