Linux Security
Linux Security
Linux Security

Debian: DSA-2084-1: New tiff packages fix arbitrary code execution

Date 03 Aug 2010
Posted By LinuxSecurity Advisories
Kevin Finisterre discovered that several integer overflows in the TIFF library could lead to the execution of arbitrary code. For the stable distribution (lenny), this problem has been fixed in
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-2084-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.                       Moritz Muehlenhoff
August 03, 2010             
- ------------------------------------------------------------------------

Package        : tiff
Vulnerability  : integer overflows
Problem type   : local(remote)
Debian-specific: no
CVE Id(s)      : CVE-2010-1411

Kevin Finisterre discovered that several integer overflows in the TIFF
library could lead to the execution of arbitrary code.

For the stable distribution (lenny), this problem has been fixed in
version 3.8.2-11.3.

For the unstable distribution (sid), this problem has been fixed in
version 3.9.4-1.

We recommend that you upgrade your tiff packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:
    Size/MD5 checksum:  1376361 bfbc775f3ea2d698f6c4e57a66a6bc62
    Size/MD5 checksum:      965 289fde796cd4d75c185fd380e4ef2611

Architecture independent packages:
    Size/MD5 checksum:   368936 4fa6c87469e6d2a4ab8b9b609e1cd2b0

alpha architecture (DEC Alpha)
    Size/MD5 checksum:   184038 718aa158afb8b08924079e4c8990f303
    Size/MD5 checksum:   339202 b4d67d4e554d4e681e54a9951bc6ab88
    Size/MD5 checksum:    49078 2c6b9d3ee81d1f1ea306d395b51c1731
    Size/MD5 checksum:    55100 ef3532a300357164438524ca256853fb
    Size/MD5 checksum:   253438 6e72c7d573238d09bdc43a20472b2b29

amd64 architecture (AMD x86_64 (AMD64))
    Size/MD5 checksum:   230540 93a89276bd4fe5be5a9d50b040002a70
    Size/MD5 checksum:   169962 037d13ec48515773798dfc51af404eef
    Size/MD5 checksum:    54210 d4e1911e9e5f07980e0d71bde8bfc732
    Size/MD5 checksum:    48846 334988c78cfc87a6a3f9f9a18254f450
    Size/MD5 checksum:   293176 4aa38a5f29db663094e6af1039b5a32b

armel architecture (ARM EABI)
    Size/MD5 checksum:   162044 2b4e8648f64119e0ab8e8ab6246270a9
    Size/MD5 checksum:   234150 7481d9317f18ce662f3b8997ce924df8
    Size/MD5 checksum:    55996 26fbcbaccac9a1ee56b681699ff035e3
    Size/MD5 checksum:    48532 30d10222b5e240af5823a2a1cf1b1e26
    Size/MD5 checksum:   278612 97026ca2288156a7c08057afedede29e

hppa architecture (HP PA RISC)
    Size/MD5 checksum:   309128 bf85956e72869e294f893c3f27b6ad37
    Size/MD5 checksum:   176834 e0f39c8995ba2d40ae444257bf9b5943
    Size/MD5 checksum:    49746 04935c2e72b8696ccfcd1c303fb83327
    Size/MD5 checksum:    54552 d4af13d4eb9022e20ce2312d951ba34b
    Size/MD5 checksum:   241610 97b8a14e8b2cc24197e2b82d01f51775

i386 architecture (Intel ia32)
    Size/MD5 checksum:   275666 b8fb9e1f47d1e29ba82e9ab9c2c5695e
    Size/MD5 checksum:    48830 734c77873fd7f566e2473470b1db31aa
    Size/MD5 checksum:   161636 665df63c672569d63281727a7ac499b0
    Size/MD5 checksum:    53632 5d75e0f199918c8c250b0a48d4b2fd4f
    Size/MD5 checksum:   219164 b3b8468f9a518093440b74fc573a6ee1

ia64 architecture (Intel ia64)
    Size/MD5 checksum:   368628 57e577e4e2a590f89b96204598e14d04
    Size/MD5 checksum:    56790 4072f1d33f13b2bd419cdd984947a4ce
    Size/MD5 checksum:    50600 fd59fabeaae51f1b5cf6a675abd2733e
    Size/MD5 checksum:   230320 54f9d6a2004efac771cdf2856c238032
    Size/MD5 checksum:   294884 e6b5df4ea911fc1cc788b8ec7302180a

mips architecture (MIPS (Big Endian))
    Size/MD5 checksum:   228404 3980fe301b7f21ef4a651d970791deb4
    Size/MD5 checksum:    54648 c1e21d56c6c3caca4fa5cd3088e0131e
    Size/MD5 checksum:   164076 5d3ebd670bb207890c8b01446d9b5286
    Size/MD5 checksum:    49246 6b55de1c9cc0588311d490393588fef8
    Size/MD5 checksum:   308736 ff1fd350e5516cd2b01fdf63e7038571

mipsel architecture (MIPS (Little Endian))
    Size/MD5 checksum:    54422 561140c51e40c2c87d7c38e47ec1ce0f
    Size/MD5 checksum:    49108 0eed63837509815d380a8ede4617a2c0
    Size/MD5 checksum:   307868 f0b97d0b90054a568241766cd5e8ac0e
    Size/MD5 checksum:   164694 69ae3b75909d3fbcf4a748a3f17c4a2e
    Size/MD5 checksum:   228910 75d5940ed31a0a78f7a5a07cca1c90b9

powerpc architecture (PowerPC)
    Size/MD5 checksum:   299072 cf872d693b7d6d04caab6395c807a49d
    Size/MD5 checksum:    51290 4b3b6043a320e3b0efede959db2c993f
    Size/MD5 checksum:   173516 7fb5e356c35b8161dea064a927f8f524
    Size/MD5 checksum:   270346 ff150ce3bea37067983a7ea8bdc8ce4f
    Size/MD5 checksum:    57156 d57b33ff85a8c4775c519bf6868e5dda

s390 architecture (IBM S/390)
    Size/MD5 checksum:    49846 f0d66694ef6247958c18b753690d6cf6
    Size/MD5 checksum:   293844 3f30774b20aada6f011ffeaaf0913ce9
    Size/MD5 checksum:   177474 884dc57fdc438a4a735e123911bcb8dd
    Size/MD5 checksum:   231424 620b24d7eafbb4851b1fd43c96a4445c
    Size/MD5 checksum:    55402 35f4548f8da35b1e25de3bc650fe65c4

sparc architecture (Sun SPARC/UltraSPARC)
    Size/MD5 checksum:   280198 63347485f32c91c6b449ec33041cf343
    Size/MD5 checksum:    55224 e64c5173ddd48b8a80f37a8a92a4b8ef
    Size/MD5 checksum:   160138 a01d761068e08a849cf0aba5f8bf8115
    Size/MD5 checksum:    49380 07dfbcef878e3d014e55bf7c070f722b
    Size/MD5 checksum:   224292 c31548079cc7b5aec519f66411cd0eeb

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
Package info: `apt-cache show ' and

LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"64","type":"x","order":"1","pct":76.19,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"13","type":"x","order":"2","pct":15.48,"resources":[]},{"id":"181","title":"Hardly ever","votes":"7","type":"x","order":"3","pct":8.33,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.



bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.