Linux comes down with security flu
Source: Matthew Broersma - Posted by Joe Shakespeare   
Security Linux vendors are issuing patches for several serious bugs affecting an imaging component, a pdf viewer, two widely used media players and the Shoutcast audio server.

The bugs could leave Linux users vulnerable to attack when they view tiff images or pdf files, view remote media content or when the Shoutcast server accepts maliciously-crafted requests.

The LibTiff library, which supports tiff images in various Linux applications, is affected by two separate integer overflows, researchers said, in the "tiffFetchStripThing()" and "CheckMalloc()" functions. Both could allow an attacker to execute malicious code when a specially crafted tiff image is viewed in an application that uses the library.

The first vulnerability was confirmed in LibTiff version 3.6.1, and the second in versions 3.5.7 and 3.7.0, but other versions may also be affected. Version 3.7.1, available here, fixes the bugs. Both were originally reported by iDefense just before Christmas, and a number of Linux vendors have issued customised patches for the affected software. Independent security firm Secunia gave the bugs a "highly critical" rating.

Read this full article at Matthew Broersma

Only registered users can write comments.
Please login or register.

Powered by AkoComment!