Bug 599576 (CVE-2010-2067)
Summary: | CVE-2010-2067 libtiff: SubjectDistance EXIF tag reading stack based buffer overflow | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> | ||||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||||
Status: | CLOSED ERRATA | QA Contact: | |||||||
Severity: | high | Docs Contact: | |||||||
Priority: | high | ||||||||
Version: | unspecified | CC: | jrusnack, rcvalle, security-response-team, tgl | ||||||
Target Milestone: | --- | Keywords: | Security | ||||||
Target Release: | --- | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2010-07-07 09:22:52 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | 606708 | ||||||||
Bug Blocks: | |||||||||
Attachments: |
|
Description
Tomas Hoger
2010-06-03 14:26:15 UTC
Created attachment 419396 [details]
Patch from Frank Warmerdam (libtiff upstream)
Created attachment 422072 [details] Unified context diff Same thing as patch in comment #1, just with some extra context for future reference. Statement: Not vulnerable. These issues did not affect the versions of libtiff as shipped with Red Hat Enterprise Linux 3, 4, or 5. (In reply to comment #1) > Created an attachment (id=419396) [details] > Patch from Frank Warmerdam (libtiff upstream) This patch is included in upstream version 3.9.4, libtiff/tif_dirread.c r1.92.2.8. http://www.remotesensing.org/libtiff/v3.9.4.html http://bugzilla.maptools.org/show_bug.cgi?id=2212 Public now via Ubuntu USN-954-1: http://www.ubuntu.com/usn/usn-954-1 libtiff-3.9.4-1.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/libtiff-3.9.4-1.fc12 libtiff-3.9.4-1.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/libtiff-3.9.4-1.fc13 libtiff-3.9.4-1.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report. libtiff-3.9.4-1.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report. |