Forum: >>> Magnum BBS <<<

[SECURITY] [DSA 2084-1] New tiff packages fix arbitrary code execution

From Moritz Muehlenhoff@1:229/2 to All on Tue Aug 3 07:40:02 2010

From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------ Debian Security Advisory DSA-2084-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff
August 03, 2010 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : tiff
Vulnerability : integer overflows
Problem type : local(remote)
Debian-specific: no
CVE Id(s) : CVE-2010-1411

Kevin Finisterre discovered that several integer overflows in the TIFF
library could lead to the execution of arbitrary code.

For the stable distribution (lenny), this problem has been fixed in
version 3.8.2-11.3.

For the unstable distribution (sid), this problem has been fixed in
version 3.9.4-1.

We recommend that you upgrade your tiff packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/t/tiff/tiff_3.8.2-11.3.tar.gz
Size/MD5 checksum: 1376361 bfbc775f3ea2d698f6c4e57a66a6bc62
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.8.2-11.3.dsc
Size/MD5 checksum: 965 289fde796cd4d75c185fd380e4ef2611

Architecture independent packages:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-doc_3.8.2-11.3_all.deb
Size/MD5 checksum: 368936 4fa6c87469e6d2a4ab8b9b609e1cd2b0

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_alpha.deb
Size/MD5 checksum: 184038 718aa158afb8b08924079e4c8990f303
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_alpha.deb
Size/MD5 checksum: 339202 b4d67d4e554d4e681e54a9951bc6ab88
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_alpha.deb
Size/MD5 checksum: 49078 2c6b9d3ee81d1f1ea306d395b51c1731
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_alpha.deb
Size/MD5 checksum: 55100 ef3532a300357164438524ca256853fb
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_alpha.deb
Size/MD5 checksum: 253438 6e72c7d573238d09bdc43a20472b2b29

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_amd64.deb
Size/MD5 checksum: 230540 93a89276bd4fe5be5a9d50b040002a70
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_amd64.deb
Size/MD5 checksum: 169962 037d13ec48515773798dfc51af404eef
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_amd64.deb
Size/MD5 checksum: 54210 d4e1911e9e5f07980e0d71bde8bfc732
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_amd64.deb
Size/MD5 checksum: 48846 334988c78cfc87a6a3f9f9a18254f450
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_amd64.deb
Size/MD5 checksum: 293176 4aa38a5f29db663094e6af1039b5a32b

armel architecture (ARM EABI)

http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_armel.deb
Size/MD5 checksum: 162044 2b4e8648f64119e0ab8e8ab6246270a9
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_armel.deb
Size/MD5 checksum: 234150 7481d9317f18ce662f3b8997ce924df8
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_armel.deb
Size/MD5 checksum: 55996 26fbcbaccac9a1ee56b681699ff035e3
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_armel.deb
Size/MD5 checksum: 48532 30d10222b5e240af5823a2a1cf1b1e26
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_armel.deb
Size/MD5 checksum: 278612 97026ca2288156a7c08057afedede29e

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_hppa.deb
Size/MD5 checksum: 309128 bf85956e72869e294f893c3f27b6ad37
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_hppa.deb
Size/MD5 checksum: 176834 e0f39c8995ba2d40ae444257bf9b5943
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_hppa.deb
Size/MD5 checksum: 49746 04935c2e72b8696ccfcd1c303fb83327
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_hppa.deb
Size/MD5 checksum: 54552 d4af13d4eb9022e20ce2312d951ba34b
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_hppa.deb
Size/MD5 checksum: 241610 97b8a14e8b2cc24197e2b82d01f51775

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_i386.deb
Size/MD5 checksum: 275666 b8fb9e1f47d1e29ba82e9ab9c2c5695e
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_i386.deb
Size/MD5 checksum: 48830 734c77873fd7f566e2473470b1db31aa
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_i386.deb
Size/MD5 checksum: 161636 665df63c672569d63281727a7ac499b0
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_i386.deb
Size/MD5 checksum: 53632 5d75e0f199918c8c250b0a48d4b2fd4f
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_i386.deb
Size/MD5 checksum: 219164 b3b8468f9a518093440b74fc573a6ee1

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_ia64.deb
Size/MD5 checksum: 368628 57e577e4e2a590f89b96204598e14d04

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

Who's Online
Recent Visitors
- Krenn
  Sat Jun 6 11:38:56 2026
  from Sydney, Nsw via Telnet
- Furryboy
  Sat Jun 6 10:56:29 2026
  from Romania, Galati via SSH
- Centurion
  Fri Jun 5 22:28:01 2026
  from Berea, Ohio via Telnet
- Ab Cadd
  Fri Jun 5 17:52:51 2026
  from Sheboygan, Wi via Telnet
- Gwylbert
  Fri Jun 5 06:28:52 2026
  from Sydney, Nsw via Telnet
- Centurion
  Thu Jun 4 23:42:23 2026
  from Berea, Ohio via Telnet
- Michal Wronka
  Thu Jun 4 23:19:58 2026
  from Wroclaw, Poland via Telnet
- Michal Wronka
  Thu Jun 4 23:17:20 2026
  from Wroclaw, Poland via SSH

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	715
Nodes:	16 (2 / 14)
Uptime:	145:07:12
Calls:	12,089
Calls today:	2
Files:	15,000
Messages:	6,517,496

[SECURITY] [DSA 2084-1] New tiff packages fix arbitrary code execution

Who's Online

Recent Visitors

System Info