Debian has issued an advisory on October 21: http://www.debian.org/security/2012/dsa-2561 Mageia 1 and Mageia 2 are also affected.
Patched packages uploaded for Mageia 1, Mageia 2, and Cauldron. Advisory: ======================== Updated libtiff packages fix security vulnerability: It was discovered that a buffer overflow in libtiff's parsing of files using PixarLog compression could lead to the execution of arbitrary code (CVE-2012-4447). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4447 http://www.debian.org/security/2012/dsa-2561 ======================== Updated packages in core/updates_testing: ======================== libtiff-progs-3.9.5-1.6.mga1 libtiff3-3.9.5-1.6.mga1 libtiff-devel-3.9.5-1.6.mga1 libtiff-static-devel-3.9.5-1.6.mga1 libtiff-progs-4.0.1-2.3.mga2 libtiff5-4.0.1-2.3.mga2 libtiff-devel-4.0.1-2.3.mga2 libtiff-static-devel-4.0.1-2.3.mga2 from SRPMS: libtiff-3.9.5-1.6.mga1.src.rpm libtiff-4.0.1-2.3.mga2.src.rpm
Version: Cauldron => 2Assignee: bugsquad => qa-bugsWhiteboard: (none) => MGA1TOO
With the update, tiff support is still working fine.
CC: (none) => goetz.waschkWhiteboard: MGA1TOO => MGA1TOO MGA2-64-OK
Procedure here: https://wiki.mageia.org/en/QA_procedure:Libtiff
Whiteboard: MGA1TOO MGA2-64-OK => MGA1TOO has_procedure MGA2-64-OK
No PoC's
testing mga2 32
Testing complete mga2 32
Whiteboard: MGA1TOO has_procedure MGA2-64-OK => MGA1TOO has_procedure MGA2-64-OK mga2-32-OK
testing complete mga1 32
Whiteboard: MGA1TOO has_procedure MGA2-64-OK mga2-32-OK => MGA1TOO has_procedure mga1-32-OK MGA2-64-OK mga2-32-OK
Testing complete mga1 64 Validating Advisory and srpms in comment 1 Could sysadmin please push from core/updates_testing to core/updates Thanks!
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsWhiteboard: MGA1TOO has_procedure mga1-32-OK MGA2-64-OK mga2-32-OK => MGA1TOO has_procedure mga1-32-OK mga1-64-OK MGA2-64-OK mga2-32-OK
Update pushed:
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED
(In reply to comment #9) > Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0317