Mandriva has issued this advisory today: http://www.mandriva.com/en/support/security/advisories/?dis=2010.1&name=MDVSA-2012:054 Mageia 1 and Cauldron were affected. Patched packages have been uploaded in both. Advisory: ======================== Updated libtiff packages fix security vulnerability: An integer overflow was discovered in the libtiff/tiff_getimage.c file in the tiff library which could cause execution of arbitrary code using a specially crafted TIFF image file (CVE-2012-1173). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1173 http://www.mandriva.com/en/support/security/advisories/?dis=2010.1&name=MDVSA-2012:054 ======================== Updated packages in core/updates_testing: ======================== libtiff-progs-3.9.5-1.2.mga1 libtiff3-3.9.5-1.2.mga1 libtiff-devel-3.9.5-1.2.mga1 libtiff-static-devel-3.9.5-1.2.mga1 from libtiff-3.9.5-1.2.mga1.src.rpm
Testing complete on i586 for the srpm libtiff-3.9.5-1.2.mga1.src.rpm No poc, so just testing converting a bmp to tiff usinb bmp2tiff, using tiffinfo, and xv on the resulting image.
CC: (none) => davidwhodgins
Testing complete on x86_64 Suggested Advisory: ------------- Updated libtiff packages fix security vulnerability: An integer overflow was discovered in the libtiff/tiff_getimage.c file in the tiff library which could cause execution of arbitrary code using a specially crafted TIFF image file (CVE-2012-1173). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1173 http://www.mandriva.com/en/support/security/advisories/?dis=2010.1&name=MDVSA-2012:054 https://bugs.mageia.org/show_bug.cgi?id=5236#c1 ------------- SRPM: libtiff-3.9.5-1.2.mga1.src.rpm Could sysadmin please push from core/updates_testing to core/updates Thankyou!
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Update pushed.
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED