Mageia Bugzilla – Bug 8317
libtiff new security issue CVE-2012-5581
Last modified: 2012-12-07 22:41:54 CET
Ubuntu has issued an advisory on December 5:
Cauldron is not affected as this was fixed in 4.0.2 upstream.
Patched package uploaded for Mageia 2.
Patch also committed to Mageia 1 SVN.
Updated libtiff packages fix security vulnerability:
It was discovered that LibTIFF incorrectly handled certain malformed
images using the DOTRANGE tag. If a user or automated system were
tricked into opening a specially crafted TIFF image, a remote attacker
could crash the application, leading to a denial of service, or possibly
execute arbitrary code with user privileges (CVE-2012-5581).
Updated packages in core/updates_testing:
Testing complete mga2 32 & 64
Advisory & srpm n comment 0
Could sysadmin please push from core updates testing to core updates