iDefense reported to us a libtiff flaw discovered by Dan Rosenberg. Quoting description from iDefense advisory draft: Remote exploitation of a stack buffer overflow vulnerability in version 3.9.2 of LibTIFF, as included in various vendors' operating system distributions, could allow an attacker to execute arbitrary code with the privileges of the current user. ... This vulnerability is due to insufficient bounds checking when copying data into a stack allocated buffer. During the processing of a certain EXIF tag a fixed sized stack buffer is used as a destination location for a memory copy. This memory copy can cause the bounds of a stack buffer to be overflown and this condition may lead to arbitrary code execution.
Created attachment 419396 [details] Patch from Frank Warmerdam (libtiff upstream)
Created attachment 422072 [details] Unified context diff Same thing as patch in comment #1, just with some extra context for future reference.
Statement: Not vulnerable. These issues did not affect the versions of libtiff as shipped with Red Hat Enterprise Linux 3, 4, or 5.
(In reply to comment #1) > Created an attachment (id=419396) [details] > Patch from Frank Warmerdam (libtiff upstream) This patch is included in upstream version 3.9.4, libtiff/tif_dirread.c r1.92.2.8. http://www.remotesensing.org/libtiff/v3.9.4.html http://bugzilla.maptools.org/show_bug.cgi?id=2212
Public now via Ubuntu USN-954-1: http://www.ubuntu.com/usn/usn-954-1
libtiff-3.9.4-1.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/libtiff-3.9.4-1.fc12
libtiff-3.9.4-1.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/libtiff-3.9.4-1.fc13
libtiff-3.9.4-1.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
libtiff-3.9.4-1.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.