Bug 8317

Summary: libtiff new security issue CVE-2012-5581
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: major    
Priority: Normal CC: sysadmin-bugs, tmb
Version: 2Keywords: validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/528312/
Whiteboard: has_procedure mga2-32-OK mga2-64-OK
Source RPM: libtiff-4.0.1-2.4.mga2.src.rpm CVE:
Status comment:

Description David Walser 2012-12-07 01:27:04 CET 
Ubuntu has issued an advisory on December 5:
http://www.ubuntu.com/usn/usn-1655-1/

Cauldron is not affected as this was fixed in 4.0.2 upstream.

Patched package uploaded for Mageia 2.

Patch also committed to Mageia 1 SVN.

Advisory:
========================

Updated libtiff packages fix security vulnerability:

It was discovered that LibTIFF incorrectly handled certain malformed
images using the DOTRANGE tag. If a user or automated system were
tricked into opening a specially crafted TIFF image, a remote attacker
could crash the application, leading to a denial of service, or possibly
execute arbitrary code with user privileges (CVE-2012-5581).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5581
http://www.ubuntu.com/usn/usn-1655-1/
========================

Updated packages in core/updates_testing:
========================
libtiff-progs-4.0.1-2.5.mga2
libtiff5-4.0.1-2.5.mga2
libtiff-devel-4.0.1-2.5.mga2
libtiff-static-devel-4.0.1-2.5.mga2

from libtiff-4.0.1-2.5.mga2.src.rpm
Comment 1 claire robinson 2012-12-07 17:33:51 CET 
Procedure: https://wiki.mageia.org/en/QA_procedure:Libtiff

Whiteboard: (none) => has_procedure

Comment 2 claire robinson 2012-12-07 17:45:15 CET 
Testing complete mga2 32 & 64

Validating

Advisory & srpm n comment 0

Could sysadmin please push from core updates testing to core updates

Thanks!

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs
Whiteboard: has_procedure => has_procedure mga2-32-OK mga2-64-OK

Comment 3 Thomas Backlund 2012-12-07 22:41:54 CET 
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0355

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED