Libretu JPEG Data thaEll to TJPEG SdScanlOsibly tl>发布日 布日期: 2006-08-17 00:00:00 s">>发布日 -17 00:00:020/td> 利用方式 s"Ihich Manipu ting es/dl>发布日期: 2006-08-17d> LosThetiIhoeg For>>发布日 -17d> 解决方式 8990/MDKSA-2006-136.txt">[点击下载] 利用 >>发布日 -17d> a 8990/MDKSA-2006-136.txt">[py of the c/components/syntaxhl/disc_______lain.js">

[点击下载] 90/MDKSA-2006-136.txt">[py of the c/components/syntaxhl/timelain.js">

间线F48990" cl "F48990)

>发布日 -17 00:00:020/td> 发现 s"Unkn es/dl>发布日期: 2006-08-17d> 利用 Unkn es发布日 -17d> 解决 7yID 38990/MDKSA-2006-136.txt">[py of the 布日c/components/syntaxhl/solfileslain.js">

解决方案F48990" class=s="F48990)

[py of the 布日c/components/syntaxhl/ lain.js">

相关参考F48990" class=s="F48990)

______ 2006-08-17 col90')="2td>ul>
  • CVE uri
  • Libretu TiffScanLineSize R.motenBu wrilOsibly t_V stack buffel>发布日 布日期: 2006-08-17 00:00:00 BeraballoCeswrap f Err-->>发布日 -17 00:00:020/td> BugtraqID 01 12> p____________heti_________ ProblemUultirf260romrite,. Theiscoseqytofareis[py of the 布日 布日期/components/syntaxhl/seq1lain.js">

    受影响的程序版本F48990" class=s="F48990)

    [py of the 日 布日期/components/syntaxhl/discusslain.js">

    ketStormID:F48990) Libretu iThiscn__t__a bu wri-osibly t_RLE decoder w bed in for slibrallofail t__d iscpritberaballoiMandr befoso eopyn.orin r--orrlng oith int to is buf-sizg obu wri.lbr/slbr/sTais updat aly tsww.motenattackrisaa nr is ovarbitrallomachino eodemered whoes bly eti_rrlntomatiswtred sor s wrc0romlibrall. Failromexploit ttempts0) llrg/kelloirase,. Th_rrlntomati, denyn.or ecuicora legitimrpm_in rs.990/MDKSA-2006-136.txt">[py of the 布日 /components/syntaxhl/exploitlain.js">

    ketStormID:F48990) > Currentllowtioer th eawaso_eti__y exploitsan---LEis updat. t: hfeelowtioer ereerr------i: haso awaso_etimoso reche Uulds prior , pleisormbiaius at: RLEdb@9 for Mafin ssori >ul> 发布日期:[py of the 布日 /components/syntaxhl/solfileslain.js">

    解决方案F48990" class=s="F48990)

    相关参考F48990" class=s="F48990)

    ul>
  • --------upport.avayasorieelmodocs2--You2458/ASA-2006-166.htpsFASA-2006-166 -mlibtiff -You2458 upithe (RHSA-2006-0603)ls/d (Avaya)lbr/sl>li>
  • -------www.libtiffbin/c" Libretu Homepagels/d (Libretu)lbr/sl>li>
  • -------rhn.redhatsorieerrata/RHSA-2006-0603.htpl">RHSA-2006:0603-4 -mlibtiff -You2458 upithels/d (Red Hat)lbr/sl>li>
  • -------rhn.redhatsorieerrata/RHSA-2006-0648.htpl">RHSA-2006:0648-4 -mkdegraphics -You2458 upithels/d (Red Hat)lbr/sl>li>
  • -------sunsolve.sunsoriese'rch/documF48.do?'inetkey=1-66-201331-1">Sun Ariva Ly 201331 -mSYou2458 VLE decoder inuainmlibtiff(3) May Aly t Denial ofls/d (Sun)lbr/sl>li>
  • /'rchive/1/441963">rPSA-2006-0142-1mlibtiffls/d (rPath)lbr/sl>li>
  • -------sunsolve.sunsoriese'rch/documF48.do?'inetkey=1-26-103099-1">Multip990SYou2458 VLE decoder inuainmof tSolaris Tag Image Fi990Fs pri LibraLy lls/d (Sun Microsystems)lbr/sl>li>99ul>l>发布日期:[py of theF4899div>899div>F4899div>F499div>F4
  • CVE-2006-3460
    CVSS7.5
    发布时间 :2006-08-02 21:04:00
    修订时间 :2011-10-17 00:00:00
    NMCOPS    

    [原文]Heap-based buffer overflow in the JPEG decoder in the TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an encoded JPEG stream that is longer than the scan line size (TiffScanLineSize).


    [CNNVD]Libtiff图形库JPEG解码器堆溢出漏洞(CNNVD-200608-031)

            LibTiff是负责对TIFF图象格式进行编码/解码的应用库。
            JPEG解码器中存在堆溢出漏洞。
            

    - CVSS (基础分值)

    CVSS分值: 7.5 [严重(HIGH)]
    机密性影响: PARTIAL [很可能造成信息泄露]
    完整性影响: PARTIAL [可能会导致系统文件被修改]
    可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
    攻击复杂度: LOW [漏洞利用没有访问限制 ]
    攻击向量: [--]
    身份认证: NONE [漏洞利用无需身份认证]

    - CWE (弱点类目)

    CWE-119 [内存缓冲区边界内操作的限制不恰当]

    - CPE (受影响的平台与产品)

    产品及版本信息(CPE)暂不可用

    - OVAL (用于检测的技术细节)

    oval:org.mitre.oval:def:11265Heap-based buffer overflow in the JPEG decoder in the TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to cause a deni...
    *OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

    - 官方数据库链接

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3460
    (官方数据源) MITRE
    http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3460
    (官方数据源) NVD
    http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200608-031
    (官方数据源) CNNVD

    - 其它链接及资源

    http://www.debian.org/security/2006/dsa-1137
    (VENDOR_ADVISORY)  DEBIAN  DSA-1137
    https://issues.rpath.com/browse/RPL-558
    (UNKNOWN)  CONFIRM  https://issues.rpath.com/browse/RPL-558
    http://www.vupen.com/english/advisories/2007/4034
    (VENDOR_ADVISORY)  VUPEN  ADV-2007-4034
    http://www.vupen.com/english/advisories/2007/3486
    (VENDOR_ADVISORY)  VUPEN  ADV-2007-3486
    http://www.vupen.com/english/advisories/2006/3105
    (VENDOR_ADVISORY)  VUPEN  ADV-2006-3105
    http://www.vupen.com/english/advisories/2006/3101
    (VENDOR_ADVISORY)  VUPEN  ADV-2006-3101
    http://www.ubuntu.com/usn/usn-330-1
    (UNKNOWN)  UBUNTU  USN-330-1
    http://www.securityfocus.com/bid/19289
    (UNKNOWN)  BID  19289
    http://www.securityfocus.com/bid/19288
    (UNKNOWN)  BID  19288
    http://www.redhat.com/support/errata/RHSA-2006-0648.html
    (VENDOR_ADVISORY)  REDHAT  RHSA-2006:0648
    http://www.redhat.com/support/errata/RHSA-2006-0603.html
    (VENDOR_ADVISORY)  REDHAT  RHSA-2006:0603
    http://www.novell.com/linux/security/advisories/2006_44_libtiff.html
    (UNKNOWN)  SUSE  SUSE-SA:2006:044
    http://www.mandriva.com/security/advisories?name=MDKSA-2006:137
    (UNKNOWN)  MANDRIVA  MDKSA-2006:137
    http://www.mandriva.com/security/advisories?name=MDKSA-2006:136
    (UNKNOWN)  MANDRIVA  MDKSA-2006:136
    http://www.gentoo.org/security/en/glsa/glsa-200608-07.xml
    (UNKNOWN)  GENTOO  GLSA-200608-07
    http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm
    (UNKNOWN)  CONFIRM  http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm
    http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1
    (UNKNOWN)  SUNALERT  201331
    http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1
    (UNKNOWN)  SUNALERT  103160
    http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.536600
    (UNKNOWN)  SLACKWARE  SSA:2006-230-01
    http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.536600
    (UNKNOWN)  SLACKWARE  SSA:2006-230
    http://securitytracker.com/id?1016628
    (UNKNOWN)  SECTRACK  1016628
    http://secunia.com/advisories/27832
    (VENDOR_ADVISORY)  SECUNIA  27832
    http://secunia.com/advisories/27222
    (VENDOR_ADVISORY)  SECUNIA  27222
    http://secunia.com/advisories/27181
    (VENDOR_ADVISORY)  SECUNIA  27181
    http://secunia.com/advisories/22036
    (VENDOR_ADVISORY)  SECUNIA  22036
    http://secunia.com/advisories/21632
    (VENDOR_ADVISORY)  SECUNIA  21632
    http://secunia.com/advisories/21598
    (VENDOR_ADVISORY)  SECUNIA  21598
    http://secunia.com/advisories/21537
    (VENDOR_ADVISORY)  SECUNIA  21537
    http://secunia.com/advisories/21501
    (VENDOR_ADVISORY)  SECUNIA  21501
    http://secunia.com/advisories/21392
    (VENDOR_ADVISORY)  SECUNIA  21392
    http://secunia.com/advisories/21370
    (VENDOR_ADVISORY)  SECUNIA  21370
    http://secunia.com/advisories/21346
    (VENDOR_ADVISORY)  SECUNIA  21346
    http://secunia.com/advisories/21338
    (VENDOR_ADVISORY)  SECUNIA  21338
    http://secunia.com/advisories/21334
    (VENDOR_ADVISORY)  SECUNIA  21334
    http://secunia.com/advisories/21319
    (VENDOR_ADVISORY)  SECUNIA  21319
    http://secunia.com/advisories/21304
    (VENDOR_ADVISORY)  SECUNIA  21304
    http://secunia.com/advisories/21290
    (VENDOR_ADVISORY)  SECUNIA  21290
    http://secunia.com/advisories/21274
    (VENDOR_ADVISORY)  SECUNIA  21274
    http://lwn.net/Alerts/194228/
    (UNKNOWN)  TRUSTIX  2006-0044
    ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc
    (UNKNOWN)  SGI  20060901-01-P
    ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P
    (UNKNOWN)  SGI  20060801-01-P

    - 漏洞信息

    Libtiff图形库JPEG解码器堆溢出漏洞
    高危 缓冲区溢出
    2006-08-02 00:00:00 2006-09-05 00:00:00
    远程  
            LibTiff是负责对TIFF图象格式进行编码/解码的应用库。
            JPEG解码器中存在堆溢出漏洞。
            

    - 公告与补丁

            目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
            Apple Mac OS X Server 10.3.9
            Apple Mac OS X Server 10.3.9
            Apple SecUpdSrvr2006-004Pan.dmg
            http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=11231&cat= 1&platform=osx&method=sa/SecUpdSrvr2006-004Pan.dmg
            Apple Mac OS X 10.3.9
            Apple SecUpd2006-004Pan.dmg
            http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=11230&cat= 1&platform=osx&method=sa/SecUpd2006-004Pan.dmg
            Apple Mac OS X 10.4.7
            Apple SecUpd2006-004Intel.dmg
            http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=11232&cat= 1&platform=osx&method=sa/SecUpd2006-004Intel.dmg
            LibTIFF LibTIFF 3.6.1
            Slackware libtiff-3.8.2-i486-1_slack10.0.tgz
            Slackware 10.0:
            ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/ libtiff-3.8.2-i486-1_slack10.0.tgz
            Slackware libtiff-3.8.2-i486-1_slack10.1.tgz
            Slackware 10.0:
            ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/ libtiff-3.8.2-i486-1_slack10.1.tgz
            Trustix libtiff-3.7.3-4tr.i586.rpm
            Trustix Secure Linux 2.2
            ftp://ftp.trustix.org/pub/trustix/updates
            Trustix libtiff-devel-3.7.3-4tr.i586.rpm
            Trustix Secure Linux 2.2
            ftp://ftp.trustix.org/pub/trustix/updates
            Ubuntu libtiff-tools_3.6.1-5ubuntu0.6_amd64.deb
            Ubuntu 5.04:
            http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.6.1 -5ubuntu0.6_amd64.deb
            Ubuntu libtiff-tools_3.6.1-5ubuntu0.6_i386.deb
            Ubuntu 5.04:
            http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.6.1 -5ubuntu0.6_i386.deb
            Ubuntu libtiff-tools_3.6.1-5ubuntu0.6_powerpc.deb
            Ubuntu 5.04:
            http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.6.1 -5ubuntu0.6_powerpc.deb
            Ubuntu libtiff4-dev_3.6.1-5ubuntu0.6_amd64.deb
            Ubuntu 5.04:
            http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1- 5ubuntu0.6_amd64.deb
            Ubuntu libtiff4-dev_3.6.1-5ubuntu0.6_i386.deb
            Ubuntu 5.04:
            http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1- 5ubuntu0.6_i386.deb
            Ubuntu libtiff4-dev_3.6.1-5ubuntu0.6_powerpc.deb
            Ubuntu 5.04:
            http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1- 5ubuntu0.6_powerpc.deb
            Ubuntu libtiff4_3.6.1-5ubuntu0.6_amd64.deb
            Ubuntu 5.04:
            http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-5ubu ntu0.6_amd64.deb
            Ubuntu libtiff4_3.6.1-5ubuntu0.6_i386.deb
            Ubuntu 5.04:
            http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-5ubu ntu0.6_i386.deb
            Ubuntu libtiff4_3.6.1-5ubuntu0.6_powerpc.deb
            Ubuntu 5.04:
            http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-5ubu ntu0.6_powerpc.deb
            LibTIFF LibTIFF 3.7.1
            Slackware libtiff-3.8.2-i486-1_slack10.1.tgz
            Slackware 10.0:
            ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/ libtiff-3.8.2-i486-1_slack10.1.tgz
            Slackware libtiff-3.8.2-i486-1_slack10.1.tgz
            Slackware 10.1:
            ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/ libtiff-3.8.2-i486-1_slack10.1.tgz
            Slackware libtiff-3.8.2-i486-1_slack10.2.tgz
            Slackware 10.2:
            ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/ libtiff-3.8.2-i486-1_slack10.2.tgz
            LibTIFF LibTIFF 3.7.2
            Debian libtiff-opengl_3.7.2-7_alpha.deb
            Debian GNU/Linux 3.1 alias sarge
            http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7 .2-7_alpha.deb
            Debian libtiff-opengl_3.7.2-7_amd64.deb
            Debian GNU/Linux 3.1 alias sarge
            http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7 .2-7_amd64.deb
            Debian libtiff-opengl_3.7.2-7_arm.deb
            Debian GNU/Linux 3.1 alias sarge
            http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7 .2-7_arm.deb
            Debian libtiff-opengl_3.7.2-7_hppa.deb
            Debian GNU/Linux 3.1 alias sarge
            http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7 .2-7_hppa.deb
            Debian libtiff-opengl_3.7.2-7_i386.deb
            Debian GNU/Linux 3.1 alias sarge
            http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7 .2-7_i386.deb
            Debian libtiff-opengl_3.7.2-7_ia64.deb
            Debian GNU/Linux 3.1 alias sarge
            http://security.debian.org/pool/updates/main/t/tiff/li

    - 漏洞信息 (F49012)

    Ubuntu Security Notice 330-1 (PacketStormID:F49012)
    2006-08-17 00:00:00
    Ubuntu  security.ubuntu.com
    advisory,arbitrary
    linux,ubuntu
    CVE-2006-3459,CVE-2006-3460,CVE-2006-3461,CVE-2006-3462,CVE-2006-3463,CVE-2006-3464,CVE-2006-3465
    [点击下载]

    Ubuntu Security Notice USN-330-1 - Tavis Ormandy discovered that the TIFF library did not sufficiently check handled images for validity. By tricking an user or an automated system into processing a specially crafted TIFF image, an attacker could exploit these weaknesses to execute arbitrary code with the target application's privileges.

    =========================================================== 
    Ubuntu Security Notice USN-330-1            August 02, 2006
    tiff vulnerabilities
    CVE-2006-3459, CVE-2006-3460, CVE-2006-3461, CVE-2006-3462,
    CVE-2006-3463, CVE-2006-3464, CVE-2006-3465
    ===========================================================
    
    A security issue affects the following Ubuntu releases:
    
    Ubuntu 5.04
    Ubuntu 5.10
    Ubuntu 6.06 LTS
    
    This advisory also applies to the corresponding versions of
    Kubuntu, Edubuntu, and Xubuntu.
    
    The problem can be corrected by upgrading your system to the
    following package versions:
    
    Ubuntu 5.04:
      libtiff4                                 3.6.1-5ubuntu0.6
    
    Ubuntu 5.10:
      libtiff4                                 3.7.3-1ubuntu1.5
    
    Ubuntu 6.06 LTS:
      libtiff4                                 3.7.4-1ubuntu3.2
    
    After a standard system upgrade you need to reboot your computer to
    effect the necessary changes.
    
    Details follow:
    
    Tavis Ormandy discovered that the TIFF library did not sufficiently
    check handled images for validity. By tricking an user or an automated
    system into processing a specially crafted TIFF image, an attacker
    could exploit these weaknesses to execute arbitrary code with the
    target application's privileges.
    
    This library is used in many client and server applications, thus you
    should reboot your computer after the upgrade to ensure that all
    running programs use the new version of the library.
    
    
    Updated packages for Ubuntu 5.04:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1-5ubuntu0.6.diff.gz
          Size/MD5:    30691 49722c5266cd7abd26af4e2930806b9c
        http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1-5ubuntu0.6.dsc
          Size/MD5:      681 7ad4b09fd3ae17ac3469befee5a0bdbe
        http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1.orig.tar.gz
          Size/MD5:   848760 bd252167a20ac7910ab3bd2b3ee9e955
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon)
    
        http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.6.1-5ubuntu0.6_amd64.deb
          Size/MD5:   172866 61bd186e530802e933781ec95ecc75a9
        http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1-5ubuntu0.6_amd64.deb
          Size/MD5:   459690 585475d89d429435077cf76a1ea26137
        http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-5ubuntu0.6_amd64.deb
          Size/MD5:   113776 4780d38316de3537a1b55ba45f2fe735
    
      i386 architecture (x86 compatible Intel/AMD)
    
        http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.6.1-5ubuntu0.6_i386.deb
          Size/MD5:   155968 389e7151c6cea9cee5c4a5f95a13b77d
        http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1-5ubuntu0.6_i386.deb
          Size/MD5:   441462 cb6274340b13def24594a42a90b68251
        http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-5ubuntu0.6_i386.deb
          Size/MD5:   104694 16b136cb563918fd5cbea35772af378a
    
      powerpc architecture (Apple Macintosh G3/G4/G5)
    
        http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.6.1-5ubuntu0.6_powerpc.deb
          Size/MD5:   188188 6749e48524a1dae0a6ff5d7e3a2de413
        http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1-5ubuntu0.6_powerpc.deb
          Size/MD5:   464676 6074afb200b1b839eb612e195a9cdfa7
        http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-5ubuntu0.6_powerpc.deb
          Size/MD5:   115188 956c9014eb02b96505808da786ad5a76
    
    Updated packages for Ubuntu 5.10:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.3-1ubuntu1.5.diff.gz
          Size/MD5:    17432 462f974440018758467c211ae4287a38
        http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.3-1ubuntu1.5.dsc
          Size/MD5:      756 588e4e00764c879078155ea33e75ff09
        http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.3.orig.tar.gz
          Size/MD5:  1268182 48fbef3d76a6253699f28f49c8f25a8b
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon)
    
        http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.3-1ubuntu1.5_amd64.deb
          Size/MD5:    48612 4963d3463e3dc627d7587bddaa49141c
        http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.3-1ubuntu1.5_amd64.deb
          Size/MD5:   220048 34fbca2f7003642e99a2441ef83aabf7
        http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.3-1ubuntu1.5_amd64.deb
          Size/MD5:   282498 2b30fa42f5e443215af23faead443c9f
        http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.3-1ubuntu1.5_amd64.deb
          Size/MD5:   472892 1b3f3aa4f34d2afc75ecece36ff5af09
        http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.3-1ubuntu1.5_amd64.deb
          Size/MD5:    43448 e60c1e20c08710c65445587d7735a231
    
      i386 architecture (x86 compatible Intel/AMD)
    
        http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.3-1ubuntu1.5_i386.deb
          Size/MD5:    48018 96eaa5eb44709bedeb613b9f1a22931a
        http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.3-1ubuntu1.5_i386.deb
          Size/MD5:   205062 5ed40e3a33a7d58775625f5da2971c32
        http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.3-1ubuntu1.5_i386.deb
          Size/MD5:   258994 4b0faa18540b8850ac5994dae4d814c3
        http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.3-1ubuntu1.5_i386.deb
          Size/MD5:   458804 347087a64d991f3379d826db0fac0599
        http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.3-1ubuntu1.5_i386.deb
          Size/MD5:    43464 8331d867bf64e79ee2ab8a639f30fc9d
    
      powerpc architecture (Apple Macintosh G3/G4/G5)
    
        http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.3-1ubuntu1.5_powerpc.deb
          Size/MD5:    50334 0b0325a1c212e27821d0141c59ddc1fb
        http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.3-1ubuntu1.5_powerpc.deb
          Size/MD5:   239530 2478436b1ed5ddfdf18d077d5ec0212a
        http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.3-1ubuntu1.5_powerpc.deb
          Size/MD5:   287894 a0f95176643fb7126a967a61f106da73
        http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.3-1ubuntu1.5_powerpc.deb
          Size/MD5:   473162 8be329a8ad8961071e712404b659b42c
        http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.3-1ubuntu1.5_powerpc.deb
          Size/MD5:    45670 f0e946707c7eb7bb3ce56730e27ae76a
    
      sparc architecture (Sun SPARC/UltraSPARC)
    
        http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.3-1ubuntu1.5_sparc.deb
          Size/MD5:    48610 64c7435b7ce23b66b3a90e15f575845a
        http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.3-1ubuntu1.5_sparc.deb
          Size/MD5:   210412 98e14a7b26a3d23a6416fa2b211ef1fe
        http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.3-1ubuntu1.5_sparc.deb
          Size/MD5:   271428 3ef34fd17abbc5d261f998b4808f9cf3
        http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.3-1ubuntu1.5_sparc.deb
          Size/MD5:   464560 9d13ba6ded259ff29456328901bb00a6
        http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.3-1ubuntu1.5_sparc.deb
          Size/MD5:    43362 56ee90c0206249bd10c8b10f2948747f
    
    Updated packages for Ubuntu 6.06 LTS:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4-1ubuntu3.2.diff.gz
          Size/MD5:    19124 a1e98bba276f935aebd6ab7d2f757cf7
        http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4-1ubuntu3.2.dsc
          Size/MD5:      758 be3125f609008aeef14df7c3cd35a349
        http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4.orig.tar.gz
          Size/MD5:  1280113 02cf5c3820bda83b35bb35b45ae27005
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon)
    
        http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.2_amd64.deb
          Size/MD5:    49640 036260cccaf5422219611f29e541b9a8
        http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.2_amd64.deb
          Size/MD5:   220568 b370e81168090a997cdeec22ba2772ca
        http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.2_amd64.deb
          Size/MD5:   282000 b1e1df69d96431d857f01e6efdf74b47
        http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.2_amd64.deb
          Size/MD5:   475234 01679bc8144b2cfc39f7e30817ebe895
        http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.2_amd64.deb
          Size/MD5:    44464 443d29a19341a9a3d8e8406543a0f879
    
      i386 architecture (x86 compatible Intel/AMD)
    
        http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.2_i386.deb
          Size/MD5:    48972 1487f93c4ae0b7d89a2ec20fc1cf7751
        http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.2_i386.deb
          Size/MD5:   205728 a1c62563ff4f15720fe41dad46aa47c1
        http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.2_i386.deb
          Size/MD5:   258772 a01fc13c7120e0470deb17bb4416b9df
        http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.2_i386.deb
          Size/MD5:   461560 66f17cac2fa69165f799e57c12ee53cb
        http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.2_i386.deb
          Size/MD5:    44438 25fcb41c5c348031eae48bd5ff837c22
    
      powerpc architecture (Apple Macintosh G3/G4/G5)
    
        http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.2_powerpc.deb
          Size/MD5:    51312 3fb7912024ac85a7c16f68d7f4064f27
        http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.2_powerpc.deb
          Size/MD5:   239548 e5f378e86f46be643fd358926e61fd1f
        http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.2_powerpc.deb
          Size/MD5:   287558 8d93e194d4ba4e63bdbe8d5e0242cfe3
        http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.2_powerpc.deb
          Size/MD5:   475648 7800d2741705bc25397094a5c8ee3148
        http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.2_powerpc.deb
          Size/MD5:    46672 bb4698013afd1f6c86785e8cc28e4a6f
    
      sparc architecture (Sun SPARC/UltraSPARC)
    
        http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.2_sparc.deb
          Size/MD5:    49520 e13fa9d1515fe5bc78ffface31611484
        http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.2_sparc.deb
          Size/MD5:   208396 d925feff7ff15ed4411708266cb53d2b
        http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.2_sparc.deb
          Size/MD5:   269778 e08346a2f3bae86f419753f10350e617
        http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.2_sparc.deb
          Size/MD5:   466472 d3398c5e98ac9991550f3f3d0148025b
        http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.2_sparc.deb
          Size/MD5:    44386 47bf6769b8cb9a87372cd5f25fd88338
    
        

    - 漏洞信息 (F49010)

    Debian Linux Security Advisory 1137-1 (PacketStormID:F49010)
    2006-08-17 00:00:00
    Debian  debian.org
    advisory
    linux,debian
    CVE-2006-3459,CVE-2006-3460,CVE-2006-3461,CVE-2006-3462,CVE-2006-3463,CVE-2006-3464,CVE-2006-3465
    [点击下载]

    Debian Security Advisory 1137-1 - Tavis Ormandy of the Google Security Team discovered several problems in the TIFF library.

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 1137-1                    security@debian.org
    http://www.debian.org/security/                             Martin Schulze
    August 2nd, 2006                        http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : tiff
    Vulnerability  : several
    Problem type   : local (remote)
    Debian-specific: no
    CVE IDs        : CVE-2006-3459 CVE-2006-3460 CVE-2006-3461 CVE-2006-3462
                     CVE-2006-3463 CVE-2006-3464 CVE-2006-3465
    
    Tavis Ormandy of the Google Security Team discovered several problems
    in the TIFF library.  The Common Vulnerabilities and Exposures project
    identifies the following issues:
    
    CVE-2006-3459
    
        Several stack-buffer overflows have been discovered.
    
    CVE-2006-3460
    
        A heap overflow vulnerability in the JPEG decoder may overrun a
        buffer with more data than expected.
    
    CVE-2006-3461
    
        A heap overflow vulnerability in the PixarLog decoder may allow an
        attacker to execute arbitrary code.
    
    CVE-2006-3462
    
        A heap overflow vulnerability has been discovered in the NeXT RLE
        decoder.
    
    CVE-2006-3463
    
        An loop was discovered where a 16bit unsigned short was used to
        iterate over a 32bit unsigned value so that the loop would never
        terminate and continue forever.
    
    CVE-2006-3464
    
        Multiple unchecked arithmetic operations were uncovered, including
        a number of the range checking operations designed to ensure the
        offsets specified in TIFF directories are legitimate.
    
    CVE-2006-3465
    
        A flaw was also uncovered in libtiffs custom tag support which may
        result in abnormal behaviour, crashes, or potentially arbitrary
        code execution.
    
    For the stable distribution (sarge) these problems have been fixed in
    version 3.7.2-7.
    
    For the unstable distribution (sid) these problems have been fixed in
    version 3.8.2-6.
    
    We recommend that you upgrade your libtiff packages.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given at the end of this advisory:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2-7.dsc
          Size/MD5 checksum:      736 ce0ffb8cdd1130153deaefa8b59abe81
        http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2-7.diff.gz
          Size/MD5 checksum:    17174 ff485016221ededfc8ce649538322211
        http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2.orig.tar.gz
          Size/MD5 checksum:  1252995 221679f6d5c15670b3c242cbfff79a00
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_alpha.deb
          Size/MD5 checksum:    47112 a4f7feea087ba03a84f745ee79a7ff56
        http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_alpha.deb
          Size/MD5 checksum:   243840 f7abb618f36082be959f6e3c9a99cf8f
        http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_alpha.deb
          Size/MD5 checksum:   479064 c137c6857ed320928f182115fbd94b21
        http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_alpha.deb
          Size/MD5 checksum:   311206 c202ef6404c23ea7dc999c03e586c07f
        http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_alpha.deb
          Size/MD5 checksum:    41228 53c5979e8c2556e5a19607c19e862368
    
      AMD64 architecture:
    
        http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_amd64.deb
          Size/MD5 checksum:    46036 bc6d0c7db57a1dcae4b8dd65b4640243
        http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_amd64.deb
          Size/MD5 checksum:   218060 d09ef1de8b31f074d2f05c7522858cf1
        http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_amd64.deb
          Size/MD5 checksum:   459964 8be097d74ac788d87a8358b8f9e68d79
        http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_amd64.deb
          Size/MD5 checksum:   267872 cc0a4241cd53de29b561286fcd91cf2c
        http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_amd64.deb
          Size/MD5 checksum:    40804 136bc49ad0c85dc6fa9f61242cf97c05
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_arm.deb
          Size/MD5 checksum:    45536 0253b94c6f94a33c9942568f9093fedd
        http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_arm.deb
          Size/MD5 checksum:   208630 45e2ef6af43bfbddb4aee00b659d287a
        http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_arm.deb
          Size/MD5 checksum:   454194 354e1b4560b4a407c4b4faf5d2555b20
        http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_arm.deb
          Size/MD5 checksum:   266148 f535b441d81a7786815d954c843b9c81
        http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_arm.deb
          Size/MD5 checksum:    40304 fcd0980c8fc2dedaa8a6380e0d4736bd
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_i386.deb
          Size/MD5 checksum:    45400 e51d8f157a2ef94cbc4e893f756be29a
        http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_i386.deb
          Size/MD5 checksum:   206412 69a3c66b2c9733653e6e7f667ab260b3
        http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_i386.deb
          Size/MD5 checksum:   453078 267f8f361f0dc87f40c8bc37d4785f57
        http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_i386.deb
          Size/MD5 checksum:   252412 5720af1515d6c9ce04f0e7abea045955
        http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_i386.deb
          Size/MD5 checksum:    40850 18710ba8ae073bd5a6e7b3c299cbae23
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_ia64.deb
          Size/MD5 checksum:    48512 c57280d747f62859c4477a0f1dcbcfef
        http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_ia64.deb
          Size/MD5 checksum:   269156 277ad4a79cd2148991134c6ed8c029fe
        http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_ia64.deb
          Size/MD5 checksum:   511782 4b64fd28c917e7e2e158c7244cfc892d
        http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_ia64.deb
          Size/MD5 checksum:   331790 614a46318d671800caab21e26df9c1bf
        http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_ia64.deb
          Size/MD5 checksum:    42450 af80a3234e174d9f15bbb4e68d2b558f
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_hppa.deb
          Size/MD5 checksum:    46846 e863b11db8f25a221776ea306eeb1539
        http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_hppa.deb
          Size/MD5 checksum:   230316 9ccb777cf49096a2dabf144de609b83c
        http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_hppa.deb
          Size/MD5 checksum:   473764 6938692095c40fba1f5feca1efd243a8
        http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_hppa.deb
          Size/MD5 checksum:   282648 68ffb8ebaac2404aa1f9a709e83abfc6
        http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_hppa.deb
          Size/MD5 checksum:    41476 4327a6e2887ab7d5bb69d0476186d69e
    
      Motorola 680x0 architecture:
    
        http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_m68k.deb
          Size/MD5 checksum:    45408 e33d428b54a5776181803c28475e2a30
        http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_m68k.deb
          Size/MD5 checksum:   193578 d7f3db57205002a50354df9cc1e74767
        http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_m68k.deb
          Size/MD5 checksum:   443280 2e982f2b17745777ff6e249f627b1b4c
        http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_m68k.deb
          Size/MD5 checksum:   235056 c362aaa8589f44a3dc533143c37fd16b
        http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_m68k.deb
          Size/MD5 checksum:    40450 279a59887fd7a90b9d92415a07fe87f1
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_mips.deb
          Size/MD5 checksum:    46300 c26b165f7098aa083170b90c8002406e
        http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_mips.deb
          Size/MD5 checksum:   252404 77b6d4382ee49bab1d3b94ea69d3bd88
        http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_mips.deb
          Size/MD5 checksum:   459088 34e8d02f8bac8bc4b059bc36109dda66
        http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_mips.deb
          Size/MD5 checksum:   281156 c2bf726c93de2c1ce1cb289d65fec892
        http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_mips.deb
          Size/MD5 checksum:    41086 85b8389df1df050f12fd87488ab46c02
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_mipsel.deb
          Size/MD5 checksum:    46256 8a1cc8fbd9e7679f2ec722f46a300fe1
        http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_mipsel.deb
          Size/MD5 checksum:   252820 876a24a6b4b49d19eb2d425f7271528e
        http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_mipsel.deb
          Size/MD5 checksum:   459392 f1d09bb13a31f8ec73922f50d538b073
        http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_mipsel.deb
          Size/MD5 checksum:   280986 eff50ab58f511148d9d56ecbbc02c162
        http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_mipsel.deb
          Size/MD5 checksum:    41066 7490a101b2de00f6f458359f64b05daa
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_powerpc.deb
          Size/MD5 checksum:    47462 3eaaac85e15b48dd1add1fb314de9b74
        http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_powerpc.deb
          Size/MD5 checksum:   235624 2d13e7c1769aab6d8a051817009d10ca
        http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_powerpc.deb
          Size/MD5 checksum:   461300 94dddf225b2130da2daca1ec54b2c0b0
        http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_powerpc.deb
          Size/MD5 checksum:   272868 0517f72923504549f4acf0fab1e1924f
        http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_powerpc.deb
          Size/MD5 checksum:    42658 9dd0f68f37713263bc9a729d7216b35f
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_s390.deb
          Size/MD5 checksum:    46422 039bfe0dde0063b276a57c1414a6d9ca
        http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_s390.deb
          Size/MD5 checksum:   214056 b87d71aa653f45726d3b4ecd60b226b3
        http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_s390.deb
          Size/MD5 checksum:   466474 6b6e2dd8152760e65d2af459deac62fc
        http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_s390.deb
          Size/MD5 checksum:   267648 fc8d5662348991874f47953f20102b38
        http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_s390.deb
          Size/MD5 checksum:    41078 090b4edea314fadf183bb31fd891be34
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_sparc.deb
          Size/MD5 checksum:    45706 955588f87bf3796b962c6f18ad5ecbb3
        http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_sparc.deb
          Size/MD5 checksum:   205502 710eb39e993e988dcc1abc5cefd2f559
        http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_sparc.deb
          Size/MD5 checksum:   455492 76e4acd2000175c52d60f6b6f53aaa25
        http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_sparc.deb
          Size/MD5 checksum:   258764 c33aacda7a8162ff5ba7fd9399e347a6
        http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_sparc.deb
          Size/MD5 checksum:    40806 cefaef4ab3ed03fdeeec97a40081721f
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: debian-security-announce@lists.debian.org
    Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
    
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.3 (GNU/Linux)
    
    iD8DBQFE0O68W5ql+IAeqTIRAu2CAKCen9woCeYUfmTgqnDcigV2qzkpewCfaiz6
    UuRcpsNysRI+l/oPURUKGZ0=
    =cFlc
    -----END PGP SIGNATURE-----
    
        

    - 漏洞信息 (F48991)

    Mandriva Linux Security Advisory 2006.137 (PacketStormID:F48991)
    2006-08-17 00:00:00
    Mandriva  mandriva.com
    advisory,vulnerability
    linux,mandriva
    CVE-2006-3459,CVE-2006-3460,CVE-2006-3461,CVE-2006-3462,CVE-2006-3463,CVE-2006-3464,CVE-2006-3465
    [点击下载]

    Mandriva Linux Security Advisory MDKSA-2006-137 - Tavis Ormandy, Google Security Team, has discovered several vulnerabilities in the libtiff image processing library.

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    
     _______________________________________________________________________
     
     Mandriva Linux Security Advisory                         MDKSA-2006:137
     http://www.mandriva.com/security/
     _______________________________________________________________________
     
     Package : libtiff
     Date    : August 1, 2006
     Affected: 2006.0, Corporate 3.0, Multi Network Firewall 2.0
     _______________________________________________________________________
     
     Problem Description:
     
     Tavis Ormandy, Google Security Team, discovered several vulnerabilites
     the libtiff image processing library:
     
     Several buffer overflows have been discovered, including a stack
     buffer overflow via TIFFFetchShortPair() in tif_dirread.c, which is
     used to read two unsigned shorts from the input file. While a bounds
     check is performed via CheckDirCount(), no action is taken on the
     result allowing a pathological tdir_count to read an arbitrary number
     of unsigned shorts onto a stack buffer. (CVE-2006-3459) 
     
     A heap overflow vulnerability was discovered in the jpeg decoder,
     where TIFFScanLineSize() is  documented to return the size in bytes
     that a subsequent call to TIFFReadScanline() would write, however the
     encoded jpeg stream may disagree with these results and overrun the
     buffer with more data than expected. (CVE-2006-3460)
     
     Another heap overflow exists in the PixarLog decoder where a run
     length encoded data stream may specify a stride that is not an exact
     multiple of the number of samples. The result is that on the final
     decode operation the destination buffer is overrun, potentially
     allowing an attacker to execute arbitrary code. (CVE-2006-3461)
     
     The NeXT RLE decoder was also vulnerable to a heap overflow
     vulnerability, where no bounds checking was performed on the result of
     certain RLE decoding operations. This was solved by ensuring the
     number of pixels written did not exceed the size of the scanline
     buffer already prepared. (CVE-2006-3462)
     
     An infinite loop was discovered in EstimateStripByteCounts(), where a
     16bit unsigned short was used to iterate over a 32bit unsigned value,
     should the unsigned int (td_nstrips) have exceeded USHORT_MAX, the
     loop would never terminate and continue forever. (CVE-2006-3463)
     
     Multiple unchecked arithmetic operations were uncovered, including a
     number of the range checking operations deisgned to ensure the offsets
     specified in tiff directories are legitimate. These  can be caused to
     wrap for extreme values, bypassing sanity checks. Additionally, a
     number of codepaths were uncovered where assertions did not hold true,
     resulting in the client application calling abort(). (CVE-2006-3464)
     
     A flaw was also uncovered in libtiffs custom tag support, as
     documented here http://www.libtiff.org/v3.6.0.html. While well formed
     tiff files must have correctly ordered directories, libtiff attempts
     to support broken images that do not. However in certain
     circumstances, creating anonymous fields prior to merging field
     information from codec information can result in recognised fields
     with unexpected values. This state results in abnormal behaviour,
     crashes, or potentially arbitrary code execution. (CVE-2006-3465)
     
     The updated packages have been patched to correct these issues.
     _______________________________________________________________________
    
     References:
     
     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3459
     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3460
     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3461
     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3462
     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3463
     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3464
     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3465
     _______________________________________________________________________
     
     Updated Packages:
     
     Mandriva Linux 2006.0:
     c0173eb2f2d497fce68b863a6d01433e  2006.0/RPMS/libtiff3-3.6.1-12.6.20060mdk.i586.rpm
     55369714ae92ea654507f33944285322  2006.0/RPMS/libtiff3-devel-3.6.1-12.6.20060mdk.i586.rpm
     8303a2a5f5b98d0fe984c4f62a8849e7  2006.0/RPMS/libtiff3-static-devel-3.6.1-12.6.20060mdk.i586.rpm
     898dbc11589b623cba53d4e0dea4ec6e  2006.0/RPMS/libtiff-progs-3.6.1-12.6.20060mdk.i586.rpm
     1f77f216c421961825035b17e2fc3d0f  2006.0/SRPMS/libtiff-3.6.1-12.6.20060mdk.src.rpm
    
     Mandriva Linux 2006.0/X86_64:
     67217a6617c35cfa110b9199ce827c7f  x86_64/2006.0/RPMS/lib64tiff3-3.6.1-12.6.20060mdk.x86_64.rpm
     b5ea6efd7fcb1db40c69457de4d90980  x86_64/2006.0/RPMS/lib64tiff3-devel-3.6.1-12.6.20060mdk.x86_64.rpm
     673437e87cd25febee28993cd3c9488d  x86_64/2006.0/RPMS/lib64tiff3-static-devel-3.6.1-12.6.20060mdk.x86_64.rpm
     c0173eb2f2d497fce68b863a6d01433e  x86_64/2006.0/RPMS/libtiff3-3.6.1-12.6.20060mdk.i586.rpm
     55369714ae92ea654507f33944285322  x86_64/2006.0/RPMS/libtiff3-devel-3.6.1-12.6.20060mdk.i586.rpm
     8303a2a5f5b98d0fe984c4f62a8849e7  x86_64/2006.0/RPMS/libtiff3-static-devel-3.6.1-12.6.20060mdk.i586.rpm
     c3a7a68b6fef5f74240a6f526412d216  x86_64/2006.0/RPMS/libtiff-progs-3.6.1-12.6.20060mdk.x86_64.rpm
     1f77f216c421961825035b17e2fc3d0f  x86_64/2006.0/SRPMS/libtiff-3.6.1-12.6.20060mdk.src.rpm
    
     Corporate 3.0:
     7ed65170763bdbb2db2c73a0e6d21dc5  corporate/3.0/RPMS/libtiff3-3.5.7-11.12.C30mdk.i586.rpm
     c4fd193c4ac3c199f98751b615f7f5ad  corporate/3.0/RPMS/libtiff3-devel-3.5.7-11.12.C30mdk.i586.rpm
     2d4920c58d576d4174358a62eb533acd  corporate/3.0/RPMS/libtiff3-static-devel-3.5.7-11.12.C30mdk.i586.rpm
     aa07135a25873d7265dfb1a4ac1fd365  corporate/3.0/RPMS/libtiff-progs-3.5.7-11.12.C30mdk.i586.rpm
     8c70315b6e8fcbfeb56abaf9df8fef52  corporate/3.0/SRPMS/libtiff-3.5.7-11.12.C30mdk.src.rpm
    
     Corporate 3.0/X86_64:
     c48326e5749da37145fe7744b2ec7da7  x86_64/corporate/3.0/RPMS/lib64tiff3-3.5.7-11.12.C30mdk.x86_64.rpm
     d5a2fa2ad3de5d7a77332920eea6ccb2  x86_64/corporate/3.0/RPMS/lib64tiff3-devel-3.5.7-11.12.C30mdk.x86_64.rpm
     3582b0f21935141f83bb83787ce6537a  x86_64/corporate/3.0/RPMS/lib64tiff3-static-devel-3.5.7-11.12.C30mdk.x86_64.rpm
     7ed65170763bdbb2db2c73a0e6d21dc5  x86_64/corporate/3.0/RPMS/libtiff3-3.5.7-11.12.C30mdk.i586.rpm
     b8de80aaa29a62815ef364357c319d95  x86_64/corporate/3.0/RPMS/libtiff-progs-3.5.7-11.12.C30mdk.x86_64.rpm
     8c70315b6e8fcbfeb56abaf9df8fef52  x86_64/corporate/3.0/SRPMS/libtiff-3.5.7-11.12.C30mdk.src.rpm
    
     Multi Network Firewall 2.0:
     8cc2951ca065dced86d900d2713f7755  mnf/2.0/RPMS/libtiff3-3.5.7-11.12.M20mdk.i586.rpm
     20c7813342fc7964cfc3f35465232ade  mnf/2.0/SRPMS/libtiff-3.5.7-11.12.M20mdk.src.rpm
     _______________________________________________________________________
    
     To upgrade automatically use MandrivaUpdate or urpmi.  The verification
     of md5 checksums and GPG signatures is performed automatically for you.
    
     All packages are signed by Mandriva for security.  You can obtain the
     GPG public key of the Mandriva Security Team by executing:
    
      gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
    
     You can view other update advisories for Mandriva Linux at:
    
      http://www.mandriva.com/security/advisories
    
     If you want to report vulnerabilities, please contact
    
      security_(at)_mandriva.com
     _______________________________________________________________________
    
     Type Bits/KeyID     Date       User ID
     pub  1024D/22458A98 2000-07-10 Mandriva Security Team
      <security*mandriva.com>
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.2.2 (GNU/Linux)
    
    iD8DBQFEz4TtmqjQ0CJFipgRAjTYAJ9tZ6Kqz9K0x3vYAWL8PHtli0+rTgCeN5m8
    +R9B81Ti9uezqZlT1CNf3o8=
    =TKF2
    -----END PGP SIGNATURE-----
    
        

    - 漏洞信息 (F48990)

    Mandriva Linux Security Advisory 2006.136 (PacketStormID:F48990)
    2006-08-17 00:00:00
    Mandriva  mandriva.com
    advisory,vulnerability
    linux,mandriva
    CVE-2006-3459,CVE-2006-3460,CVE-2006-3462,CVE-2006-3463,CVE-2006-3464
    [点击下载]

    Mandriva Linux Security Advisory MDKSA-2006-136 - Tavis Ormandy, Google Security Team, discovered several vulnerabilities the libtiff image processing library. Older versions of kdegraphics use an embedded copy of the libtiff code.

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    
     _______________________________________________________________________
     
     Mandriva Linux Security Advisory                         MDKSA-2006:136
     http://www.mandriva.com/security/
     _______________________________________________________________________
     
     Package : kdegraphics
     Date    : August 1, 2006
     Affected: Corporate 3.0
     _______________________________________________________________________
     
     Problem Description:
     
     Tavis Ormandy, Google Security Team, discovered several vulnerabilites
     the libtiff image processing library. Older versions of kdegraphics use
     an embedded copy of the libtiff code, with possibly the same
     vulnerabilities:
     
     Several buffer overflows have been discovered, including a stack
     buffer overflow via TIFFFetchShortPair() in tif_dirread.c, which is
     used to read two unsigned shorts from the input file. While a bounds
     check is performed via CheckDirCount(), no action is taken on the
     result allowing a pathological tdir_count to read an arbitrary number
     of unsigned shorts onto a stack buffer. (CVE-2006-3459) 
     
     A heap overflow vulnerability was discovered in the jpeg decoder,
     where TIFFScanLineSize() is  documented to return the size in bytes
     that a subsequent call to TIFFReadScanline() would write, however the
     encoded jpeg stream may disagree with these results and overrun the
     buffer with more data than expected. (CVE-2006-3460)
     
     The NeXT RLE decoder was also vulnerable to a heap overflow
     vulnerability, where no bounds checking was performed on the result of
     certain RLE decoding operations. This was solved by ensuring the
     number of pixels written did not exceed the size of the scanline
     buffer already prepared. (CVE-2006-3462)
     
     An infinite loop was discovered in EstimateStripByteCounts(), where a
     16bit unsigned short was used to iterate over a 32bit unsigned value,
     should the unsigned int (td_nstrips) have exceeded USHORT_MAX, the
     loop would never terminate and continue forever. (CVE-2006-3463)
     
     Multiple unchecked arithmetic operations were uncovered, including a
     number of the range checking operations deisgned to ensure the offsets
     specified in tiff directories are legitimate. These  can be caused to
     wrap for extreme values, bypassing sanity checks. Additionally, a
     number of codepaths were uncovered where assertions did not hold true,
     resulting in the client application calling abort(). (CVE-2006-3464)
     
     The updated packages have been patched to correct these issues.
     _______________________________________________________________________
    
     References:
     
     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3459
     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3460
     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3462
     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3463
     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3464
     _______________________________________________________________________
     
     Updated Packages:
     
     Corporate 3.0:
     ffe82a8c94848359195a701299aa19b1  corporate/3.0/RPMS/kdegraphics-3.2-15.12.C30mdk.i586.rpm
     4e8f11ba3a0c99c69c128e106e87054b  corporate/3.0/RPMS/kdegraphics-common-3.2-15.12.C30mdk.i586.rpm
     50eb22c5dd901bc8fa21b555ba95b50b  corporate/3.0/RPMS/kdegraphics-kdvi-3.2-15.12.C30mdk.i586.rpm
     49e8afb51a0bf84832efe7ad612e2f68  corporate/3.0/RPMS/kdegraphics-kfax-3.2-15.12.C30mdk.i586.rpm
     7887720f05d3a9a45b849aa372aaf727  corporate/3.0/RPMS/kdegraphics-kghostview-3.2-15.12.C30mdk.i586.rpm
     0f2eba3232a585463cb5adaba611e8d9  corporate/3.0/RPMS/kdegraphics-kiconedit-3.2-15.12.C30mdk.i586.rpm
     0e590ee1edf76c6a8cec5e87f0d6d3ad  corporate/3.0/RPMS/kdegraphics-kooka-3.2-15.12.C30mdk.i586.rpm
     c3b8af17de250652eb59fe9824500847  corporate/3.0/RPMS/kdegraphics-kpaint-3.2-15.12.C30mdk.i586.rpm
     a42c4b132192b823c8e0d516c2c59ea5  corporate/3.0/RPMS/kdegraphics-kpdf-3.2-15.12.C30mdk.i586.rpm
     78d76cf40472248ae81e296bfb0688f7  corporate/3.0/RPMS/kdegraphics-kpovmodeler-3.2-15.12.C30mdk.i586.rpm
     8775439408ddd984d92721cec5c450c0  corporate/3.0/RPMS/kdegraphics-kruler-3.2-15.12.C30mdk.i586.rpm
     324e0c5054f677229884cd940193e8cb  corporate/3.0/RPMS/kdegraphics-ksnapshot-3.2-15.12.C30mdk.i586.rpm
     7d4c56e5f329fa4aaff59a68340ab1c4  corporate/3.0/RPMS/kdegraphics-ksvg-3.2-15.12.C30mdk.i586.rpm
     7fd0b572f5f14217d6351a2541e00eba  corporate/3.0/RPMS/kdegraphics-kuickshow-3.2-15.12.C30mdk.i586.rpm
     539a8dbb1b3541eb91766ec6723eb5f5  corporate/3.0/RPMS/kdegraphics-kview-3.2-15.12.C30mdk.i586.rpm
     35697d28e45aa111345ac4dcdf74cfb9  corporate/3.0/RPMS/kdegraphics-mrmlsearch-3.2-15.12.C30mdk.i586.rpm
     3ffbe6daaf39f4cf7d82361ce5c98775  corporate/3.0/RPMS/libkdegraphics0-common-3.2-15.12.C30mdk.i586.rpm
     8e1a27553501fa692fe636e4b47e6e4a  corporate/3.0/RPMS/libkdegraphics0-common-devel-3.2-15.12.C30mdk.i586.rpm
     07c85d488505f6a1d2b76ca471f44df2  corporate/3.0/RPMS/libkdegraphics0-kooka-3.2-15.12.C30mdk.i586.rpm
     cb66d0274660cd8ae83011c81549817a  corporate/3.0/RPMS/libkdegraphics0-kooka-devel-3.2-15.12.C30mdk.i586.rpm
     e7ebdfdb1f7de60a67c12d12fb707391  corporate/3.0/RPMS/libkdegraphics0-kpovmodeler-3.2-15.12.C30mdk.i586.rpm
     4097d61133e196d5befdb27416d2852b  corporate/3.0/RPMS/libkdegraphics0-kpovmodeler-devel-3.2-15.12.C30mdk.i586.rpm
     2bebf0ea38c518bdf949ce5ccb5f6fee  corporate/3.0/RPMS/libkdegraphics0-ksvg-3.2-15.12.C30mdk.i586.rpm
     055a6c51d85eaf06a41a1ff58b05d60f  corporate/3.0/RPMS/libkdegraphics0-ksvg-devel-3.2-15.12.C30mdk.i586.rpm
     57d301f6fd18ab065b8ff0ef03d1ce1a  corporate/3.0/RPMS/libkdegraphics0-kuickshow-3.2-15.12.C30mdk.i586.rpm
     d951ff658d420ba1d02903af2741ee1e  corporate/3.0/RPMS/libkdegraphics0-kview-3.2-15.12.C30mdk.i586.rpm
     9affc4cf4a576b53ce6115597b934b07  corporate/3.0/RPMS/libkdegraphics0-kview-devel-3.2-15.12.C30mdk.i586.rpm
     3f82bebd036a81c07910a92a41cf67f2  corporate/3.0/RPMS/libkdegraphics0-mrmlsearch-3.2-15.12.C30mdk.i586.rpm
     7da97a6a01cc1ee884b57a63f532ae6e  corporate/3.0/SRPMS/kdegraphics-3.2-15.12.C30mdk.src.rpm
    
     Corporate 3.0/X86_64:
     9aea4a7d7363002d86d3e5bf4a3f989c  x86_64/corporate/3.0/RPMS/kdegraphics-3.2-15.12.C30mdk.x86_64.rpm
     2ae89f69ce9a016fb8c4d0e3e36d43be  x86_64/corporate/3.0/RPMS/kdegraphics-common-3.2-15.12.C30mdk.x86_64.rpm
     d8195cf7e7848a81f3de13385f98d12a  x86_64/corporate/3.0/RPMS/kdegraphics-kdvi-3.2-15.12.C30mdk.x86_64.rpm
     316c9ce7fcc39e4fddd1bbabd1f14caf  x86_64/corporate/3.0/RPMS/kdegraphics-kfax-3.2-15.12.C30mdk.x86_64.rpm
     c9d4aff70f034a34bc45f3e4898ce1c3  x86_64/corporate/3.0/RPMS/kdegraphics-kghostview-3.2-15.12.C30mdk.x86_64.rpm
     8851cd0f9265ba9a74eeee6f9f260d08  x86_64/corporate/3.0/RPMS/kdegraphics-kiconedit-3.2-15.12.C30mdk.x86_64.rpm
     482a85cdee1f349f37d5260ef61c4e45  x86_64/corporate/3.0/RPMS/kdegraphics-kooka-3.2-15.12.C30mdk.x86_64.rpm
     6d877b1991d4b033fe65b1959f5cc83f  x86_64/corporate/3.0/RPMS/kdegraphics-kpaint-3.2-15.12.C30mdk.x86_64.rpm
     5695710f2da2f7e4932cec14affcd227  x86_64/corporate/3.0/RPMS/kdegraphics-kpdf-3.2-15.12.C30mdk.x86_64.rpm
     abbf166e5edf694b11507c488fdd7bd9  x86_64/corporate/3.0/RPMS/kdegraphics-kpovmodeler-3.2-15.12.C30mdk.x86_64.rpm
     9792b16c83ff79618a53ef75ce17ab2d  x86_64/corporate/3.0/RPMS/kdegraphics-kruler-3.2-15.12.C30mdk.x86_64.rpm
     7304c418876d04f729771c013356b29f  x86_64/corporate/3.0/RPMS/kdegraphics-ksnapshot-3.2-15.12.C30mdk.x86_64.rpm
     d71200dbae7ee507efe8b524d1d0ea90  x86_64/corporate/3.0/RPMS/kdegraphics-ksvg-3.2-15.12.C30mdk.x86_64.rpm
     9ccf9a90d87a2deda26d624bc956219f  x86_64/corporate/3.0/RPMS/kdegraphics-kuickshow-3.2-15.12.C30mdk.x86_64.rpm
     6089e2fd15c38a71e49ad7a396cbb987  x86_64/corporate/3.0/RPMS/kdegraphics-kview-3.2-15.12.C30mdk.x86_64.rpm
     797f03c1792a9a8d1ef1f19a69d3a344  x86_64/corporate/3.0/RPMS/kdegraphics-mrmlsearch-3.2-15.12.C30mdk.x86_64.rpm
     6bee61c89fcd6e95f49db89f36eb1541  x86_64/corporate/3.0/RPMS/lib64kdegraphics0-common-3.2-15.12.C30mdk.x86_64.rpm
     06f97ba7f3ab4a14f4dc6ee60113741e  x86_64/corporate/3.0/RPMS/lib64kdegraphics0-common-devel-3.2-15.12.C30mdk.x86_64.rpm
     7e6c67ba4e81a922e5201d8dcb2ef742  x86_64/corporate/3.0/RPMS/lib64kdegraphics0-kooka-3.2-15.12.C30mdk.x86_64.rpm
     566c9e310a35f17f25ebe5939deb515b  x86_64/corporate/3.0/RPMS/lib64kdegraphics0-kooka-devel-3.2-15.12.C30mdk.x86_64.rpm
     b8a16808b64873d4cdbdba01632c358f  x86_64/corporate/3.0/RPMS/lib64kdegraphics0-kpovmodeler-3.2-15.12.C30mdk.x86_64.rpm
     64/PMS d8d-3.deg.0/RPMS/kpo3a35f17f25eb.2-987/li792dk.4kdegrapbG6_64.rpm
     645egr5d5hic15.del20f762d2c9bdrporate 3.0/X86_64:
     9aea4a7d8d-3.deg.0/RPMS/kpo524d1d0ea90  x86_64/corporate/3.0hica91pov2c 
     U89bc2l-3d45s-3532.C30mdk.x86_64.rpm
     64/PMS d8d-3.deg.0/RPMS/kpo1a1ff58b05d60f  corporate/3/3.0/RPMS/lib33.0291nt-a8    .2-48dhic0ccaa.12.C30mdk.i586.rpm
     b8de80aaa293.deg.0/RPMS/kpo24bc956219f  x86_64/corporate/3.0/RPMS1lib42l-3daafarap19/kd3606devee612.C30mdk.i586.rpm
     b8de80aaa293.deg.0/RPMS/kpo7a396cbb987  x86_64/corporate/3.0/Rp1945bel22-7_4raphd66el-eab115.12.C30mdk.i586.rpm
     b8de80aaa293.deg.0/RPMS/kpo7a396f58b05d60f  corporate/3/3.0/RPMS/li804b8effMS/a2-157bbg-3d4mod-3.02.C30mdk.x86_64.rpm
     6bee61c89fcd6e95f49db89f36f19a69d3a344  x86_64/corporate/3.0/RPMS/bkdegraphics0-mrmlsearch-3.2-15.1230mdk.x86_64.rpm
     8c70315b6a97a6a01cc1ee884b57a63f532ae6e  corpoe  mnf/2.0/SRPMS/libtiff-3.5.7-11.12.M20mdk.src.rpm
     _______________________________________________________________________
    
     To upgrade automatically use MandrivaUpdate or urpmi.  The verification
     of md5 checksums and GPG signatures is performed automatically for you.
    
     All packages are signed by Mandriva for security.  You can obtain the
     GPG public key of the Mandriva Security Team by executing:
    
      gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
    
     You can view other update advisories for Mandriva Linux at:
    
      http://www.mandriva.com/security/advisories
    
     If you want to report vulnerabilities, please contact
    
      security_(at)_mandriva.com
     _______________________________________________________________________
    
     Type Bits/KeyID     Date       User ID
     pub  1024D/22458A98 2000-07-10 Mandriva Security Team
      <security*mandriva.com>
    -----BEGIN PGP SIGNATURE-SQ--
    Version: GtmDAJoC2SbJFPu2EYZYfxoZD+6+6jytlwCcCsGs
    61Tnsza/Jz0VjAoTVBTjnhA=
    =qGgEYAWL8PHtli0+rTgCeN5m8
    +R9B81Ti9uezqZlT1CNf3o8=
    =TKF2
    -----END PGP SIGNATURE-----
    
        

    - 漏88"信息 (F48990)

    SUSE-el> 044torm remote,ormal behaviou件标签: advisory,vulnerability s___ linux,mandriva SUSE___________/stablethe SUSE-el:nux S044
    漏88 (PacketStormID:F48990)
    2006-08-17 00:00:00
    mandriva.com
    CVE-2006-3459,CVE-2006-3460,CVE-2006-3461,CVE-2006-3462,CVE-2006-3463,CVE-2006-3464,CVE-2006-3465
    044tormsecurity.com/files/download/48990/MDKSA-2006-136.txt">[点击下载]
    -
    
    tr td /tr>
     {
    --00:00: 80px;
    --float: left;
    --font-weight: bold;
    -}>
    
    
    

    - osvdb0"> ______ 2006-08-17 col90')="2td> OSVDBID

    公告
  • Younia__________uri
  • Rel_____OSVDB_uri c9562losvdb/27723
  • VendlrwSheckinc__________URLi ftd> 166t, a
  • O --ke_________URLi -------g/de .s___/labed3a3ive/4___-4D/22458- dstable/ -Aug/0001t, as&m=slackwaso-4D/22458.53660/es/dlbr/s -------sunesult.s_nsories d3a3cein the .do?onaltkey=1-2 103099-1 :137
  • VendlrwSheckinc_News/Chratilog E48__:i ----s---bugrdgF48oobin/c9562_bug=CVE--
  • RedHat RHSAi -------rhn.redhat/labeerrata/RHSA> 0603t, as :0648om/s /li> 发布日期:

    - uraor0"> ______ 2006-08-17 col90')="2tdUnkn t---In----let_

  • (PacketStormID:F48990)