lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20100803053032.GA4600@galadriel.inutil.org>
Date: Tue, 3 Aug 2010 01:30:32 -0400
From: Moritz Muehlenhoff <jmm@...ian.org>
To: debian-security-announce@...ts.debian.org
Subject: [SECURITY] [DSA 2084-1] New tiff packages fix
	arbitrary code execution

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-2084-1                  security@...ian.org
http://www.debian.org/security/                       Moritz Muehlenhoff
August 03, 2010                       http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : tiff
Vulnerability  : integer overflows
Problem type   : local(remote)
Debian-specific: no
CVE Id(s)      : CVE-2010-1411

Kevin Finisterre discovered that several integer overflows in the TIFF
library could lead to the execution of arbitrary code.

For the stable distribution (lenny), this problem has been fixed in
version 3.8.2-11.3.

For the unstable distribution (sid), this problem has been fixed in
version 3.9.4-1.

We recommend that you upgrade your tiff packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/t/tiff/tiff_3.8.2-11.3.tar.gz
    Size/MD5 checksum:  1376361 bfbc775f3ea2d698f6c4e57a66a6bc62
  http://security.debian.org/pool/updates/main/t/tiff/tiff_3.8.2-11.3.dsc
    Size/MD5 checksum:      965 289fde796cd4d75c185fd380e4ef2611

Architecture independent packages:

  http://security.debian.org/pool/updates/main/t/tiff/libtiff-doc_3.8.2-11.3_all.deb
    Size/MD5 checksum:   368936 4fa6c87469e6d2a4ab8b9b609e1cd2b0

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_alpha.deb
    Size/MD5 checksum:   184038 718aa158afb8b08924079e4c8990f303
  http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_alpha.deb
    Size/MD5 checksum:   339202 b4d67d4e554d4e681e54a9951bc6ab88
  http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_alpha.deb
    Size/MD5 checksum:    49078 2c6b9d3ee81d1f1ea306d395b51c1731
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_alpha.deb
    Size/MD5 checksum:    55100 ef3532a300357164438524ca256853fb
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_alpha.deb
    Size/MD5 checksum:   253438 6e72c7d573238d09bdc43a20472b2b29

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_amd64.deb
    Size/MD5 checksum:   230540 93a89276bd4fe5be5a9d50b040002a70
  http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_amd64.deb
    Size/MD5 checksum:   169962 037d13ec48515773798dfc51af404eef
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_amd64.deb
    Size/MD5 checksum:    54210 d4e1911e9e5f07980e0d71bde8bfc732
  http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_amd64.deb
    Size/MD5 checksum:    48846 334988c78cfc87a6a3f9f9a18254f450
  http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_amd64.deb
    Size/MD5 checksum:   293176 4aa38a5f29db663094e6af1039b5a32b

armel architecture (ARM EABI)

  http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_armel.deb
    Size/MD5 checksum:   162044 2b4e8648f64119e0ab8e8ab6246270a9
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_armel.deb
    Size/MD5 checksum:   234150 7481d9317f18ce662f3b8997ce924df8
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_armel.deb
    Size/MD5 checksum:    55996 26fbcbaccac9a1ee56b681699ff035e3
  http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_armel.deb
    Size/MD5 checksum:    48532 30d10222b5e240af5823a2a1cf1b1e26
  http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_armel.deb
    Size/MD5 checksum:   278612 97026ca2288156a7c08057afedede29e

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_hppa.deb
    Size/MD5 checksum:   309128 bf85956e72869e294f893c3f27b6ad37
  http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_hppa.deb
    Size/MD5 checksum:   176834 e0f39c8995ba2d40ae444257bf9b5943
  http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_hppa.deb
    Size/MD5 checksum:    49746 04935c2e72b8696ccfcd1c303fb83327
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_hppa.deb
    Size/MD5 checksum:    54552 d4af13d4eb9022e20ce2312d951ba34b
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_hppa.deb
    Size/MD5 checksum:   241610 97b8a14e8b2cc24197e2b82d01f51775

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_i386.deb
    Size/MD5 checksum:   275666 b8fb9e1f47d1e29ba82e9ab9c2c5695e
  http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_i386.deb
    Size/MD5 checksum:    48830 734c77873fd7f566e2473470b1db31aa
  http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_i386.deb
    Size/MD5 checksum:   161636 665df63c672569d63281727a7ac499b0
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_i386.deb
    Size/MD5 checksum:    53632 5d75e0f199918c8c250b0a48d4b2fd4f
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_i386.deb
    Size/MD5 checksum:   219164 b3b8468f9a518093440b74fc573a6ee1

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_ia64.deb
    Size/MD5 checksum:   368628 57e577e4e2a590f89b96204598e14d04
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_ia64.deb
    Size/MD5 checksum:    56790 4072f1d33f13b2bd419cdd984947a4ce
  http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_ia64.deb
    Size/MD5 checksum:    50600 fd59fabeaae51f1b5cf6a675abd2733e
  http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_ia64.deb
    Size/MD5 checksum:   230320 54f9d6a2004efac771cdf2856c238032
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_ia64.deb
    Size/MD5 checksum:   294884 e6b5df4ea911fc1cc788b8ec7302180a

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_mips.deb
    Size/MD5 checksum:   228404 3980fe301b7f21ef4a651d970791deb4
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_mips.deb
    Size/MD5 checksum:    54648 c1e21d56c6c3caca4fa5cd3088e0131e
  http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_mips.deb
    Size/MD5 checksum:   164076 5d3ebd670bb207890c8b01446d9b5286
  http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_mips.deb
    Size/MD5 checksum:    49246 6b55de1c9cc0588311d490393588fef8
  http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_mips.deb
    Size/MD5 checksum:   308736 ff1fd350e5516cd2b01fdf63e7038571

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_mipsel.deb
    Size/MD5 checksum:    54422 561140c51e40c2c87d7c38e47ec1ce0f
  http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_mipsel.deb
    Size/MD5 checksum:    49108 0eed63837509815d380a8ede4617a2c0
  http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_mipsel.deb
    Size/MD5 checksum:   307868 f0b97d0b90054a568241766cd5e8ac0e
  http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_mipsel.deb
    Size/MD5 checksum:   164694 69ae3b75909d3fbcf4a748a3f17c4a2e
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_mipsel.deb
    Size/MD5 checksum:   228910 75d5940ed31a0a78f7a5a07cca1c90b9

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_powerpc.deb
    Size/MD5 checksum:   299072 cf872d693b7d6d04caab6395c807a49d
  http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_powerpc.deb
    Size/MD5 checksum:    51290 4b3b6043a320e3b0efede959db2c993f
  http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_powerpc.deb
    Size/MD5 checksum:   173516 7fb5e356c35b8161dea064a927f8f524
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_powerpc.deb
    Size/MD5 checksum:   270346 ff150ce3bea37067983a7ea8bdc8ce4f
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_powerpc.deb
    Size/MD5 checksum:    57156 d57b33ff85a8c4775c519bf6868e5dda

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_s390.deb
    Size/MD5 checksum:    49846 f0d66694ef6247958c18b753690d6cf6
  http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_s390.deb
    Size/MD5 checksum:   293844 3f30774b20aada6f011ffeaaf0913ce9
  http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_s390.deb
    Size/MD5 checksum:   177474 884dc57fdc438a4a735e123911bcb8dd
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_s390.deb
    Size/MD5 checksum:   231424 620b24d7eafbb4851b1fd43c96a4445c
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_s390.deb
    Size/MD5 checksum:    55402 35f4548f8da35b1e25de3bc650fe65c4

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_sparc.deb
    Size/MD5 checksum:   280198 63347485f32c91c6b449ec33041cf343
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_sparc.deb
    Size/MD5 checksum:    55224 e64c5173ddd48b8a80f37a8a92a4b8ef
  http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_sparc.deb
    Size/MD5 checksum:   160138 a01d761068e08a849cf0aba5f8bf8115
  http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_sparc.deb
    Size/MD5 checksum:    49380 07dfbcef878e3d014e55bf7c070f722b
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_sparc.deb
    Size/MD5 checksum:   224292 c31548079cc7b5aec519f66411cd0eeb


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkxXqRYACgkQXm3vHE4uylqDhACfYDbuhKHDkBMSyNuf8EklGyZC
yRAAnizrv7gI7lZP+OLWwglkvMrfCf1U
=Cuoj
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ