MGASA-2013-0142
| Date: | May 9th, 2013 |
| Affected releases: | 2 |
| Media: | Core |
Description:
Updated libtiff packages fix security vulnerabilities:
A heap-based buffer overflow flaw was found in the way tiff2pdf of libtiff
performed write of TIFF image content into particular PDF document file,
in the tp_process_jpeg_strip() function. A remote attacker could provide a
specially-crafted TIFF image format file, that when processed by tiff2pdf
would lead to tiff2pdf executable crash or, potentially, arbitrary code
execution with the privileges of the user running the tiff2pdf binary
(CVE-2013-1960).
A stack-based buffer overflow was found in the way tiff2pdf of libtiff
performed write of TIFF image content into particular PDF document file,
when malformed image-length and resolution values are used in the TIFF
file. A remote attacker could provide a specially-crafted TIFF image
format file, that when processed by tiff2pdf would lead to tiff2pdf
executable crash (CVE-2013-1961).
Updated Packages:
i586:
libtiff5-4.0.1-2.6.mga2.i586.rpm
libtiff-devel-4.0.1-2.6.mga2.i586.rpm
libtiff-progs-4.0.1-2.6.mga2.i586.rpm
libtiff-static-devel-4.0.1-2.6.mga2.i586.rpm
libtiff-debug-4.0.1-2.6.mga2.i586.rpm
x86_64:
lib64tiff5-4.0.1-2.6.mga2.x86_64.rpm
lib64tiff-devel-4.0.1-2.6.mga2.x86_64.rpm
lib64tiff-static-devel-4.0.1-2.6.mga2.x86_64.rpm
libtiff-progs-4.0.1-2.6.mga2.x86_64.rpm
libtiff-debug-4.0.1-2.6.mga2.x86_64.rpm
SRPMS:
libtiff-4.0.1-2.6.mga2.src.rpm
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1960
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1961
https://bugzilla.redhat.com/show_bug.cgi?id=952158
https://bugzilla.redhat.com/show_bug.cgi?id=952131
https://bugs.mageia.org/show_bug.cgi?id=9970
