[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DSA 1054-1] New TIFF packages fix denial of service and arbitrary code execution



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1054-1                    security@debian.org
http://www.debian.org/security/                             Martin Schulze
May 9th, 2006                           http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : tiff
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE IDs        : CAN-2006-2024 CAN-2006-2025 CAN-2006-2026
BugTraq IDs    : 17730 17732 17733

Tavis Ormandy discovered several vulnerabilities in the TIFF library
that can lead to a denial of service or the execution of arbitrary
code.  The Common Vulnerabilities and Exposures project identifies the
following problems:

CVE-2006-2024

    Multiple vulnerabilities allow attackers to cause a denial of
    service.

CVE-2006-2025

    An integer overflows allows attackers to cause a denial of service
    and possibly execute arbitrary code.

CVE-2006-2026

    A double-free vulnerability allows attackers to cause a denial of
    service and possibly execute arbitrary code.

For the old stable distribution (woody) these problems have been fixed
in version 3.5.5-7woody1.

For the stable distribution (sarge) these problems have been fixed in
version 3.7.2-3sarge1.

For the unstable distribution (sid) these problems will be fixed soon.

We recommend that you upgrade your libtiff packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5-7woody1.dsc
      Size/MD5 checksum:      637 cf22045e1a49b2742c91b7f0a905adeb
    http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5-7woody1.diff.gz
      Size/MD5 checksum:    38424 d087fb3914b10aef86959b9ed52ec955
    http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5.orig.tar.gz
      Size/MD5 checksum:   693641 3b7199ba793dec6ca88f38bb0c8cc4d8

  Alpha architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_alpha.deb
      Size/MD5 checksum:   141492 484fe914264072028ef4b02b97300ea8
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_alpha.deb
      Size/MD5 checksum:   106130 65673af7006686eb2718f45abfb39130
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_alpha.deb
      Size/MD5 checksum:   423888 2bc86fdbf9c751ac7173889e53d6ddcc

  ARM architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_arm.deb
      Size/MD5 checksum:   117008 1f272257c4987092ff80563840acd4e3
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_arm.deb
      Size/MD5 checksum:    91560 e84fa486a3f25e69d7d6b093a8d890e4
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_arm.deb
      Size/MD5 checksum:   404854 b709c95f40e52e4e1003dbf6e5c768f7

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_i386.deb
      Size/MD5 checksum:   112074 0f9fb0719cb1ed7b5954b8c70d9c9049
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_i386.deb
      Size/MD5 checksum:    82018 c8f11403adfa3ec5695d5468f56401b2
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_i386.deb
      Size/MD5 checksum:   387406 1c2350b56c49cde7b899d6e8261397ec

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_ia64.deb
      Size/MD5 checksum:   158788 883e3b5861f0f3610e6d1005ca760d3d
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_ia64.deb
      Size/MD5 checksum:   136620 846e662216862a10e53e282a316400a6
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_ia64.deb
      Size/MD5 checksum:   447038 73838b902a9dd1bb26146a397eb692db

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_hppa.deb
      Size/MD5 checksum:   128282 eea419b6a514c4971d8cce8afe701b6e
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_hppa.deb
      Size/MD5 checksum:   107664 b71f9194d14e10758a13259654fcc410
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_hppa.deb
      Size/MD5 checksum:   420756 235956ededa69f803954040c8be01033

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_m68k.deb
      Size/MD5 checksum:   107256 9d10fc534cf1bf95c16dd5db5373334c
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_m68k.deb
      Size/MD5 checksum:    80700 9a1986ea34f0b86b3bfb5255315528d5
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_m68k.deb
      Size/MD5 checksum:   380346 7ec9a504a5c39a3d2e2bddec81be6bc6

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_mips.deb
      Size/MD5 checksum:   124018 a4f309ec307e0b965578ed940d4a0ea9
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_mips.deb
      Size/MD5 checksum:    88772 1923797ce7bcc87a5717e9916314ba06
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_mips.deb
      Size/MD5 checksum:   411214 f27e5579da8ca6a547286e5e7585cb86

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_mipsel.deb
      Size/MD5 checksum:   123542 ea78a9c8d14ff4627b7f01846334789b
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_mipsel.deb
      Size/MD5 checksum:    89078 6cb7602c3c14127a9df23b4b250a90cf
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_mipsel.deb
      Size/MD5 checksum:   411310 b2b76ce9f914e4f8b27f4587a0777ccc

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_powerpc.deb
      Size/MD5 checksum:   116098 3b39efd8b84ee2e30c9f5bae6e71733b
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_powerpc.deb
      Size/MD5 checksum:    90574 b0d0cff70a07f0257ec0ebeb58e34d37
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_powerpc.deb
      Size/MD5 checksum:   403134 b56fb0d12f26942ab109256bcf2b6c5f

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_s390.deb
      Size/MD5 checksum:   116916 e2bf80099e059ded08e58da8cecf296f
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_s390.deb
      Size/MD5 checksum:    92756 e2fedfbfd543ffdbcfbe670b63f6a7bc
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_s390.deb
      Size/MD5 checksum:   395662 0648812bd3022237c75085deba6524c3

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_sparc.deb
      Size/MD5 checksum:   132898 427a7a7666e5d5099368fc8290652e9a
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_sparc.deb
      Size/MD5 checksum:    89748 1d42ae0eb84771f168696e118762a5c9
    http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_sparc.deb
      Size/MD5 checksum:   397464 380f640a527e6a2cc659bd191f168631


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2-3sarge1.dsc
      Size/MD5 checksum:      750 5292d79663e45dc1a815fdf4fbced88f
    http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2-3sarge1.diff.gz
      Size/MD5 checksum:    10929 0dc2c9b82a80b9aa72844089feeaf5b2
    http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2.orig.tar.gz
      Size/MD5 checksum:  1252995 221679f6d5c15670b3c242cbfff79a00

  Alpha architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_alpha.deb
      Size/MD5 checksum:    46780 32137fed99cfe1e4abf975b76e53e534
    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_alpha.deb
      Size/MD5 checksum:   243516 cebb5556cac9f8a2989ce719175510de
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_alpha.deb
      Size/MD5 checksum:   478224 075e9d2d41cecc0a12099004e2a3f5e5
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_alpha.deb
      Size/MD5 checksum:   309642 b21266c7e4769ff718441113d6f06776
    http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_alpha.deb
      Size/MD5 checksum:    40902 1300556889de2ca4a1db5fa67faf521d

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_amd64.deb
      Size/MD5 checksum:    45708 aa3ec93031ee68464e1d179fa93a996d
    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_amd64.deb
      Size/MD5 checksum:   217720 95fba37c5822a8a76b049ff7c8f0e3e3
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_amd64.deb
      Size/MD5 checksum:   459198 f73e3337905b20f021f21430e5d1cd6a
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_amd64.deb
      Size/MD5 checksum:   266792 1d05b2504f1024b4ea1e42b939dd23d3
    http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_amd64.deb
      Size/MD5 checksum:    40466 e99bcfb2c1c196a3a5883645e0e87f59

  ARM architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_arm.deb
      Size/MD5 checksum:    45226 493405e066e7e4e34382785c61ed63aa
    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_arm.deb
      Size/MD5 checksum:   208348 cebc75bc41462e3bbec3bb680782f2ae
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_arm.deb
      Size/MD5 checksum:   453422 17e77299f3cfed68c18d45e49bfb0cdc
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_arm.deb
      Size/MD5 checksum:   265098 a7fe69596d51036b8bc1aca3ddb4ffce
    http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_arm.deb
      Size/MD5 checksum:    39974 0bcc5bbbca1a4a5e68c4915e71aa5264

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_i386.deb
      Size/MD5 checksum:    45070 6d615bf5aabdb87e53b392e56d67a31c
    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_i386.deb
      Size/MD5 checksum:   206070 d243294914c50dd2184459ac4056d4da
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_i386.deb
      Size/MD5 checksum:   452436 aaa4c81b1731ea3b936cef591ae0094d
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_i386.deb
      Size/MD5 checksum:   251548 c769d9abda84f2581a0918d8d0e14ad6
    http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_i386.deb
      Size/MD5 checksum:    40518 1d1983f8b8d910d829024f0e68c3f430

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_ia64.deb
      Size/MD5 checksum:    48174 95f9a574537c9e4749b61d36ba7f0c4b
    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_ia64.deb
      Size/MD5 checksum:   268840 e7ada3b6f4dede0cc615f2e357c7f1b6
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_ia64.deb
      Size/MD5 checksum:   510948 baa9e6bb3e5b47c20f12648c683ad650
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_ia64.deb
      Size/MD5 checksum:   330612 7e23b99dfd8e7611ce90eec63ee7f298
    http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_ia64.deb
      Size/MD5 checksum:    42102 4398a87b268ef69b54adac33e616252e

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_hppa.deb
      Size/MD5 checksum:    46506 626e3e1f6704a8f1660c079c15c55f5d
    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_hppa.deb
      Size/MD5 checksum:   230020 a7a58223d62a7929b7810628efaf7ec4
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_hppa.deb
      Size/MD5 checksum:   472842 c051e1c0b5853f695c193ac6e45996ff
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_hppa.deb
      Size/MD5 checksum:   281488 ac8dff3f4c0e06f9634871431da84272
    http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_hppa.deb
      Size/MD5 checksum:    41158 58bbe3291069c661e9ec2206ea15b787

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_m68k.deb
      Size/MD5 checksum:    45082 5b41876dbeb2620959880fe2255151c3
    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_m68k.deb
      Size/MD5 checksum:   193346 d19e70706a4f421421360dcbf50f79bc
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_m68k.deb
      Size/MD5 checksum:   442584 feb24367354884bfbcb260fc81308192
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_m68k.deb
      Size/MD5 checksum:   234324 e15dd919316bb5a1392b2c8a1c1d230a
    http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_m68k.deb
      Size/MD5 checksum:    40108 0c96a6175862ef00c892752b91f4558f

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_mips.deb
      Size/MD5 checksum:    45966 01b790d715989a69e712102d7f75bb9b
    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_mips.deb
      Size/MD5 checksum:   252098 703f77c67402e375af6042803c0a853c
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_mips.deb
      Size/MD5 checksum:   458446 39e019da604ea401404262d1148e67e2
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_mips.deb
      Size/MD5 checksum:   280364 e69fd2380a2aac192e81f548461586db
    http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_mips.deb
      Size/MD5 checksum:    40746 ecc9da81ea37deff720a8a1f4b146680

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_mipsel.deb
      Size/MD5 checksum:    45924 2cf8e9413e317a7ca6db5a25115e3198
    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_mipsel.deb
      Size/MD5 checksum:   252556 c0bc05bdc88e29e400bc011457b8e80c
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_mipsel.deb
      Size/MD5 checksum:   458864 8c07f54637d99e347f3a87fd2e40ef21
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_mipsel.deb
      Size/MD5 checksum:   280238 94681c55971b4fe94869ad558e625139
    http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_mipsel.deb
      Size/MD5 checksum:    40730 9482ea1a711ff8cec430b1c909c2dc58

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_powerpc.deb
      Size/MD5 checksum:    47144 96335b6a94658bb97852948f6abd538a
    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_powerpc.deb
      Size/MD5 checksum:   235298 d77e58b3988c957830e076beefba79ec
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_powerpc.deb
      Size/MD5 checksum:   460428 2185eb42d4629fd7615c6d267a8d3f64
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_powerpc.deb
      Size/MD5 checksum:   271916 4eb6af54a34a4441819248611e2b2ed3
    http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_powerpc.deb
      Size/MD5 checksum:    42316 5d14ce57ad1b666dbe99301221623d9c

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_s390.deb
      Size/MD5 checksum:    46096 c275b88c86572311c723910cf626305e
    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_s390.deb
      Size/MD5 checksum:   213682 96082e599832fb8d0a7e9df202ee411b
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_s390.deb
      Size/MD5 checksum:   465848 c90098e745601ac1409d18144a55d32f
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_s390.deb
      Size/MD5 checksum:   266562 b378324e62843c012a0bf64a24da00d5
    http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_s390.deb
      Size/MD5 checksum:    40742 eeabd51cc38bb74ede6c5b0c9c7dca78

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_sparc.deb
      Size/MD5 checksum:    45394 3bcb5ac9c212b0aace2c71b8812d5e52
    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_sparc.deb
      Size/MD5 checksum:   205236 58f316a2cc2041988b64551a70b45cef
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_sparc.deb
      Size/MD5 checksum:   454594 01c1d5c7d7ee0fa4729a1bfa83fd9273
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_sparc.deb
      Size/MD5 checksum:   257742 b8af195da2e880cbae59826bf84b8d32
    http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_sparc.deb
      Size/MD5 checksum:    40470 02164452e05683ad474441be7beadb37


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEYHwhW5ql+IAeqTIRAlqEAJ44sh0nDlwv3udX8lDFsSlaxPl4zgCeIlA+
X6GeKPzGGps9iWfbU2hx414=
=MsHz
-----END PGP SIGNATURE-----



Reply to: