Updated libtiff package fixes security vulnerabilities
Publication date: 14 Jan 2016Modification date: 14 Jan 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-1547 , CVE-2015-8665 , CVE-2015-8683
Description
In libtiff, in tif_next.c, a potential out-of-bound write in NeXTDecode()
triggered by the test case for CVE-2015-1547 (maptools bugzilla #2508).
In libtiff, in tif_getimage.c, out-of-bound reads in the TIFFRGBAImage
interface in case of unsupported values of SamplesPerPixel/ExtraSamples
for LogLUV / CIELab (CVE-2015-8665, CVE-2015-8683).
References
- https://bugs.mageia.org/show_bug.cgi?id=15519
- http://bugzilla.maptools.org/show_bug.cgi?id=2508
- http://openwall.com/lists/oss-security/2015/12/24/4
- http://openwall.com/lists/oss-security/2015/12/26/1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1547
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8665
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8683
SRPMS
5/core
- libtiff-4.0.6-1.2.mga5