Säkerhetsbulletin från Debian
DSA-567-1 tiff -- heapspill
- Rapporterat den:
- 2004-10-15
- Berörda paket:
- tiff
- Sårbara:
- Ja
- Referenser i säkerhetsdatabaser:
- I Bugtraq-databasen (hos SecurityFocus): BugTraq-id 11406.
I Mitres CVE-förteckning: CVE-2004-0803, CVE-2004-0804, CVE-2004-0886.
CERTs information om sårbarheter, bulletiner och incidenter: VU#687568, VU#555304. - Ytterligare information:
-
Flera problem har upptäckts i libtiff, Tag Image File Format-biblioteket för hantering av TIFF-bildfiler. En angripare kunde skräddarsy en TIFF-bild som fick klienten att exekvera godtycklig kod eller krascha. Projektet Common Vulnerabilities and Exposures Project identifierar följande problem:
- CAN-2004-0803
Chris Evans upptäckte flera problem i RLE-avkodaren (run length encoding), vilka kunde leda till exekvering av godtycklig kod.
- CAN-2004-0804
Matthias Clasen upptäckte en division med noll genom ett heltalsspill.
- CAN-2004-0886
Dmitry V. Levin upptäckte flera heltalsspill som gav problem med malloc vilka kunde leda till antingen en vanlig krasch eller att minnesinnehållet förstörs.
För den stabila utgåvan (Woody) har dessa problem rättats i version 3.5.5-6woody1.
För den instabila utgåvan (Sid) har dessa problem rättats i version 3.6.1-2.
Vi rekommenderar att ni uppgraderar ert libtiff-paket.
- CAN-2004-0803
- Rättat i:
-
Debian GNU/Linux 3.0 (woody)
- Källkod:
- http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5-6woody1.dsc
- http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5-6woody1.diff.gz
- http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5.orig.tar.gz
- http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5-6woody1.diff.gz
- Alpha:
- http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_alpha.deb
- http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_alpha.deb
- http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_alpha.deb
- http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_arm.deb
- http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_arm.deb
- http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_arm.deb
- http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_i386.deb
- http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_i386.deb
- http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_i386.deb
- http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_ia64.deb
- http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_ia64.deb
- http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_ia64.deb
- http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_hppa.deb
- http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_hppa.deb
- http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_hppa.deb
- http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_m68k.deb
- http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_m68k.deb
- http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_m68k.deb
- http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_mips.deb
- http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_mips.deb
- http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_mips.deb
- http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_mipsel.deb
- http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_mipsel.deb
- http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_mipsel.deb
- http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_powerpc.deb
- http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_powerpc.deb
- http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_powerpc.deb
- http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_s390.deb
- http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_s390.deb
- http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_s390.deb
- http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_sparc.deb
- http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_sparc.deb
- http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_sparc.deb
- http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_sparc.deb
MD5-kontrollsummor för dessa filer finns i originalbulletinen.