Debian: tiff denial of service fix

    Date06 Jan 2005
    CategoryDebian
    10473
    Posted ByJoe Shakespeare
    Dmitry V. Levin discovered a buffer overflow in libtiff, the Tag Image File Format library for processing TIFF graphics files. Upon reading a TIFF file it is possible to crash the application, and maybe also to execute arbitrary code.
    
    --------------------------------------------------------------------------
    Debian Security Advisory DSA 626-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                             Martin Schulze
    January 6th, 2005                       http://www.debian.org/security/faq
    --------------------------------------------------------------------------
    
    Package        : tiff
    Vulnerability  : unsanitised input
    Problem-Type   : remote
    Debian-specific: no
    CVE ID         : CAN-2004-1183
    
    Dmitry V. Levin discovered a buffer overflow in libtiff, the Tag Image
    File Format library for processing TIFF graphics files.  Upon reading
    a TIFF file it is possible to crash the application, and maybe also to
    execute arbitrary code.
    
    For the stable distribution (woody) this problem has been fixed in
    version 3.5.5-6.woody5.
    
    For the unstable distribution (sid) this problem has been fixed in
    version 3.6.1-5.
    
    We recommend that you upgrade your libtiff package.
    
    
    Upgrade Instructions
    --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.0 alias woody
    --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5-6.woody5.dsc
          Size/MD5 checksum:      637 30abd553c21fae8aa009f64c7d5c5fb7
        http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5-6.woody5.diff.gz
          Size/MD5 checksum:    37066 4b47449e5c15f5981121d2bb29212fc8
        http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5.orig.tar.gz
          Size/MD5 checksum:   693641 3b7199ba793dec6ca88f38bb0c8cc4d8
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody5_alpha.deb
          Size/MD5 checksum:   141472 2e1246f3ef1525394c8c27b4cf5809f8
        http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody5_alpha.deb
          Size/MD5 checksum:   105420 40ae38e633c220b2d578cc2d21791c11
        http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody5_alpha.deb
          Size/MD5 checksum:   423234 df5bcc13ca6f61c363a452f6752e3e34
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody5_arm.deb
          Size/MD5 checksum:   117008 f89f5d1545fa5823fdb465cedce10d14
        http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody5_arm.deb
          Size/MD5 checksum:    90708 8d3b23cb9262f295a3c58963ffe33c93
        http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody5_arm.deb
          Size/MD5 checksum:   404256 9af23d64ad58077d4872661bbec90778
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody5_i386.deb
          Size/MD5 checksum:   112096 7c6752fbe95e11b7c67e2bb950b04fa1
        http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody5_i386.deb
          Size/MD5 checksum:    81286 c2e334518bcb0bfcf43b50490704b70c
        http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody5_i386.deb
          Size/MD5 checksum:   386974 75532bb3d037538763707553c306cdbe
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody5_ia64.deb
          Size/MD5 checksum:   158802 7aba7243abdddfc1f1ecf59c60487fa2
        http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody5_ia64.deb
          Size/MD5 checksum:   135648 fac88e6eb25d46a81270d4e1865d5db6
        http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody5_ia64.deb
          Size/MD5 checksum:   446518 c73d407fc0ba4afa22cf31fbe61639a7
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody5_hppa.deb
          Size/MD5 checksum:   128304 d2ee674c359384f1b53ddf9a198863f4
        http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody5_hppa.deb
          Size/MD5 checksum:   107050 9ddc7d795cd6aaf87ab44d4adff17d00
        http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody5_hppa.deb
          Size/MD5 checksum:   420374 4c2afddeb88d91f66672b9419b14e69e
    
      Motorola 680x0 architecture:
    
        http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody5_m68k.deb
          Size/MD5 checksum:   107306 4d9c44ec8da6315698acc948423380ee
        http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody5_m68k.deb
          Size/MD5 checksum:    80036 9eaa32eb605078c0772deebd35f02b2e
        http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody5_m68k.deb
          Size/MD5 checksum:   380154 9b66e37ff70d402ae699d98d4fcefc39
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody5_mips.deb
          Size/MD5 checksum:   124080 f058c706cd24c58aaf26c8a607b5970c
        http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody5_mips.deb
          Size/MD5 checksum:    88076 3c84f8da76f29eb167ce233d579a7d46
        http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody5_mips.deb
          Size/MD5 checksum:   410788 d17ac2c5788fff8dbcf07bcde307a394
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody5_mipsel.deb
          Size/MD5 checksum:   123676 0824a0dbca1c6e3d164d0f6f6895ca91
        http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody5_mipsel.deb
          Size/MD5 checksum:    88440 107db6c5e16141137a3f4ca68583050e
        http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody5_mipsel.deb
          Size/MD5 checksum:   411380 0c4ecfc18395d97d1043a10e35f28bcb
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody5_powerpc.deb
          Size/MD5 checksum:   116074 b217403c7eb35fc693803eb435597977
        http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody5_powerpc.deb
          Size/MD5 checksum:    89692 e8cb99fb55ede4b7d74f0f2d43efa1f7
        http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody5_powerpc.deb
          Size/MD5 checksum:   402422 7bc2f2471f7c1bb6c7b259cda3844359
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody5_s390.deb
          Size/MD5 checksum:   116944 654854ff01018ec39fbb459c2264dee2
        http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody5_s390.deb
          Size/MD5 checksum:    92028 e3737813924d9c647e9b8ff9239dfdce
        http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody5_s390.deb
          Size/MD5 checksum:   395354 54a156b1986175fc95e747fd95e281aa
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody5_sparc.deb
          Size/MD5 checksum:   132914 677d66df3e0190f1a08e09093d136f66
        http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody5_sparc.deb
          Size/MD5 checksum:    88834 24e946dce29d51cc920cb7237749e195
        http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody5_sparc.deb
          Size/MD5 checksum:   397052 367b1261c62cd443cbfa5114b05ad593
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and http://packages.debian.org/
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"40","type":"x","order":"1","pct":48.78,"resources":[]},{"id":"88","title":"Should be more technical","votes":"13","type":"x","order":"2","pct":15.85,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"29","type":"x","order":"3","pct":35.37,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.