Updated libtiff packages fix security vulnerability
Publication date: 28 Nov 2016Type: security
Affected Mageia releases : 5
CVE: CVE-2016-9448 , CVE-2016-9453
Description
The updated packages fix: - A regression introduced by the fix for CVE-2016-9297 (CVE-2016-9448). - An out-of-bounds Write memcpy and less bound check in tiff2pdf (CVE-2016-9453).
References
- https://bugs.mageia.org/show_bug.cgi?id=19813
- http://openwall.com/lists/oss-security/2016/11/18/4
- http://openwall.com/lists/oss-security/2016/11/18/11
- http://openwall.com/lists/oss-security/2016/11/18/15
- http://openwall.com/lists/oss-security/2016/11/19/1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9448
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9453
SRPMS
5/core
- libtiff-4.0.7-1.mga5