|
|
Subscribe / Log in / New account

Mageia alert MGASA-2016-0361 (libtiff)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2016-0361: Updated libtiff packages fix security vulnerability 


Date:
    	      Wed, 2 Nov 2016 09:44:02 +0100


Message-ID:
    	      <20161102084402.281CC9F79D@duvel.mageia.org>


MGASA-2016-0361 - Updated libtiff packages fix security vulnerability

Publication date: 02 Nov 2016
URL: http://advisories.mageia.org/MGASA-2016-0361.html
Type: security
Affected Mageia releases: 5
CVE: CVE-2014-8127,
     CVE-2016-3658

Description:
The TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in
the tiffset tool in LibTIFF 4.0.6 and earlier allows remote attackers to
cause a denial of service (out-of-bounds read) via vectors involving the
ma variable (CVE-2016-3658).

They also fix:

An out-of-bound read of up to 3 bytes in readContigTilesIntoBuffer().

An out-of-bound read on some tiled images.

Segfault when specifying -r without argument (fax2tiff).

References:
- https://bugs.mageia.org/show_bug.cgi?id=19688
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8127
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3658

SRPMS:
- 5/core/libtiff-4.0.6-1.5.mga5
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds