From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-1835-1
[email protected] http://www.debian.org/security/ Moritz Muehlenhoff
July 15, 2009
http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : tiff
Vulnerability : several
Problem type : local(remote)
Debian-specific: no
CVE Id(s) : CVE-2009-2285 CVE-2009-2347
Debian Bug : 534137
Several vulnerabilities have been discovered in the library for the
Tag Image File Format (TIFF). The Common Vulnerabilities and Exposures
project identifies the following problems:
CVE-2009-2285
It was discovered that malformed TIFF images can lead to a crash
in the decompression code, resulting in denial of service.
CVE-2009-2347
Andrea Barisani discovered several integer overflows, which
can lead to the execution of arbitrary code if malformed
images are passed to the rgb2ycbcr or tiff2rgba tools.
For the old stable distribution (etch), these problems have been fixed
in version 3.8.2-7+etch3.
For the stable distribution (lenny), these problems have been fixed in
version 3.8.2-11.2.
For the unstable distribution (sid), these problems will be fixed soon.
We recommend that you upgrade your tiff packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.8.2-7+etch3.dsc
Size/MD5 checksum: 762 36f73ea87004a60aab14631f13d3471b
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.8.2-7+etch3.diff.gz
Size/MD5 checksum: 18868 e052c2395ca6c0f7e3f8af8891a4a58c
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-7+etch3_alpha.deb
Size/MD5 checksum: 296942 111a269342351ea17df42220da828f10
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-7+etch3_alpha.deb
Size/MD5 checksum: 5150 d30d96aee257911bb31f7b2edc787910
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+etch3_alpha.deb
Size/MD5 checksum: 507488 9116610934053314a4381f45ecb5c74c
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-7+etch3_alpha.deb
Size/MD5 checksum: 207572 980945ad1d2cb4f850fbfc571ee22881
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-7+etch3_alpha.deb
Size/MD5 checksum: 11290 04212bd484cc3182dd2032e112e6cb04
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-7+etch3_amd64.deb
Size/MD5 checksum: 248094 39bddfebcb9817a32c5384dfb00e74f4
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-7+etch3_amd64.deb
Size/MD5 checksum: 4928 6b3cef2bbed56f07dda4c7030decb885
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-7+etch3_amd64.deb
Size/MD5 checksum: 10296 f05b715568050045aaa09f5fc0c411ea
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-7+etch3_amd64.deb
Size/MD5 checksum: 183836 09b83f517d72bb367474ef19fd44745e
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+etch3_amd64.deb
Size/MD5 checksum: 489394 938b279275a47560cfc657975cdd891e
arm architecture (ARM)
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-7+etch3_arm.deb
Size/MD5 checksum: 9978 e56eb8f02f9cda4d3f85087801093bf3
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-7+etch3_arm.deb
Size/MD5 checksum: 4420 646ec0aab1389b2d15624777e98c3424
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-7+etch3_arm.deb
Size/MD5 checksum: 236180 14f129fa7e425057ac3150cb25b910dc
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+etch3_arm.deb
Size/MD5 checksum: 499350 d50887f9ad506832583d53fbc2150687
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-7+etch3_arm.deb
Size/MD5 checksum: 181140 d97dce9dd3c76ac562aca729639bea49
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-7+etch3_hppa.deb
Size/MD5 checksum: 10886 a8a0b324c7eadbab319d053f5ffa8b75
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-7+etch3_hppa.deb
Size/MD5 checksum: 196152 e50a64940c53351042db9e354adec121
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-7+etch3_hppa.deb
Size/MD5 checksum: 267962 143480ae705b8bf34f9857bda9f56db6
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+etch3_hppa.deb
Size/MD5 checksum: 515796 8d3ec336799f358b42581fd92586cf66
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-7+etch3_hppa.deb
Size/MD5 checksum: 6004 d080e0a85557cc7fca4d07b7c1022e47
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-7+etch3_i386.deb
Size/MD5 checksum: 5012 5e8b86ed2dc5efe32559556e1abeb59e
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-7+etch3_i386.deb
Size/MD5 checksum: 175630 1ed6abc2557ccbdacfc38ca67290868a
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-7+etch3_i386.deb
Size/MD5 checksum: 9860 77eed101177448e2eb9c5b696b9f9b05
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-7+etch3_i386.deb
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)