Debian: New tiff packages fix denial of service

    Date27 May 2006
    CategoryDebian
    3157
    Posted ByLinuxSecurity Advisories
    Updated package.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 1078-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.
    	
    http://www.debian.org/security/                             Martin Schulze
    May 27th, 2006                        http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : tiff
    Vulnerability  : out-of-bounds read
    Problem type   : local (remote)
    Debian-specific: no
    CVE ID         : CVE-2006-2120
    BugTraq ID     : 17809
    Debian Bug     : 366588
    
    Andrey Kiselev discovered a problem in the TIFF library that may allow
    an attacker with a specially crafted TIFF image with Yr/Yg/Yb values
    that exceed the YCR/YCG/YCB values to crash the library and hence the
    surrounding application.
    
    The old stable distribution (woody) is not affected by this problem.
    
    For the stable distribution (sarge) this problem has been fixed in
    version 3.7.2-4.
    
    The unstable distribution (sid) is not affected by this problem.
    
    We recommend that you upgrade your tiff packages and restart the
    programs using it.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given at the end of this advisory:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2-4.dsc
          Size/MD5 checksum:      736 e0021d24806e337d1fbb1f07de784ba2
        http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2-4.diff.gz
          Size/MD5 checksum:    11234 cca061e95cccee07e8536d0c019e466c
        http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2.orig.tar.gz
          Size/MD5 checksum:  1252995 221679f6d5c15670b3c242cbfff79a00
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-4_alpha.deb
          Size/MD5 checksum:    46854 d9bfc8b23ef18313f418a6428a997ab3
        http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-4_alpha.deb
          Size/MD5 checksum:   243572 cfc1c2e69fd26f6fd00e80fc2060e214
        http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_alpha.deb
          Size/MD5 checksum:   478314 f169fa8a48b6e88fc0caea7d55fdcf04
        http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-4_alpha.deb
          Size/MD5 checksum:   309820 ff5d90bfd292db105f8613d618124084
        http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4_alpha.deb
          Size/MD5 checksum:    40962 d5a3d88cb65ccde5243a576de9f32801
    
      AMD64 architecture:
    
        http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-4_amd64.deb
          Size/MD5 checksum:    45776 3dcbd8b4f6738375e596faf777a4f824
        http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-4_amd64.deb
          Size/MD5 checksum:   217792 ed3b23887f2406380aecf5c87f0ca471
        http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_amd64.deb
          Size/MD5 checksum:   459322 1b5e6430f73c9862a6771a5f48fe82f8
        http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-4_amd64.deb
          Size/MD5 checksum:   266904 814c8a97e386f73def4ed6612e2dbbf6
        http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4_amd64.deb
          Size/MD5 checksum:    40548 8bd17da7fc319403082125b6b16d8e05
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-4_arm.deb
          Size/MD5 checksum:    45296 db835b005471c02c8e70f9307f575799
        http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-4_arm.deb
          Size/MD5 checksum:   208400 c257593052a9b59bf4a8ce0f002c7648
        http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_arm.deb
          Size/MD5 checksum:   453488 32f3da61807b63176b0867b196c8e737
        http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-4_arm.deb
          Size/MD5 checksum:   265160 1be7d1c3ad694b68d29fa545e901b56e
        http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4_arm.deb
          Size/MD5 checksum:    40030 7c9131c151c161977d1b7fa5976e691e
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-4_i386.deb
          Size/MD5 checksum:    45132 1fc191c2b6c8439a5d4679790770191b
        http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-4_i386.deb
          Size/MD5 checksum:   206130 7f5797ca49fe57dd94b5a1f017e40665
        http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_i386.deb
          Size/MD5 checksum:   452520 a1d15c07bef2bc43d64e9e934e2bb156
        http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-4_i386.deb
          Size/MD5 checksum:   251650 2f5aaeae03e06396d277d537b3bce2ba
        http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4_i386.deb
          Size/MD5 checksum:    40582 461d11f346fa421e48c3b5de8873a3d0
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-4_ia64.deb
          Size/MD5 checksum:    48250 3ecaec89588a5d8d76fb870f57272d24
        http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-4_ia64.deb
          Size/MD5 checksum:   268880 5ee821331c1b69fcf1ab5730292886a5
        http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_ia64.deb
          Size/MD5 checksum:   511114 3509eed54bbd43554dd230e70f785660
        http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-4_ia64.deb
          Size/MD5 checksum:   330812 fc93932aa45b25f04f215364c5bb304a
        http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4_ia64.deb
          Size/MD5 checksum:    42172 ceb9f32b06db1abe66bb7a4d6d433dcf
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-4_hppa.deb
          Size/MD5 checksum:    41814 767e8a29ea8e12fad3bd508acb0cc3ed
        http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-4_hppa.deb
          Size/MD5 checksum:   230076 4b841231ed80cacd9b0c49170bf15a97
        http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_hppa.deb
          Size/MD5 checksum:   473032 c97e959fedf65c3dc45a3b0ac20a111f
        http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-4_hppa.deb
          Size/MD5 checksum:   281566 7f00d2017a1ead25083a775b9a14bf92
        http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4_hppa.deb
          Size/MD5 checksum:    41230 d66a6ec6d56eab8abd045a1af38ac41c
    
      Motorola 680x0 architecture:
    
        http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-4_m68k.deb
          Size/MD5 checksum:    45148 71ce37b7ab06f65c85d3e3df96df4629
        http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-4_m68k.deb
          Size/MD5 checksum:   193400 3dddfa40c162c52a68f7bb408f120a43
        http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_m68k.deb
          Size/MD5 checksum:   442684 f7c40c9c6ef836bf2355a127a7ee0427
        http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-4_m68k.deb
          Size/MD5 checksum:   234430 97bc16b9a0c118354244195626b4c41f
        http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4_m68k.deb
          Size/MD5 checksum:    40194 7595030ca4135f7119bb3129b0932ea9
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-4_mips.deb
          Size/MD5 checksum:    46040 107792cc52f67039d7052d45f24aac70
        http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-4_mips.deb
          Size/MD5 checksum:   252122 f81805bf9f8a009a56d9527fc46b33fe
        http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_mips.deb
          Size/MD5 checksum:   458562 70444e106a768d8833ddaa02eceff020
        http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-4_mips.deb
          Size/MD5 checksum:   280456 e8610464e76cecdb9a99bb0c0c013567
        http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4_mips.deb
          Size/MD5 checksum:    40822 cb372f45ca6c88d866f757e1a4c01929
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-4_mipsel.deb
          Size/MD5 checksum:    46002 a5300e63a5566259670cd1327c451771
        http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-4_mipsel.deb
          Size/MD5 checksum:   252594 386bedb09b018f558e54b05c3525aa55
        http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_mipsel.deb
          Size/MD5 checksum:   458910 10053a120d4c5565e844dd6e90ee238b
        http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-4_mipsel.deb
          Size/MD5 checksum:   280324 ae4d54a959ce4b4c572f2403ead36c6d
        http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4_mipsel.deb
          Size/MD5 checksum:    40798 1c05b23e49ccd41db8f4d9c876e2e36c
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-4_powerpc.deb
          Size/MD5 checksum:    47210 fe939778aa55beafd89336df1b3c322e
        http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-4_powerpc.deb
          Size/MD5 checksum:   235362 defadd716ddb33d75ba14000cdbe0076
        http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_powerpc.deb
          Size/MD5 checksum:   460564 566779844370fed3702c02b4416dba49
        http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-4_powerpc.deb
          Size/MD5 checksum:   272002 3a34ea3b3eb8691d5e2679d0fa6247e6
        http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4_powerpc.deb
          Size/MD5 checksum:    42394 0193c740ac4c629eb3c80ce28f3cfb11
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-4_s390.deb
          Size/MD5 checksum:    46166 ea2bda56e24b29c06d91e3bd1c63cff7
        http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-4_s390.deb
          Size/MD5 checksum:   213746 211d29444ac8596b177f40a650a4bee2
        http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_s390.deb
          Size/MD5 checksum:   465962 c465a95587ba28c39a0bc213f04a2b18
        http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-4_s390.deb
          Size/MD5 checksum:   266682 bdeb0f604b6a6c6420f94defb9a0d930
        http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4_s390.deb
          Size/MD5 checksum:    40812 e5b76ee32d41a8094cfde0af0566356b
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-4_sparc.deb
          Size/MD5 checksum:    45466 c798e777f7714a44a8c25747ee34f94c
        http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-4_sparc.deb
          Size/MD5 checksum:   205304 766577556058b3a3387ae82a1139f4e5
        http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_sparc.deb
          Size/MD5 checksum:   454738 b8b94ac00a5a78f5aad3b8c0f8c13a7d
        http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-4_sparc.deb
          Size/MD5 checksum:   257860 64d54fae38c0647f0fab3b5127432a29
        http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4_sparc.deb
          Size/MD5 checksum:    40540 543e3e614f20101d54ebe9aacf6a4cbf
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"37","type":"x","order":"1","pct":51.39,"resources":[]},{"id":"88","title":"Should be more technical","votes":"10","type":"x","order":"2","pct":13.89,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"25","type":"x","order":"3","pct":34.72,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.