Ubuntu has issued an advisory today (July 19): http://www.ubuntu.com/usn/usn-1511-1/ Patched package uploaded for Mageia 1, Mageia 2, and Cauldron. More info about this is available in RH bugzilla (see the Ubuntu CVE link). Advisory: ======================== Updated libtiff packages fix security vulnerability: Huzaifa Sidhpurwala discovered that the tiff2pdf utility incorrectly handled certain malformed TIFF images. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges (CVE-2012-3401). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3401 http://www.ubuntu.com/usn/usn-1511-1/ ======================== Updated packages in core/updates_testing: ======================== libtiff-progs-3.9.5-1.5.mga1 libtiff3-3.9.5-1.5.mga1 libtiff-devel-3.9.5-1.5.mga1 libtiff-static-devel-3.9.5-1.5.mga1 libtiff-progs-4.0.1-2.2.mga2 libtiff5-4.0.1-2.2.mga2 libtiff-devel-4.0.1-2.2.mga2 libtiff-static-devel-4.0.1-2.2.mga2 from SRPMS: libtiff-3.9.5-1.5.mga1.src.rpm libtiff-4.0.1-2.2.mga2.src.rpm
Whiteboard: (none) => MGA1TOO
I haven't found an exploit for this security vulnerability, so we are bound just to test that the update candidate still works.
CC: (none) => stormi
I created a testing procedure for libtiff at https://wiki.mageia.org/en/QA_procedure:Libtiff based on testing reports from previous updates. Feel free to improve it.
Testing complete for Mageia 1 32 bits
Whiteboard: MGA1TOO => MGA1TOO MGA1-32-OK
I'll test Mageia 2 i586 shortly.
CC: (none) => davidwhodgins
Testing complete for Mageia 1 64 bits
Whiteboard: MGA1TOO MGA1-32-OK => MGA1TOO MGA1-32-OK MGA1-64-OK
Testing complete Mageia 2 i586.
Whiteboard: MGA1TOO MGA1-32-OK MGA1-64-OK => MGA1TOO MGA1-32-OK MGA1-64-OK MGA2-32-OK
Testing complete Mageia 2 x86_64. Update validated. See comment #0 for advisory and SRPMs. No linking needed. Thanks!
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsWhiteboard: MGA1TOO MGA1-32-OK MGA1-64-OK MGA2-32-OK => MGA1TOO MGA1-32-OK MGA1-64-OK MGA2-32-OK MGA2-64-OK
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0181
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED