Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:20451
HistorySep 04, 2008 - 12:00 a.m.

[ MDVSA-2008:184 ] libtiff

2008-09-0400:00:00
vulners.com
9
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mandriva Linux Security Advisory MDVSA-2008:184
http://www.mandriva.com/security/

Package : libtiff
Date : September 3, 2008
Affected: 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0,
Multi Network Firewall 2.0

Problem Description:

Drew Yaro of the Apple Product Security Team reported multiple uses of
uninitialized values in libtiff's LZW compression algorithm decoder.
An attacker could create a carefully crafted LZW-encoded TIFF file that
would cause an application linked to libtiff to crash or potentially
execute arbitrary code (CVE-2008-2327).

The updated packages have been patched to prevent this issue.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2327

Updated Packages:

Mandriva Linux 2007.1:
5453e1e862c9516bf754ff5dd0510e99 2007.1/i586/libtiff3-3.8.2-8.1mdv2007.1.i586.rpm
c41cc4f89c2a576b31f55604020686b9 2007.1/i586/libtiff3-devel-3.8.2-8.1mdv2007.1.i586.rpm
3a84a5b36810fc04266b0e8db40cf95a 2007.1/i586/libtiff3-static-devel-3.8.2-8.1mdv2007.1.i586.rpm
2e184a5e809f31357e1238d4ffb0e7e7 2007.1/i586/libtiff-progs-3.8.2-8.1mdv2007.1.i586.rpm
6f0b7a336c92b3f6026882f16fea8e36 2007.1/SRPMS/libtiff-3.8.2-8.1mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
712950c98f929999cb7a53dad56db456 2007.1/x86_64/lib64tiff3-3.8.2-8.1mdv2007.1.x86_64.rpm
820be023570529dbcbc4682a687aa59d 2007.1/x86_64/lib64tiff3-devel-3.8.2-8.1mdv2007.1.x86_64.rpm
741e09ecc07a42f95ba97f99daf8b474 2007.1/x86_64/lib64tiff3-static-devel-3.8.2-8.1mdv2007.1.x86_64.rpm
5f44d3ec3d223be06ecdeacae2fc3c04 2007.1/x86_64/libtiff-progs-3.8.2-8.1mdv2007.1.x86_64.rpm
6f0b7a336c92b3f6026882f16fea8e36 2007.1/SRPMS/libtiff-3.8.2-8.1mdv2007.1.src.rpm

Mandriva Linux 2008.0:
f48e75c73b1485dd999147f6916d714b 2008.0/i586/libtiff3-3.8.2-8.1mdv2008.0.i586.rpm
1f81e09035972f2dd658b740913027f8 2008.0/i586/libtiff3-devel-3.8.2-8.1mdv2008.0.i586.rpm
38cb329a1841478e36a4c2f78c2b9d0f 2008.0/i586/libtiff3-static-devel-3.8.2-8.1mdv2008.0.i586.rpm
a69b25380f8eb9dff4cae5731aa1576b 2008.0/i586/libtiff-progs-3.8.2-8.1mdv2008.0.i586.rpm
4062ab04fafcc0b310643bdbcc39e343 2008.0/SRPMS/libtiff-3.8.2-8.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
e06c6562905343841510dc6149321ea7 2008.0/x86_64/lib64tiff3-3.8.2-8.1mdv2008.0.x86_64.rpm
2645a673dd22ff97b87f315e228a6e8a 2008.0/x86_64/lib64tiff3-devel-3.8.2-8.1mdv2008.0.x86_64.rpm
3b35439a9606085a451c85fb87762476 2008.0/x86_64/lib64tiff3-static-devel-3.8.2-8.1mdv2008.0.x86_64.rpm
712fa17a6debde8aaa02b6b63f25e99c 2008.0/x86_64/libtiff-progs-3.8.2-8.1mdv2008.0.x86_64.rpm
4062ab04fafcc0b310643bdbcc39e343 2008.0/SRPMS/libtiff-3.8.2-8.1mdv2008.0.src.rpm

Mandriva Linux 2008.1:
96ab6a2cbd02a41d51d28852ba8c542a 2008.1/i586/libtiff3-3.8.2-10.1mdv2008.1.i586.rpm
586ed80dcca4c1512fa0a8f344c4b1ca 2008.1/i586/libtiff3-devel-3.8.2-10.1mdv2008.1.i586.rpm
8536b2918799e028e92946ae5a9f8bfa 2008.1/i586/libtiff3-static-devel-3.8.2-10.1mdv2008.1.i586.rpm
0e311bd531287bd6f71aede0ab233375 2008.1/i586/libtiff-progs-3.8.2-10.1mdv2008.1.i586.rpm
991200fe0e312eb8532e76a42a5f5f36 2008.1/SRPMS/libtiff-3.8.2-10.1mdv2008.1.src.rpm

Mandriva Linux 2008.1/X86_64:
67aba91807aa52b92baefac9f51e5991 2008.1/x86_64/lib64tiff3-3.8.2-10.1mdv2008.1.x86_64.rpm
60bfa4862afb7b8719fa17c7661a422f 2008.1/x86_64/lib64tiff3-devel-3.8.2-10.1mdv2008.1.x86_64.rpm
6e96394972e36c83768433e2b2ad36a7
2008.1/x86_64/lib64tiff3-static-devel-3.8.2-10.1mdv2008.1.x86_64.rpm
0a16cd2b222893004166293534b9edde 2008.1/x86_64/libtiff-progs-3.8.2-10.1mdv2008.1.x86_64.rpm
991200fe0e312eb8532e76a42a5f5f36 2008.1/SRPMS/libtiff-3.8.2-10.1mdv2008.1.src.rpm

Corporate 3.0:
518e89f46b971a1bb21ae1c014247924 corporate/3.0/i586/libtiff3-3.5.7-11.14.C30mdk.i586.rpm
d60decb8c0b256b22f78aadbe8eebe0c corporate/3.0/i586/libtiff3-devel-3.5.7-11.14.C30mdk.i586.rpm
b3f257066e07132549b2d5027736c028
corporate/3.0/i586/libtiff3-static-devel-3.5.7-11.14.C30mdk.i586.rpm
2907ac3739e1718f7908ce64c3fd7867 corporate/3.0/i586/libtiff-progs-3.5.7-11.14.C30mdk.i586.rpm
e08892c5ded68d96e16862f8b69946ab corporate/3.0/SRPMS/libtiff-3.5.7-11.14.C30mdk.src.rpm

Corporate 3.0/X86_64:
bec82cc9258d4500374b06871f420492 corporate/3.0/x86_64/lib64tiff3-3.5.7-11.14.C30mdk.x86_64.rpm
3baa1d2a9aef965ec71ed15ba8bf1a20 corporate/3.0/x86_64/lib64tiff3-devel-3.5.7-11.14.C30mdk.x86_64.rpm
02a22843046e7a3a3208e20ff95f633a
corporate/3.0/x86_64/lib64tiff3-static-devel-3.5.7-11.14.C30mdk.x86_64.rpm
529cb32db1c9e2f21278ec3154498278 corporate/3.0/x86_64/libtiff-progs-3.5.7-11.14.C30mdk.x86_64.rpm
e08892c5ded68d96e16862f8b69946ab corporate/3.0/SRPMS/libtiff-3.5.7-11.14.C30mdk.src.rpm

Corporate 4.0:
700cb8f74636fbb25f2dd2a8d73c3841 corporate/4.0/i586/libtiff3-3.6.1-12.7.20060mlcs4.i586.rpm
305bb87c84edf3261491526a9deef8f9 corporate/4.0/i586/libtiff3-devel-3.6.1-12.7.20060mlcs4.i586.rpm
46bdebacb26f5f05ce572e7de85277e8
corporate/4.0/i586/libtiff3-static-devel-3.6.1-12.7.20060mlcs4.i586.rpm
b637cbfec742d8a2c06106cb94c36b5a corporate/4.0/i586/libtiff-progs-3.6.1-12.7.20060mlcs4.i586.rpm
bb4663c662718a57113cf78d7e8c7b13 corporate/4.0/SRPMS/libtiff-3.6.1-12.7.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
e655bb4c3a7b87eb363dcfd24f139dcf corporate/4.0/x86_64/lib64tiff3-3.6.1-12.7.20060mlcs4.x86_64.rpm
f9676f4f1400c9311d320a88d67d8b91
corporate/4.0/x86_64/lib64tiff3-devel-3.6.1-12.7.20060mlcs4.x86_64.rpm
5c0dccb5f0168c4e43672d9d7982d49f
corporate/4.0/x86_64/lib64tiff3-static-devel-3.6.1-12.7.20060mlcs4.x86_64.rpm
87a216a31e01f158135a23095fd341a1
corporate/4.0/x86_64/libtiff-progs-3.6.1-12.7.20060mlcs4.x86_64.rpm
bb4663c662718a57113cf78d7e8c7b13 corporate/4.0/SRPMS/libtiff-3.6.1-12.7.20060mlcs4.src.rpm

Multi Network Firewall 2.0:
5acf2c9864c31560ac109574e94caef0 mnf/2.0/i586/libtiff3-3.5.7-11.14.C30mdk.i586.rpm
b2f1fc5125dd9e951d6d38ead8050461 mnf/2.0/SRPMS/libtiff-3.5.7-11.14.C30mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFIvrMbmqjQ0CJFipgRAqv6AJ9eEBD7LXdc9E8dpYGimLzumWjvUgCgxA3+
gSpOlHU8sZnY2OoFJ9KzkMw=
=8p0b
-----END PGP SIGNATURE-----

Related

openvas 41
nessus 29
fedora 3
ubuntu 1
ubuntucve 2
securityvulns 1
seebug 1
redhat 3
oraclelinux 3
debian 1
veracode 1
centos 4
debiancve 2
altlinux 2
gentoo 1
prion 2
cve 2
vmware 2
openvas
openvas
RedHat Update for libtiff RHSA-2008:0847-01
2009-03-06 00:00:00
Ubuntu Update for tiff vulnerability USN-639-1
2009-03-23 00:00:00
CentOS Update for libtiff CESA-2008:0863-01 centos2 i386
2009-02-27 00:00:00
nessus
nessus
Oracle Linux 3 : libtiff (ELSA-2008-0863)
2013-07-12 00:00:00
GLSA-200809-07 : libTIFF: User-assisted execution of arbitrary code
2008-09-09 00:00:00
Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : tiff vulnerability (USN-639-1)
2008-09-03 00:00:00
fedora
fedora
[SECURITY] Fedora 9 Update: libtiff-3.8.2-11.fc9
2008-09-10 06:37:24
[SECURITY] Fedora 8 Update: libtiff-3.8.2-11.fc8
2008-09-10 06:39:57
[SECURITY] Fedora 9 Update: libtiff-3.8.2-13.fc9
2009-07-03 19:41:40
ubuntu
ubuntu
tiff vulnerability
2008-09-02 00:00:00
ubuntucve
ubuntucve
CVE-2008-2327
2008-08-27 00:00:00
CVE-2009-2285
2009-07-01 00:00:00
securityvulns
securityvulns
libtiff memory corruption
2008-09-04 00:00:00
seebug
seebug
LibTIFF 'tif_lzw.c'θΏœη¨‹ζ•΄ζ•°δΈ‹ζΊ’ζΌζ΄ž
2008-08-27 00:00:00
redhat
redhat
(RHSA-2008:0863) Important: libtiff security update
2008-08-28 00:00:00
(RHSA-2008:0847) Important: libtiff security and bug fix update
2008-08-28 00:00:00
(RHSA-2008:0848) Important: libtiff security and bug fix update
2008-08-28 00:00:00
oraclelinux
oraclelinux
libtiff security and bug fix update
2008-08-28 00:00:00
libtiff security update
2008-08-28 00:00:00
libtiff security and bug fix update
2008-08-28 00:00:00
debian
debian
[SECURITY] [DSA 1632-1] New tiff packages fix arbitrary code execution
2008-08-26 16:22:23
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:34:39
centos
centos
libtiff security update
2008-10-03 18:34:01
libtiff security update
2008-08-29 21:30:43
libtiff security update
2008-08-29 00:41:41
debiancve
debiancve
CVE-2008-2327
2008-08-27 20:41:00
CVE-2009-2285
2009-07-01 13:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package libtiff version 3.8.2-alt2
2008-08-31 00:00:00
Security fix for the ALT Linux 5 package libtiff version 3.8.2-alt2
2008-08-31 00:00:00
gentoo
gentoo
libTIFF: User-assisted execution of arbitrary code
2008-09-08 00:00:00
prion
prion
Buffer overflow
2008-08-27 20:41:00
Buffer overflow
2009-07-01 13:00:00
cve
cve
CVE-2008-2327
2008-08-27 20:41:00
CVE-2009-2285
2009-07-01 13:00:00
vmware
vmware
Updated ESX packages for libxml2, ucd-snmp, libtiff
2008-10-31 00:00:00
Updated ESX packages for libxml2, ucd-snmp, libtiff
2008-10-31 00:00:00
JSON
Related for SECURITYVULNS:DOC:20451
openvas41nessus29fedora3ubuntu1ubuntucve2securityvulns1seebug1redhat3oraclelinux3debian1veracode1centos4debiancve2altlinux2gentoo1prion2cve2vmware2