Fedora Legacy Test Update Notification: libtiff
Marc Deslauriers
marcdeslauriers at videotron.ca
Sat Mar 5 18:12:19 UTC 2005
---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2005-2163
Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2163
2005-03-05
---------------------------------------------------------------------
Name : libtiff
Versions : rh7.3: libtiff-3.5.7-2.2.legacy
Versions : rh9: libtiff-3.5.7-11.2.legacy
Versions : fc1: libtiff-3.5.7-14.2.legacy
Summary : A library of functions for manipulating TIFF format image
files.
Description :
The libtiff package contains a library of functions for manipulating
TIFF (Tagged Image File Format) image format files. TIFF is a widely
used file format for bitmapped images. TIFF files usually end in the
.tif extension and they are often quite large.
---------------------------------------------------------------------
Update Information:
Updated libtiff packages that fix various buffer and integer overflows
are now available.
The libtiff package contains a library of functions for manipulating
TIFF (Tagged Image File Format) image format files.
During a source code audit, Chris Evans discovered a number of integer
overflow bugs that affect libtiff. An attacker who has the ability to
trick a user into opening a malicious TIFF file could cause the
application linked to libtiff to crash or possibly execute arbitrary
code. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CAN-2004-0886 and CAN-2004-0804 to these issues.
Additionally, a number of buffer overflow bugs that affect libtiff have
been found. An attacker who has the ability to trick a user into opening
a malicious TIFF file could cause the application linked to libtiff to
crash or possibly execute arbitrary code. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0803 to
this issue.
iDEFENSE has reported an integer overflow bug that affects libtiff. An
attacker who has the ability to trick a user into opening a malicious
TIFF file could cause the application linked to libtiff to crash or
possibly execute arbitrary code. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-1308 to
this issue.
Dmitry V. Levin reported another integer overflow in the tiffdump
utility. An atacker who has the ability to trick a user into opening a
malicious TIFF file with tiffdump could possibly execute arbitrary code.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-1183 to this issue.
All users are advised to upgrade to these updated packages, which
contain backported fixes for these issues.
---------------------------------------------------------------------
Changelogs
rh73:
* Sat Feb 19 2005 Pekka Savola <pekkas at netcore.fi> 3.5.7-2.2.legacy
- Added security patches for CAN-2004-{1183,1308} from RHEL (#2163)
* Tue Oct 19 2004 Marc Deslauriers <marcdeslauriers at videotron.ca>
3.5.7-2.1.legacy
- Added security patches for CAN-2004-0803 and CAN-2004-0886
rh9:
* Sat Feb 19 2005 Pekka Savola <pekkas at netcore.fi> 3.5.7-11.2.legacy
- Added security patches for CAN-2004-{1183,1308} from RHEL (#2163)
* Tue Oct 19 2004 Marc Deslauriers <marcdeslauriers at videotron.ca>
3.5.7-11.1.legacy
- Added security patches for CAN-2004-0803 and CAN-2004-0886
fc1:
* Sat Feb 19 2005 Pekka Savola <pekkas at netcore.fi> 3.5.7-14.2.legacy
- Added security patches for CAN-2004-{1183,1308} from RHEL (#2163)
* Tue Oct 19 2004 Marc Deslauriers <marcdeslauriers at videotron.ca>
3.5.7-14.1.legacy
- Added security patches for CAN-2004-0803 and CAN-2004-0886
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedoralegacy.org/
(sha1sums)
rh7.3:
524fd6c80901dbd665cfbf0b4ba1eea276a95cca
redhat/7.3/updates-testing/i386/libtiff-3.5.7-2.2.legacy.i386.rpm
3ced2ba5eac07c60515a41d73dbfb0df36cfc962
redhat/7.3/updates-testing/i386/libtiff-devel-3.5.7-2.2.legacy.i386.rpm
864581d2f1d76fcc5d0540173338a84a7a3ffe80
redhat/7.3/updates-testing/SRPMS/libtiff-3.5.7-2.2.legacy.src.rpm
rh9:
a17298a3be3e3d6f7fce2108ac226ff8ef26ee39
redhat/9/updates-testing/i386/libtiff-3.5.7-11.2.legacy.i386.rpm
b35700b8e8ee819565998a033f484ebd7e837646
redhat/9/updates-testing/i386/libtiff-devel-3.5.7-11.2.legacy.i386.rpm
2024a97a377a37851d3a4be92403eaad0a7b1be2
redhat/9/updates-testing/SRPMS/libtiff-3.5.7-11.2.legacy.src.rpm
fc1:
8dd2d8035eaf4b0e41cc7ac68536b752387a1cc8
fedora/1/updates-testing/i386/libtiff-3.5.7-14.2.legacy.i386.rpm
4475fb4f26ab358d1c9bf8b6e8da060eace1a8dd
fedora/1/updates-testing/i386/libtiff-devel-3.5.7-14.2.legacy.i386.rpm
f854a97125ca806b9a1c04c985f9939c6b6f7611
fedora/1/updates-testing/SRPMS/libtiff-3.5.7-14.2.legacy.src.rpm
---------------------------------------------------------------------
Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20050305/f106f86e/attachment.sig>
More information about the fedora-legacy-list
mailing list