| From: |
| Mageia Updates <buildsystem-daemon@mageia.org> |
| To: |
| updates-announce@ml.mageia.org |
| Subject: |
| [updates-announce] MGASA-2013-0291: Updated libtiff package fixes security vulnerability |
| Date: |
| Tue, 24 Sep 2013 23:43:56 +0200 |
| Message-ID: |
| <20130924214357.0126E5B14B@valstar.mageia.org> |
| Archive-link: |
| Article, Thread
|
MGASA-2013-0291 - Updated libtiff package fixes security vulnerability
Publication date: 24 Sep 2013
URL: http://advisories.mageia.org/MGASA-2013-0291.html
Type: security
Affected Mageia releases: 2, 3
CVE: CVE-2013-4243
Description:
A possible heap-based buffer overflow flaw was found in the readgifimage
function in gif2tiff, a tool to convert GIF images to TIFF. A remote
attacker could provide a specially-crafted GIF file that, when processed
by gif2tiff, would cause gif2tiff to crash or, potentially, execute
arbitrary code with the privileges of the user running gif2tiff
(CVE-2013-4243).
References:
- https://bugs.mageia.org/show_bug.cgi?id=11281
- http://lists.opensuse.org/opensuse-updates/2013-09/msg000...
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4243
SRPMS:
- 3/core/libtiff-4.0.3-4.3.mga3
- 2/core/libtiff-4.0.1-2.9.mga2
(
Log in to post comments)
