Mageia Bugzilla – Bug 11281
libtiff new security issue CVE-2013-4243
Last modified: 2013-09-24 23:47:07 CEST
OpenSuSE has issued an advisory today (September 24):
Patched packages uploaded for Mageia 2, Mageia 3, and Cauldron.
Updated libtiff packages fix security vulnerability:
A possible heap-based buffer overflow flaw was found in the readgifimage()
function in gif2tiff, a tool to convert GIF images to TIFF. A remote attacker
could provide a specially-crafted GIF file that, when processed by gif2tiff,
would cause gif2tiff to crash or, potentially, execute arbitrary code with the
privileges of the user running gif2tiff (CVE-2013-4243).
Updated packages in core/updates_testing:
Steps to Reproduce:
Advisory 11281.adv committed to svn.
No poc, that I could find, so just testing that various programs from
libtiff-progs work ok. Testing both releases, both arches shortly.
Testing complete both releases, both arches.
Someone from the sysadmin team please push 11281.adv to updates.