AWARE SYSTEMS
TIFF and LibTiff Mail List Archive

Thread

2012.04.06 16:52 "[Tiff] Security Fix", by Frank Warmerdam
2012.04.09 13:09 "Re: [Tiff] Security Fix", by Christopher Cameron
2012.04.09 17:19 "Re: [Tiff] Security Fix", by Frank Warmerdam

2012.04.06 16:52 "[Tiff] Security Fix", by Frank Warmerdam

Folks,

There has been an overflow problem reported with libtiff that could represent a security compromise when operating on potentially hostile files in an unsafe context. A fix is applied in 3.9 branch and CVS HEAD. They are also available in the ticket if someone wants to apply them.

Some distributions pushed the fix out already this week:

  http://bugzilla.maptools.org/show_bug.cgi?id=2369

Best regards,

--
---------------------------------------+--------------------------------------
I set the clouds in motion - turn up   | Frank Warmerdam, warmerdam@pobox.com
light and sound - activate the windows | http://pobox.com/~warmerdam
and watch the world go round - Rush    | Geospatial Software Developer