lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Thu, 7 Apr 2005 13:50:20 -0700
From: please_reply_to_security@....com
To: security-announce@...t.sco.com, bugtraq@...urityfocus.com,
	full-disclosure@...ts.netsys.com
Subject: UnixWare 7.1.4 : libtiff Multiple vulnerabilities



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


______________________________________________________________________________

			SCO Security Advisory

Subject:		UnixWare 7.1.4 : libtiff Multiple vulnerabilities
Advisory number: 	SCOSA-2005.19
Issue date: 		2005 April 07
Cross reference:	sr892971 fz531015 erg712790 CAN-2004-0803 CAN-2004-0804 CAN-2004-0886 CAN-2004-0929 CAN-2004-1183 CAN-2004-1308
______________________________________________________________________________


1. Problem Description

	Updated libtiff fixes several vulnerabilities:

	Multiple vulnerabilities in the RLE (run length encoding)
	decoders for libtiff 3.6.1 and earlier, related to buffer
	overflows and integer overflows, allow remote attackers to
	execute arbitrary code via TIFF files. 

	The Common Vulnerabilities and Exposures project (cve.mitre.org) 
	has assigned th e name CAN-2004-0803 to this issue. 

	Vulnerability in in tif_dirread.c for libtiff allows remote
	attackers to cause a denial of service (application crash)
	via a TIFF image that causes a divide-by-zero error when
	the number of row bytes is zero.

	The Common Vulnerabilities and Exposures project (cve.mitre.org) 
	has assigned the name CAN-2004-0804 to this issue. 

	Multiple integer overflows in libtiff 3.6.1 and earlier allow 
	remote attackers to cause a denial of service (crash or memory 
	corruption) via TIFF images that lead to incorrect malloc calls.

	The Common Vulnerabilities and Exposures project (cve.mitre.org)
	has assigned th e name CAN-2004-0886 to this issue.
 
	Heap-based buffer overflow in the OJPEGVSetField function
	in tif_ojpeg.c for libtiff 3.6.1 and earlier, when compiled
	with the OJPEG_SUPPORT (old JPEG support) option, allows
	remote attackers to execute arbitrary code via a malformed
	TIFF image.

	The Common Vulnerabilities and Exposures project (cve.mitre.org) 
	has assigned th e name CAN-2004-0929 to this issue.

	Integer overflow in the tiffdump utility for libtiff 3.7.1 and 
	earlier allows remote attackers to cause a denial of service 
	(application crash) and possibly execute arbitrary code via a 
	crafted TIFF file.

	The Common Vulnerabilities and Exposures project (cve.mitre.org)
	has assigned th e name CAN-2004-1183 to this issue.

	Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c
	for libtiff 3.5.7 and 3.7.0 allows remote attackers to
	execute arbitrary code via a TIFF file containing a TIFF_ASCII
	or TIFF_UNDEFINED directory entry with a -1 entry count,
	which leads to a heap-based buffer overflow.

	The Common Vulnerabilities and Exposures project (cve.mitre.org) has
	assigned the name CAN-2004-1308 to this issue.


2. Vulnerable Supported Versions

	System				Binaries
	----------------------------------------------------------------------
	UnixWare 7.1.4 			libtiff distribution

3. Solution

	The proper solution is to install the latest packages.


4. UnixWare 7.1.4

	4.1 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.19

	4.2 Verification

	MD5 (tiff.image) = c9f976565559059f1ae413886a43c063

	md5 is available for download from
		ftp://ftp.sco.com/pub/security/tools

	4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following sequence:

	Download tiff.image to the /var/spool/pkg directory

	# pkgadd -d /var/spool/pkg/tiff.image


5. References

	Specific references for this advisory:
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1308 
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1183 
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0929 
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0886 
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0804 
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0803

	SCO security resources:
		http://www.sco.com/support/security/index.html

	SCO security advisories via email
		http://www.sco.com/support/forums/security.html

	This security fix closes SCO incidents sr892971 fz531015
	erg712790.


6. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers
	intended to promote secure installation and use of SCO
	products.


7. Acknowledgments

	SCO would like to thank iDEFENSE and infamous41md[at]hotpop.com

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (SCO/SYSV)

iD8DBQFCVZtCaqoBO7ipriERAq0NAKCJyEGo562Bx4SGIYb7DQnXycvavACfXj9H
MFkNw5rfq8K3bHt9nip2nQ0=
=cjWx
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ