|
|
Log in / Subscribe / Register

Mageia alert MGASA-2016-0017 (libtiff)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2016-0017: Updated libtiff package fixes security vulnerabilities 


Date:
    	      Thu, 14 Jan 2016 02:45:14 +0100


Message-ID:
    	      <20160114014514.2511721C247@valstar.mageia.org>


MGASA-2016-0017 - Updated libtiff package fixes security vulnerabilities

Publication date: 14 Jan 2016
URL: http://advisories.mageia.org/MGASA-2016-0017.html
Type: security
Affected Mageia releases: 5
CVE: CVE-2015-1547,
     CVE-2015-8665,
     CVE-2015-8683

Description:
In libtiff, in tif_next.c, a potential out-of-bound write in NeXTDecode()
triggered by the test case for CVE-2015-1547 (maptools bugzilla #2508).

In libtiff, in tif_getimage.c, out-of-bound reads in the TIFFRGBAImage
interface in case of unsupported values of SamplesPerPixel/ExtraSamples
for LogLUV / CIELab (CVE-2015-8665, CVE-2015-8683).

References:
- https://bugs.mageia.org/show_bug.cgi?id=15519
- http://bugzilla.maptools.org/show_bug.cgi?id=2508
- http://openwall.com/lists/oss-security/2015/12/24/4
- http://openwall.com/lists/oss-security/2015/12/26/1
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1547
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8665
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8683

SRPMS:
- 5/core/libtiff-4.0.6-1.2.mga5
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds