OpenSuSE has issued an advisory today (September 24): http://lists.opensuse.org/opensuse-updates/2013-09/msg00053.html Patched packages uploaded for Mageia 2, Mageia 3, and Cauldron. Advisory: ======================== Updated libtiff packages fix security vulnerability: A possible heap-based buffer overflow flaw was found in the readgifimage() function in gif2tiff, a tool to convert GIF images to TIFF. A remote attacker could provide a specially-crafted GIF file that, when processed by gif2tiff, would cause gif2tiff to crash or, potentially, execute arbitrary code with the privileges of the user running gif2tiff (CVE-2013-4243). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4243 http://lists.opensuse.org/opensuse-updates/2013-09/msg00053.html ======================== Updated packages in core/updates_testing: ======================== libtiff-progs-4.0.1-2.9.mga2 libtiff5-4.0.1-2.9.mga2 libtiff-devel-4.0.1-2.9.mga2 libtiff-static-devel-4.0.1-2.9.mga2 libtiff-progs-4.0.3-4.3.mga3 libtiff5-4.0.3-4.3.mga3 libtiff-devel-4.0.3-4.3.mga3 libtiff-static-devel-4.0.3-4.3.mga3 from SRPMS: libtiff-4.0.1-2.9.mga2.src.rpm libtiff-4.0.3-4.3.mga3.src.rpm Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA2TOO
Advisory 11281.adv committed to svn.
CC: (none) => davidwhodgins
No poc, that I could find, so just testing that various programs from libtiff-progs work ok. Testing both releases, both arches shortly.
Testing complete both releases, both arches. Someone from the sysadmin team please push 11281.adv to updates.
Keywords: (none) => validated_updateWhiteboard: MGA2TOO => MGA2TOO MGA3-64-OK MGA3-32-OK MGA2-64-OK MGA2-32-OKCC: (none) => sysadmin-bugs
Update pushed: http://advisories.mageia.org/MGASA-2013-0291.html
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED