Mageia Bugzilla – Bug 6833
libtiff new security issue CVE-2012-3401
Last modified: 2012-07-24 13:50:52 CEST
Ubuntu has issued an advisory today (July 19):
Patched package uploaded for Mageia 1, Mageia 2, and Cauldron.
More info about this is available in RH bugzilla (see the Ubuntu CVE link).
Updated libtiff packages fix security vulnerability:
Huzaifa Sidhpurwala discovered that the tiff2pdf utility incorrectly
handled certain malformed TIFF images. If a user or automated system were
tricked into opening a specially crafted TIFF image, a remote attacker
could crash the application, leading to a denial of service, or possibly
execute arbitrary code with user privileges (CVE-2012-3401).
Updated packages in core/updates_testing:
I haven't found an exploit for this security vulnerability, so we are bound just to test that the update candidate still works.
I created a testing procedure for libtiff at https://wiki.mageia.org/en/QA_procedure:Libtiff based on testing reports from previous updates.
Feel free to improve it.
Testing complete for Mageia 1 32 bits
I'll test Mageia 2 i586 shortly.
Testing complete for Mageia 1 64 bits
Testing complete Mageia 2 i586.
Testing complete Mageia 2 x86_64.
Update validated. See comment #0 for advisory and SRPMs. No linking needed. Thanks!