Ubuntu has issued an advisory today (November 15): http://www.ubuntu.com/usn/usn-1631-1/ Patched packages uploaded for Mageia 1, Mageia 2, and Cauldron. Advisory: ======================== Updated libtiff packages fix security vulnerability: ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow (CVE-2012-4564). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4564 http://www.ubuntu.com/usn/usn-1631-1/ ======================== Updated packages in core/updates_testing: ======================== libtiff-progs-3.9.5-1.7.mga1.x86_64.rpm libtiff3-3.9.5-1.7.mga1 libtiff-devel-3.9.5-1.7.mga1 libtiff-static-devel-3.9.5-1.7.mga1 libtiff-progs-4.0.1-2.4.mga2 libtiff5-4.0.1-2.4.mga2 libtiff-devel-4.0.1-2.4.mga2 libtiff-static-devel-4.0.1-2.4.mga2 from SRPMS: libtiff-3.9.5-1.7.mga1.src.rpm libtiff-4.0.1-2.4.mga2.src.rpm
Whiteboard: (none) => MGA1TOO
Procedure: https://wiki.mageia.org/en/QA_procedure:Libtiff
Whiteboard: MGA1TOO => MGA1TOO has_procedure
Testing complete mga2 32 & 64
Whiteboard: MGA1TOO has_procedure => MGA1TOO has_procedure mga2-32-OK mga2-64-OK
Testing complete mga1 32 & 64 Validating Advisory & srpms in comment 0 Could sysadmin please push to updates Thanks!
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsWhiteboard: MGA1TOO has_procedure mga2-32-OK mga2-64-OK => MGA1TOO has_procedure mga2-32-OK mga2-64-OK mga1-32-OK mga1-64-OK
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0332
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED