Mageia Advisory: MGASA-2016-0388 - Updated libtiff packages fix security vulnerability

Updated libtiff packages fix security vulnerability

Publication date: 17 Nov 2016
Modification date: 22 Nov 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-9273 , CVE-2016-9297 , CVE-2016-9532

Description

A read outside of array in tiffsplit (or other utilities using
TIFFNumberOfStrips()) (CVE-2016-9273).

A potential read outside buffer in _TIFFPrintField() (CVE-2016-9297).

Multiple uint32 overflows in writeBufferToSeparateStrips(),
writeBufferToContigTiles() and writeBufferToSeparateTiles() that could
cause heap buffer overflows (CVE-2016-9532).

References

https://bugs.mageia.org/show_bug.cgi?id=19758
http://openwall.com/lists/oss-security/2016/11/11/6
http://openwall.com/lists/oss-security/2016/11/14/7
http://openwall.com/lists/oss-security/2016/11/22/1
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9273
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9297
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9532

SRPMS

5/core

libtiff-4.0.6-1.6.mga5

Advisories » MGASA-2016-0388

Updated libtiff packages fix security vulnerability

Description

References

SRPMS

5/core