Forum: >>> Magnum BBS <<<

[SECURITY] [DSA 1632-1] New tiff packages fix arbitrary code execution

From Thijs Kinkhorst@1:229/2 to All on Tue Aug 26 18:30:18 2008

From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------ Debian Security Advisory DSA-1632-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst
August 26, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : tiff
Vulnerability : buffer underflow
Problem type : local (remote)
Debian-specific: no
CVE Id(s) : CVE-2008-2327

Drew Yao discovered that libTIFF, a library for handling the Tagged Image
File Format, is vulnerable to a programming error allowing malformed
tiff files to lead to a crash or execution of arbitrary code.

For the stable distribution (etch), this problem has been fixed in
version 3.8.2-7+etch1.

For the testing distribution (lenny), this problem has been fixed in
version 3.8.2-10+lenny1.

The unstable distribution (sid) will be fixed soon.

We recommend that you upgrade your tiff package.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

http://security.debian.org/pool/updates/main/t/tiff/tiff_3.8.2.orig.tar.gz
Size/MD5 checksum: 1333780 e6ec4ab957ef49d5aabc38b7a376910b
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.8.2-7+etch1.dsc
Size/MD5 checksum: 770 ae7a380959585d8a5034db1d488fe92d
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.8.2-7+etch1.diff.gz
Size/MD5 checksum: 17476 7a2b7064067f462fe3c3e0212b7e59bf

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+etch1_alpha.deb
Size/MD5 checksum: 521350 e9a8d515beea436f1c5714d5d55621c4
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-7+etch1_alpha.deb
Size/MD5 checksum: 296784 d25a95a2ee04ddf56245ec2f05f17cfb
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-7+etch1_alpha.deb
Size/MD5 checksum: 5148 7d6f398e75ef40e29b8c8ca5d8cc634e
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-7+etch1_alpha.deb
Size/MD5 checksum: 11284 7aae8c6f10cf564b87f6ae0bf586b533
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-7+etch1_alpha.deb
Size/MD5 checksum: 206802 3b78d5d7c37c68c287c1f47758df1a37

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+etch1_amd64.deb
Size/MD5 checksum: 503074 3546846c37da9d10d92a0bee3b9e47e5
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-7+etch1_amd64.deb
Size/MD5 checksum: 10290 6362cc149e9d0303bf01d249f082e1c4
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-7+etch1_amd64.deb
Size/MD5 checksum: 184662 4011f0f2cca3a6ae0753a24fe2528c00
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-7+etch1_amd64.deb
Size/MD5 checksum: 248376 c7b256d38da9d497a677fac2f50359f5
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-7+etch1_amd64.deb
Size/MD5 checksum: 4926 4c30200928ab374c285135243960e347

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-7+etch1_hppa.deb
Size/MD5 checksum: 5996 1ea4fc581e861fc4310b506ba38f7fd1
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-7+etch1_hppa.deb
Size/MD5 checksum: 10876 7952d1695b12c4f94a441e0bbc7e0841
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+etch1_hppa.deb
Size/MD5 checksum: 515280 790d82258fb2aeac736f16dc969fb83e
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-7+etch1_hppa.deb
Size/MD5 checksum: 195268 7586a29e6dac1a5fb792569ecdaf1ad2
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-7+etch1_hppa.deb
Size/MD5 checksum: 267664 5482149084635adb52a67f65c9ec73c7

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-7+etch1_i386.deb
Size/MD5 checksum: 5004 8843b208a604bdf206959659b80f12f9
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+etch1_i386.deb
Size/MD5 checksum: 483094 446c73c10b990c8fe254d344b74d720e
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-7+etch1_i386.deb
Size/MD5 checksum: 9852 8345bd93b3e97de766952efb7402d11d
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-7+etch1_i386.deb
Size/MD5 checksum: 175592 bd7a1cc32a60a78b600326c141168bd1
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-7+etch1_i386.deb
Size/MD5 checksum: 233456 7974f2bbc21c436cd1cbd8a18c091c7e

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+etch1_ia64.deb
Size/MD5 checksum: 552216 fa4a4dc20e9aae562cf45d162252bcec
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-7+etch1_ia64.deb
Size/MD5 checksum: 250698 7a15422b465b3e5a18e4a067095f06d0
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-7+etch1_ia64.deb
Size/MD5 checksum: 13168 d7f8222f2b5045171fb06b9d672527b6
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-7+etch1_ia64.deb
Size/MD5 checksum: 6716 ed072e26f3798dd178c33d6b6ad4983b
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-7+etch1_ia64.deb
Size/MD5 checksum: 326164 27b4d01afafe60fded61f4c379d4efa9

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-7+etch1_mips.deb
Size/MD5 checksum: 187416 18ba62f6a4edc236cffdff42b9b0cc63
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-7+etch1_mips.deb
Size/MD5 checksum: 10658 5dab9237ca90f9799665626566380630
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+etch1_mips.deb
Size/MD5 checksum: 500242 a178091c78f3961d62b6ff5ef00de2cd

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

Who's Online

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	715
Nodes:	16 (2 / 14)
Uptime:	42:06:30
Calls:	12,109
Files:	15,007
Messages:	6,518,421

[SECURITY] [DSA 1632-1] New tiff packages fix arbitrary code execution

Who's Online

System Info