LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: November 21st, 2014
Linux Security Week: November 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Debian: tiff denial of service fix Print E-mail
User Rating:      How can I rate this item?
Posted by Joe Shakespeare   
Debian Dmitry V. Levin discovered a buffer overflow in libtiff, the Tag Image File Format library for processing TIFF graphics files. Upon reading a TIFF file it is possible to crash the application, and maybe also to execute arbitrary code.

--------------------------------------------------------------------------
Debian Security Advisory DSA 626-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
January 6th, 2005                       http://www.debian.org/security/faq
--------------------------------------------------------------------------

Package        : tiff
Vulnerability  : unsanitised input
Problem-Type   : remote
Debian-specific: no
CVE ID         : CAN-2004-1183

Dmitry V. Levin discovered a buffer overflow in libtiff, the Tag Image
File Format library for processing TIFF graphics files.  Upon reading
a TIFF file it is possible to crash the application, and maybe also to
execute arbitrary code.

For the stable distribution (woody) this problem has been fixed in
version 3.5.5-6.woody5.

For the unstable distribution (sid) this problem has been fixed in
version 3.6.1-5.

We recommend that you upgrade your libtiff package.


Upgrade Instructions
--------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
--------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5-6.woody5.dsc
      Size/MD5 checksum:      637 30abd553c21fae8aa009f64c7d5c5fb7
    http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5-6.woody5.diff.gz
      Size/MD5 checksum:    37066 4b47449e5c15f5981121d2bb29212fc8
    http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5.orig.tar.gz
      Size/MD5 checksum:   693641 3b7199ba793dec6ca88f38bb0c8cc4d8

  Alpha architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody5_alpha.deb
      Size/MD5 checksum:   141472 2e1246f3ef1525394c8c27b4cf5809f8
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody5_alpha.deb
      Size/MD5 checksum:   105420 40ae38e633c220b2d578cc2d21791c11
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody5_alpha.deb
      Size/MD5 checksum:   423234 df5bcc13ca6f61c363a452f6752e3e34

  ARM architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody5_arm.deb
      Size/MD5 checksum:   117008 f89f5d1545fa5823fdb465cedce10d14
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody5_arm.deb
      Size/MD5 checksum:    90708 8d3b23cb9262f295a3c58963ffe33c93
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody5_arm.deb
      Size/MD5 checksum:   404256 9af23d64ad58077d4872661bbec90778

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody5_i386.deb
      Size/MD5 checksum:   112096 7c6752fbe95e11b7c67e2bb950b04fa1
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody5_i386.deb
      Size/MD5 checksum:    81286 c2e334518bcb0bfcf43b50490704b70c
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody5_i386.deb
      Size/MD5 checksum:   386974 75532bb3d037538763707553c306cdbe

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody5_ia64.deb
      Size/MD5 checksum:   158802 7aba7243abdddfc1f1ecf59c60487fa2
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody5_ia64.deb
      Size/MD5 checksum:   135648 fac88e6eb25d46a81270d4e1865d5db6
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody5_ia64.deb
      Size/MD5 checksum:   446518 c73d407fc0ba4afa22cf31fbe61639a7

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody5_hppa.deb
      Size/MD5 checksum:   128304 d2ee674c359384f1b53ddf9a198863f4
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody5_hppa.deb
      Size/MD5 checksum:   107050 9ddc7d795cd6aaf87ab44d4adff17d00
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody5_hppa.deb
      Size/MD5 checksum:   420374 4c2afddeb88d91f66672b9419b14e69e

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody5_m68k.deb
      Size/MD5 checksum:   107306 4d9c44ec8da6315698acc948423380ee
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody5_m68k.deb
      Size/MD5 checksum:    80036 9eaa32eb605078c0772deebd35f02b2e
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody5_m68k.deb
      Size/MD5 checksum:   380154 9b66e37ff70d402ae699d98d4fcefc39

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody5_mips.deb
      Size/MD5 checksum:   124080 f058c706cd24c58aaf26c8a607b5970c
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody5_mips.deb
      Size/MD5 checksum:    88076 3c84f8da76f29eb167ce233d579a7d46
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody5_mips.deb
      Size/MD5 checksum:   410788 d17ac2c5788fff8dbcf07bcde307a394

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody5_mipsel.deb
      Size/MD5 checksum:   123676 0824a0dbca1c6e3d164d0f6f6895ca91
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody5_mipsel.deb
      Size/MD5 checksum:    88440 107db6c5e16141137a3f4ca68583050e
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody5_mipsel.deb
      Size/MD5 checksum:   411380 0c4ecfc18395d97d1043a10e35f28bcb

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody5_powerpc.deb
      Size/MD5 checksum:   116074 b217403c7eb35fc693803eb435597977
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody5_powerpc.deb
      Size/MD5 checksum:    89692 e8cb99fb55ede4b7d74f0f2d43efa1f7
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody5_powerpc.deb
      Size/MD5 checksum:   402422 7bc2f2471f7c1bb6c7b259cda3844359

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody5_s390.deb
      Size/MD5 checksum:   116944 654854ff01018ec39fbb459c2264dee2
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody5_s390.deb
      Size/MD5 checksum:    92028 e3737813924d9c647e9b8ff9239dfdce
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody5_s390.deb
      Size/MD5 checksum:   395354 54a156b1986175fc95e747fd95e281aa

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody5_sparc.deb
      Size/MD5 checksum:   132914 677d66df3e0190f1a08e09093d136f66
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody5_sparc.deb
      Size/MD5 checksum:    88834 24e946dce29d51cc920cb7237749e195
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody5_sparc.deb
      Size/MD5 checksum:   397052 367b1261c62cd443cbfa5114b05ad593


  These files will probably be moved into the stable distribution on
  its next update.

---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
Google Releases Open Source Tool for Testing Web App Security Scanners
Most Targeted Attacks Exploit Privileged Accounts
NotCompable sets new standards for mobile botnet sophistication
Hands on with Caine Linux: Pentesting and UEFI compatible
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.