| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <200608012240.k71MeCex031013@lambchop.rdu.rpath.com>
Date: Tue, 01 Aug 2006 18:40:12 -0400
From: "Justin M. Forbes" <jmforbes@...th.com>
To: security-announce@...ts.rpath.com,
update-announce@...ts.rpath.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com,
lwn@....net
Subject: rPSA-2006-0142-1 libtiff
rPath Security Advisory: 2006-0142-1
Published: 2006-08-01
Products: rPath Linux 1
Rating: Severe
Exposure Level Classification:
Remote User Deterministic Unauthorized Access
Updated Versions:
libtiff=/conary.rpath.com@rpl:devel//1/3.8.2-3-0.1
References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3459
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3460
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3461
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3462
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3463
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3464
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3465
https://issues.rpath.com/browse/RPL-558
Description:
Previous versions of the libtiff package are vulnerable to several
vulnerabilities which enable attackers to subvert user accounts
if the users attempt to view intentionally malformed TIFF files.
Powered by blists - more mailing lists