Ubuntu has issued an advisory on December 5: http://www.ubuntu.com/usn/usn-1655-1/ Cauldron is not affected as this was fixed in 4.0.2 upstream. Patched package uploaded for Mageia 2. Patch also committed to Mageia 1 SVN. Advisory: ======================== Updated libtiff packages fix security vulnerability: It was discovered that LibTIFF incorrectly handled certain malformed images using the DOTRANGE tag. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges (CVE-2012-5581). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5581 http://www.ubuntu.com/usn/usn-1655-1/ ======================== Updated packages in core/updates_testing: ======================== libtiff-progs-4.0.1-2.5.mga2 libtiff5-4.0.1-2.5.mga2 libtiff-devel-4.0.1-2.5.mga2 libtiff-static-devel-4.0.1-2.5.mga2 from libtiff-4.0.1-2.5.mga2.src.rpm
Procedure: https://wiki.mageia.org/en/QA_procedure:Libtiff
Whiteboard: (none) => has_procedure
Testing complete mga2 32 & 64 Validating Advisory & srpm n comment 0 Could sysadmin please push from core updates testing to core updates Thanks!
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsWhiteboard: has_procedure => has_procedure mga2-32-OK mga2-64-OK
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0355
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED