aru Posted June 6, 2006 Report Share Posted June 6, 2006 Mandriva Advisories MDKSA-2006:095 : libtiff Updated libtiff packages fixes tiffsplit vulnerability June 5th, 2006 A stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlier might might allow attackers to execute arbitrary code via a long filename. NOTE: tiffsplit is not setuid, and there may not be a common scenario under which tiffsplit is called with attacker-controlled command line arguments. The updated packages have been patched to correct this issue. The released versions of Mandriva GNU/Linux affected are: CS3.0 10.2 2006.0 Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKSA-2006:095 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2656 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 1.2 2006/06/01 20:04:28 pituko Exp $) Link to comment Share on other sites More sharing options...
Recommended Posts