发布时间 :2006-08-02 21:04:00
修订时间 :2017-10-10 21:31:03

[原文]Unspecified vulnerability in the custom tag support for the TIFF library (libtiff) before 3.8.2 allows remote attackers to cause a denial of service (instability or crash) and execute arbitrary code via unknown vectors.



- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:9067Unspecified vulnerability in the custom tag support for the TIFF library (libtiff) before 3.8.2 allows remote attackers to cause a denial of...

- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  SGI  20060801-01-P
(UNKNOWN)  SGI  20060901-01-P
(UNKNOWN)  TRUSTIX  2006-0044
(UNKNOWN)  BID  19287
(UNKNOWN)  BID  19289
(UNKNOWN)  VUPEN  ADV-2006-3101
(UNKNOWN)  VUPEN  ADV-2006-3105
(UNKNOWN)  VUPEN  ADV-2007-4034

- 漏洞信息

高危 其他
2006-08-02 00:00:00 2006-08-26 00:00:00

- 公告与补丁

        Apple Mac OS X Server 10.3.9
        Apple SecUpdSrvr2006-004Pan.dmg 1&platform=osx&method=sa/SecUpdSrvr2006-004Pan.dmg
        Apple Mac OS X 10.3.9
        Apple SecUpd2006-004Pan.dmg 1&platform=osx&method=sa/SecUpd2006-004Pan.dmg
        Apple Mac OS X 10.4.7
        Apple SecUpd2006-004Intel.dmg 1&platform=osx&method=sa/SecUpd2006-004Intel.dmg
        RedHat Fedora Core1
        Fedora tcpdump-3.7.2-7.fc1.1.i386.rpm /tcpdump-3.7.2-7.fc1.1.i386.rpm
        Fedora tcpdump-debuginfo-3.7.2-7.fc1.1.i386.rpm /debug/tcpdump-debuginfo-3.7.2-7.fc1.1.i386.rpm

- 漏洞信息 (F49012)

Ubuntu Security Notice 330-1 (PacketStormID:F49012)
2006-08-17 00:00:00

Ubuntu Security Notice USN-330-1 - Tavis Ormandy discovered that the TIFF library did not sufficiently check handled images for validity. By tricking an user or an automated system into processing a specially crafted TIFF image, an attacker could exploit these weaknesses to execute arbitrary code with the target application's privileges.

Ubuntu Security Notice USN-330-1            August 02, 2006
tiff vulnerabilities
CVE-2006-3459, CVE-2006-3460, CVE-2006-3461, CVE-2006-3462,
CVE-2006-3463, CVE-2006-3464, CVE-2006-3465

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
  libtiff4                                 3.6.1-5ubuntu0.6

Ubuntu 5.10:
  libtiff4                                 3.7.3-1ubuntu1.5

Ubuntu 6.06 LTS:
  libtiff4                                 3.7.4-1ubuntu3.2

After a standard system upgrade you need to reboot your computer to
effect the necessary changes.

Details follow:

Tavis Ormandy discovered that the TIFF library did not sufficiently
check handled images for validity. By tricking an user or an automated
system into processing a specially crafted TIFF image, an attacker
could exploit these weaknesses to execute arbitrary code with the
target application's privileges.

This library is used in many client and server applications, thus you
should reboot your computer after the upgrade to ensure that all
running programs use the new version of the library.

Updated packages for Ubuntu 5.04:

  Source archives:
      Size/MD5:    30691 49722c5266cd7abd26af4e2930806b9c
      Size/MD5:      681 7ad4b09fd3ae17ac3469befee5a0bdbe
      Size/MD5:   848760 bd252167a20ac7910ab3bd2b3ee9e955

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5:   172866 61bd186e530802e933781ec95ecc75a9
      Size/MD5:   459690 585475d89d429435077cf76a1ea26137
      Size/MD5:   113776 4780d38316de3537a1b55ba45f2fe735

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5:   155968 389e7151c6cea9cee5c4a5f95a13b77d
      Size/MD5:   441462 cb6274340b13def24594a42a90b68251
      Size/MD5:   104694 16b136cb563918fd5cbea35772af378a

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5:   188188 6749e48524a1dae0a6ff5d7e3a2de413
      Size/MD5:   464676 6074afb200b1b839eb612e195a9cdfa7
      Size/MD5:   115188 956c9014eb02b96505808da786ad5a76

Updated packages for Ubuntu 5.10:

  Source archives:
      Size/MD5:    17432 462f974440018758467c211ae4287a38
      Size/MD5:      756 588e4e00764c879078155ea33e75ff09
      Size/MD5:  1268182 48fbef3d76a6253699f28f49c8f25a8b

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5:    48612 4963d3463e3dc627d7587bddaa49141c
      Size/MD5:   220048 34fbca2f7003642e99a2441ef83aabf7
      Size/MD5:   282498 2b30fa42f5e443215af23faead443c9f
      Size/MD5:   472892 1b3f3aa4f34d2afc75ecece36ff5af09
      Size/MD5:    43448 e60c1e20c08710c65445587d7735a231

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5:    48018 96eaa5eb44709bedeb613b9f1a22931a
      Size/MD5:   205062 5ed40e3a33a7d58775625f5da2971c32
      Size/MD5:   258994 4b0faa18540b8850ac5994dae4d814c3
      Size/MD5:   458804 347087a64d991f3379d826db0fac0599
      Size/MD5:    43464 8331d867bf64e79ee2ab8a639f30fc9d

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5:    50334 0b0325a1c212e27821d0141c59ddc1fb
      Size/MD5:   239530 2478436b1ed5ddfdf18d077d5ec0212a
      Size/MD5:   287894 a0f95176643fb7126a967a61f106da73
      Size/MD5:   473162 8be329a8ad8961071e712404b659b42c
      Size/MD5:    45670 f0e946707c7eb7bb3ce56730e27ae76a

  sparc architecture (Sun SPARC/UltraSPARC)
      Size/MD5:    48610 64c7435b7ce23b66b3a90e15f575845a
      Size/MD5:   210412 98e14a7b26a3d23a6416fa2b211ef1fe
      Size/MD5:   271428 3ef34fd17abbc5d261f998b4808f9cf3
      Size/MD5:   464560 9d13ba6ded259ff29456328901bb00a6
      Size/MD5:    43362 56ee90c0206249bd10c8b10f2948747f

Updated packages for Ubuntu 6.06 LTS:

  Source archives:
      Size/MD5:    19124 a1e98bba276f935aebd6ab7d2f757cf7
      Size/MD5:      758 be3125f609008aeef14df7c3cd35a349
      Size/MD5:  1280113 02cf5c3820bda83b35bb35b45ae27005

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5:    49640 036260cccaf5422219611f29e541b9a8
      Size/MD5:   220568 b370e81168090a997cdeec22ba2772ca
      Size/MD5:   282000 b1e1df69d96431d857f01e6efdf74b47
      Size/MD5:   475234 01679bc8144b2cfc39f7e30817ebe895
      Size/MD5:    44464 443d29a19341a9a3d8e8406543a0f879

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5:    48972 1487f93c4ae0b7d89a2ec20fc1cf7751
      Size/MD5:   205728 a1c62563ff4f15720fe41dad46aa47c1
      Size/MD5:   258772 a01fc13c7120e0470deb17bb4416b9df
      Size/MD5:   461560 66f17cac2fa69165f799e57c12ee53cb
      Size/MD5:    44438 25fcb41c5c348031eae48bd5ff837c22

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5:    51312 3fb7912024ac85a7c16f68d7f4064f27
      Size/MD5:   239548 e5f378e86f46be643fd358926e61fd1f
      Size/MD5:   287558 8d93e194d4ba4e63bdbe8d5e0242cfe3
      Size/MD5:   475648 7800d2741705bc25397094a5c8ee3148
      Size/MD5:    46672 bb4698013afd1f6c86785e8cc28e4a6f

  sparc architecture (Sun SPARC/UltraSPARC)
      Size/MD5:    49520 e13fa9d1515fe5bc78ffface31611484
      Size/MD5:   208396 d925feff7ff15ed4411708266cb53d2b
      Size/MD5:   269778 e08346a2f3bae86f419753f10350e617
      Size/MD5:   466472 d3398c5e98ac9991550f3f3d0148025b
      Size/MD5:    44386 47bf6769b8cb9a87372cd5f25fd88338


- 漏洞信息 (F49010)

Debian Linux Security Advisory 1137-1 (PacketStormID:F49010)
2006-08-17 00:00:00

Debian Security Advisory 1137-1 - Tavis Ormandy of the Google Security Team discovered several problems in the TIFF library.

Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1137-1                                       Martin Schulze
August 2nd, 2006              
- --------------------------------------------------------------------------

Package        : tiff
Vulnerability  : several
Problem type   : local (remote)
Debian-specific: no
CVE IDs        : CVE-2006-3459 CVE-2006-3460 CVE-2006-3461 CVE-2006-3462
                 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465

Tavis Ormandy of the Google Security Team discovered several problems
in the TIFF library.  The Common Vulnerabilities and Exposures project
identifies the following issues:


    Several stack-buffer overflows have been discovered.


    A heap overflow vulnerability in the JPEG decoder may overrun a
    buffer with more data than expected.


    A heap overflow vulnerability in the PixarLog decoder may allow an
    attacker to execute arbitrary code.


    A heap overflow vulnerability has been discovered in the NeXT RLE


    An loop was discovered where a 16bit unsigned short was used to
    iterate over a 32bit unsigned value so that the loop would never
    terminate and continue forever.


    Multiple unchecked arithmetic operations were uncovered, including
    a number of the range checking operations designed to ensure the
    offsets specified in TIFF directories are legitimate.


    A flaw was also uncovered in libtiffs custom tag support which may
    result in abnormal behaviour, crashes, or potentially arbitrary
    code execution.

For the stable distribution (sarge) these problems have been fixed in
version 3.7.2-7.

For the unstable distribution (sid) these problems have been fixed in
version 3.8.2-6.

We recommend that you upgrade your libtiff packages.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:
      Size/MD5 checksum:      736 ce0ffb8cdd1130153deaefa8b59abe81
      Size/MD5 checksum:    17174 ff485016221ededfc8ce649538322211
      Size/MD5 checksum:  1252995 221679f6d5c15670b3c242cbfff79a00

  Alpha architecture:
      Size/MD5 checksum:    47112 a4f7feea087ba03a84f745ee79a7ff56
      Size/MD5 checksum:   243840 f7abb618f36082be959f6e3c9a99cf8f
      Size/MD5 checksum:   479064 c137c6857ed320928f182115fbd94b21
      Size/MD5 checksum:   311206 c202ef6404c23ea7dc999c03e586c07f
      Size/MD5 checksum:    41228 53c5979e8c2556e5a19607c19e862368

  AMD64 architecture:
      Size/MD5 checksum:    46036 bc6d0c7db57a1dcae4b8dd65b4640243
      Size/MD5 checksum:   218060 d09ef1de8b31f074d2f05c7522858cf1
      Size/MD5 checksum:   459964 8be097d74ac788d87a8358b8f9e68d79
      Size/MD5 checksum:   267872 cc0a4241cd53de29b561286fcd91cf2c
      Size/MD5 checksum:    40804 136bc49ad0c85dc6fa9f61242cf97c05

  ARM architecture:
      Size/MD5 checksum:    45536 0253b94c6f94a33c9942568f9093fedd
      Size/MD5 checksum:   208630 45e2ef6af43bfbddb4aee00b659d287a
      Size/MD5 checksum:   454194 354e1b4560b4a407c4b4faf5d2555b20
      Size/MD5 checksum:   266148 f535b441d81a7786815d954c843b9c81
      Size/MD5 checksum:    40304 fcd0980c8fc2dedaa8a6380e0d4736bd

  Intel IA-32 architecture:
      Size/MD5 checksum:    45400 e51d8f157a2ef94cbc4e893f756be29a
      Size/MD5 checksum:   206412 69a3c66b2c9733653e6e7f667ab260b3
      Size/MD5 checksum:   453078 267f8f361f0dc87f40c8bc37d4785f57
      Size/MD5 checksum:   252412 5720af1515d6c9ce04f0e7abea045955
      Size/MD5 checksum:    40850 18710ba8ae073bd5a6e7b3c299cbae23

  Intel IA-64 architecture:
      Size/MD5 checksum:    48512 c57280d747f62859c4477a0f1dcbcfef
      Size/MD5 checksum:   269156 277ad4a79cd2148991134c6ed8c029fe
      Size/MD5 checksum:   511782 4b64fd28c917e7e2e158c7244cfc892d
      Size/MD5 checksum:   331790 614a46318d671800caab21e26df9c1bf
      Size/MD5 checksum:    42450 af80a3234e174d9f15bbb4e68d2b558f

  HP Precision architecture:
      Size/MD5 checksum:    46846 e863b11db8f25a221776ea306eeb1539
      Size/MD5 checksum:   230316 9ccb777cf49096a2dabf144de609b83c
      Size/MD5 checksum:   473764 6938692095c40fba1f5feca1efd243a8
      Size/MD5 checksum:   282648 68ffb8ebaac2404aa1f9a709e83abfc6
      Size/MD5 checksum:    41476 4327a6e2887ab7d5bb69d0476186d69e

  Motorola 680x0 architecture:
      Size/MD5 checksum:    45408 e33d428b54a5776181803c28475e2a30
      Size/MD5 checksum:   193578 d7f3db57205002a50354df9cc1e74767
      Size/MD5 checksum:   443280 2e982f2b17745777ff6e249f627b1b4c
      Size/MD5 checksum:   235056 c362aaa8589f44a3dc533143c37fd16b
      Size/MD5 checksum:    40450 279a59887fd7a90b9d92415a07fe87f1

  Big endian MIPS architecture:
      Size/MD5 checksum:    46300 c26b165f7098aa083170b90c8002406e
      Size/MD5 checksum:   252404 77b6d4382ee49bab1d3b94ea69d3bd88
      Size/MD5 checksum:   459088 34e8d02f8bac8bc4b059bc36109dda66
      Size/MD5 checksum:   281156 c2bf726c93de2c1ce1cb289d65fec892
      Size/MD5 checksum:    41086 85b8389df1df050f12fd87488ab46c02

  Little endian MIPS architecture:
      Size/MD5 checksum:    46256 8a1cc8fbd9e7679f2ec722f46a300fe1
      Size/MD5 checksum:   252820 876a24a6b4b49d19eb2d425f7271528e
      Size/MD5 checksum:   459392 f1d09bb13a31f8ec73922f50d538b073
      Size/MD5 checksum:   280986 eff50ab58f511148d9d56ecbbc02c162
      Size/MD5 checksum:    41066 7490a101b2de00f6f458359f64b05daa

  PowerPC architecture:
      Size/MD5 checksum:    47462 3eaaac85e15b48dd1add1fb314de9b74
      Size/MD5 checksum:   235624 2d13e7c1769aab6d8a051817009d10ca
      Size/MD5 checksum:   461300 94dddf225b2130da2daca1ec54b2c0b0
      Size/MD5 checksum:   272868 0517f72923504549f4acf0fab1e1924f
      Size/MD5 checksum:    42658 9dd0f68f37713263bc9a729d7216b35f

  IBM S/390 architecture:
      Size/MD5 checksum:    46422 039bfe0dde0063b276a57c1414a6d9ca
      Size/MD5 checksum:   214056 b87d71aa653f45726d3b4ecd60b226b3
      Size/MD5 checksum:   466474 6b6e2dd8152760e65d2af459deac62fc
      Size/MD5 checksum:   267648 fc8d5662348991874f47953f20102b38
      Size/MD5 checksum:    41078 090b4edea314fadf183bb31fd891be34

  Sun Sparc architecture:
      Size/MD5 checksum:    45706 955588f87bf3796b962c6f18ad5ecbb3
      Size/MD5 checksum:   205502 710eb39e993e988dcc1abc5cefd2f559
      Size/MD5 checksum:   455492 76e4acd2000175c52d60f6b6f53aaa25
      Size/MD5 checksum:   258764 c33aacda7a8162ff5ba7fd9399e347a6
      Size/MD5 checksum:    40806 cefaef4ab3ed03fdeeec97a40081721f

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list:
Package info: `apt-cache show <pkg>' and<pkg>

Version: GnuPG v1.4.3 (GNU/Linux)



- 漏洞信息 (F48991)

Mandriva Linux Security Advisory 2006.137 (PacketStormID:F48991)
2006-08-17 00:00:00

Mandriva Linux Security Advisory MDKSA-2006-137 - Tavis Ormandy, Google Security Team, has discovered several vulnerabilities in the libtiff image processing library.

Hash: SHA1

 Mandriva Linux Security Advisory                         MDKSA-2006:137
 Package : libtiff
 Date    : August 1, 2006
 Affected: 2006.0, Corporate 3.0, Multi Network Firewall 2.0
 Problem Description:
 Tavis Ormandy, Google Security Team, discovered several vulnerabilites
 the libtiff image processing library:
 Several buffer overflows have been discovered, including a stack
 buffer overflow via TIFFFetchShortPair() in tif_dirread.c, which is
 used to read two unsigned shorts from the input file. While a bounds
 check is performed via CheckDirCount(), no action is taken on the
 result allowing a pathological tdir_count to read an arbitrary number
 of unsigned shorts onto a stack buffer. (CVE-2006-3459) 
 A heap overflow vulnerability was discovered in the jpeg decoder,
 where TIFFScanLineSize() is  documented to return the size in bytes
 that a subsequent call to TIFFReadScanline() would write, however the
 encoded jpeg stream may disagree with these results and overrun the
 buffer with more data than expected. (CVE-2006-3460)
 Another heap overflow exists in the PixarLog decoder where a run
 length encoded data stream may specify a stride that is not an exact
 multiple of the number of samples. The result is that on the final
 decode operation the destination buffer is overrun, potentially
 allowing an attacker to execute arbitrary code. (CVE-2006-3461)
 The NeXT RLE decoder was also vulnerable to a heap overflow
 vulnerability, where no bounds checking was performed on the result of
 certain RLE decoding operations. This was solved by ensuring the
 number of pixels written did not exceed the size of the scanline
 buffer already prepared. (CVE-2006-3462)
 An infinite loop was discovered in EstimateStripByteCounts(), where a
 16bit unsigned short was used to iterate over a 32bit unsigned value,
 should the unsigned int (td_nstrips) have exceeded USHORT_MAX, the
 loop would never terminate and continue forever. (CVE-2006-3463)
 Multiple unchecked arithmetic operations were uncovered, including a
 number of the range checking operations deisgned to ensure the offsets
 specified in tiff directories are legitimate. These  can be caused to
 wrap for extreme values, bypassing sanity checks. Additionally, a
 number of codepaths were uncovered where assertions did not hold true,
 resulting in the client application calling abort(). (CVE-2006-3464)
 A flaw was also uncovered in libtiffs custom tag support, as
 documented here While well formed
 tiff files must have correctly ordered directories, libtiff attempts
 to support broken images that do not. However in certain
 circumstances, creating anonymous fields prior to merging field
 information from codec information can result in recognised fields
 with unexpected values. This state results in abnormal behaviour,
 crashes, or potentially arbitrary code execution. (CVE-2006-3465)
 The updated packages have been patched to correct these issues.

 Updated Packages:
 Mandriva Linux 2006.0:
 c0173eb2f2d497fce68b863a6d01433e  2006.0/RPMS/libtiff3-3.6.1-12.6.20060mdk.i586.rpm
 55369714ae92ea654507f33944285322  2006.0/RPMS/libtiff3-devel-3.6.1-12.6.20060mdk.i586.rpm
 8303a2a5f5b98d0fe984c4f62a8849e7  2006.0/RPMS/libtiff3-static-devel-3.6.1-12.6.20060mdk.i586.rpm
 898dbc11589b623cba53d4e0dea4ec6e  2006.0/RPMS/libtiff-progs-3.6.1-12.6.20060mdk.i586.rpm
 1f77f216c421961825035b17e2fc3d0f  2006.0/SRPMS/libtiff-3.6.1-12.6.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 67217a6617c35cfa110b9199ce827c7f  x86_64/2006.0/RPMS/lib64tiff3-3.6.1-12.6.20060mdk.x86_64.rpm
 b5ea6efd7fcb1db40c69457de4d90980  x86_64/2006.0/RPMS/lib64tiff3-devel-3.6.1-12.6.20060mdk.x86_64.rpm
 673437e87cd25febee28993cd3c9488d  x86_64/2006.0/RPMS/lib64tiff3-static-devel-3.6.1-12.6.20060mdk.x86_64.rpm
 c0173eb2f2d497fce68b863a6d01433e  x86_64/2006.0/RPMS/libtiff3-3.6.1-12.6.20060mdk.i586.rpm
 55369714ae92ea654507f33944285322  x86_64/2006.0/RPMS/libtiff3-devel-3.6.1-12.6.20060mdk.i586.rpm
 8303a2a5f5b98d0fe984c4f62a8849e7  x86_64/2006.0/RPMS/libtiff3-static-devel-3.6.1-12.6.20060mdk.i586.rpm
 c3a7a68b6fef5f74240a6f526412d216  x86_64/2006.0/RPMS/libtiff-progs-3.6.1-12.6.20060mdk.x86_64.rpm
 1f77f216c421961825035b17e2fc3d0f  x86_64/2006.0/SRPMS/libtiff-3.6.1-12.6.20060mdk.src.rpm

 Corporate 3.0:
 7ed65170763bdbb2db2c73a0e6d21dc5  corporate/3.0/RPMS/libtiff3-3.5.7-11.12.C30mdk.i586.rpm
 c4fd193c4ac3c199f98751b615f7f5ad  corporate/3.0/RPMS/libtiff3-devel-3.5.7-11.12.C30mdk.i586.rpm
 2d4920c58d576d4174358a62eb533acd  corporate/3.0/RPMS/libtiff3-static-devel-3.5.7-11.12.C30mdk.i586.rpm
 aa07135a25873d7265dfb1a4ac1fd365  corporate/3.0/RPMS/libtiff-progs-3.5.7-11.12.C30mdk.i586.rpm
 8c70315b6e8fcbfeb56abaf9df8fef52  corporate/3.0/SRPMS/libtiff-3.5.7-11.12.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 c48326e5749da37145fe7744b2ec7da7  x86_64/corporate/3.0/RPMS/lib64tiff3-3.5.7-11.12.C30mdk.x86_64.rpm
 d5a2fa2ad3de5d7a77332920eea6ccb2  x86_64/corporate/3.0/RPMS/lib64tiff3-devel-3.5.7-11.12.C30mdk.x86_64.rpm
 3582b0f21935141f83bb83787ce6537a  x86_64/corporate/3.0/RPMS/lib64tiff3-static-devel-3.5.7-11.12.C30mdk.x86_64.rpm
 7ed65170763bdbb2db2c73a0e6d21dc5  x86_64/corporate/3.0/RPMS/libtiff3-3.5.7-11.12.C30mdk.i586.rpm
 b8de80aaa29a62815ef364357c319d95  x86_64/corporate/3.0/RPMS/libtiff-progs-3.5.7-11.12.C30mdk.x86_64.rpm
 8c70315b6e8fcbfeb56abaf9df8fef52  x86_64/corporate/3.0/SRPMS/libtiff-3.5.7-11.12.C30mdk.src.rpm

 Multi Network Firewall 2.0:
 8cc2951ca065dced86d900d2713f7755  mnf/2.0/RPMS/libtiff3-3.5.7-11.12.M20mdk.i586.rpm
 20c7813342fc7964cfc3f35465232ade  mnf/2.0/SRPMS/libtiff-3.5.7-11.12.M20mdk.src.rpm

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver 0x22458A98

 You can view other update advisories for Mandriva Linux at:

 If you want to report vulnerabilities, please contact


 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
Version: GnuPG v1.4.2.2 (GNU/Linux)



- 漏洞信息 (F48988)

SUSE-SA-2006-044.txt (PacketStormID:F48988)
2006-08-17 00:00:00
advisory,remote,code execution

SUSE Security Announcement SUSE-SA:2006:044 - This update of libtiff is the result of a source-code audit done by Tavis Ormandy, Google Security Team. It fixes various bugs that can lead to denial-of-service conditions as well as to remote code execution while parsing a tiff image provided by an attacker.



                        SUSE Security Announcement

        Package:                libtiff
        Announcement ID:        SUSE-SA:2006:044
        Date:                   Tue, 01 Aug 2006 17:00:00 +0000
        Affected Products:      SLE SDK 10
                                SUSE LINUX 10.1
                                SUSE LINUX 10.0
                                SUSE LINUX 9.3
                                SUSE LINUX 9.2
                                SuSE Linux Desktop 1.0
                                SuSE Linux Enterprise Server 8
                                SUSE SLES 10
                                SUSE SLES 9
                                UnitedLinux 1.0
        Vulnerability Type:     possible remote code execution
        Severity (1-10):        8
        SUSE Default Package:   yes
        Cross-References:       CVE-2006-3459, CVE-2006-3460, CVE-2006-3461,
				CVE-2006-3462, CVE-2006-3463, CVE-2006-3464,

    Content of This Advisory:
        1) Security Vulnerability Resolved:
             fixed heap- and  integer-overflows
           Problem Description
        2) Solution or Work-Around
        3) Special Instructions and Notes
        4) Package Location and Checksums
        5) Pending Vulnerabilities, Solutions, and Work-Arounds:
        6) Authenticity Verification and Additional Information


1) Problem Description and Brief Discussion

   This update of libtiff is the result of a source-code audit done by
   Tavis Ormandy, Google Security Team. It fixes various bugs that can
   lead to denial-of-service conditions as well as to remote code execution
   while parsing a tiff image provided by an attacker.

2) Solution or Work-Around

   No work-around known.

3) Special Instructions and Notes

   Please restart all applications using libtiff. Desktop users should logout
   and re-login.
   On server systems you have to restart all server applications manually.

4) Package Location and Checksums

   The preferred method for installing security updates is to use the YaST
   Online Update (YOU) tool. YOU detects which updates are required and
   automatically performs the necessary steps to verify and install them.
   Alternatively, download the update packages for your distribution manually
   and verify their integrity by the methods listed in Section 6 of this
   announcement. Then install the packages using the command

     rpm -Fhv <file.rpm>

   to apply the update, replacing <file.rpm> with the filename of the
   downloaded RPM package.

   x86 Platform:
   SUSE LINUX 10.1:
   SUSE LINUX 10.0:
   SUSE LINUX 9.3:
   SUSE LINUX 9.2:
   Power PC Platform:
   SUSE LINUX 10.1:
   SUSE LINUX 10.0:
   x86-64 Platform:
   SUSE LINUX 10.1:
   SUSE LINUX 10.0:
   SUSE LINUX 9.3:
   SUSE LINUX 9.2:
   Our maintenance customers are notified individually. The packages are
   offered for installation from the maintenance web:


5) Pending Vulnerabilities, Solutions, and Work-Arounds:

   Please read the weekly summary report.


6) Authenticity Verification and Additional Information

  - Announcement authenticity verification:

    SUSE security announcements are published via mailing lists and on Web
    sites. The authenticity and integrity of a SUSE security announcement is
    guaranteed by a cryptographic signature in each announcement. All SUSE
    security announcements are published with a valid signature.

    To verify the signature of the announcement, save it as text into a file
    and run the command

      gpg --verify <file>

    replacing <file> with the name of the file where you saved the
    announcement. The output for a valid signature looks like:

      gpg: Signature made <DATE> using RSA key ID 3D25D3D9
      gpg: Good signature from "SuSE Security Team <>"

    where <DATE> is replaced by the date the document was signed.

    If the security team's key is not contained in your key ring, you can
    import it from the first installation CD. To import the key, use the

      gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc

  - Package authenticity verification:

    SUSE update packages are available on many mirror FTP servers all over the
    world. While this service is considered valuable and important to the free
    and open source software community, the authenticity and the integrity of
    a package needs to be verified to ensure that it has not been tampered

    There are two verification methods that can be used independently from
    each other to prove the authenticity of a downloaded file or RPM package:

    1) Using the internal gpg signatures of the rpm package
    2) MD5 checksums as provided in this announcement

    1) The internal rpm package signatures provide an easy way to verify the
       authenticity of an RPM package. Use the command

        rpm -v --checksig <file.rpm>

       to verify the signature of the package, replacing <file.rpm> with the
       filename of the RPM package downloaded. The package is unmodified if it
       contains a valid signature from with the key ID 9C800ACA.

       This key is automatically imported into the RPM database (on
       RPMv4-based distributions) and the gpg key ring of 'root' during
       installation. You can also find it on the first installation CD and at
       the end of this announcement.

    2) If you need an alternative means of verification, use the md5sum
       command to verify the authenticity of the packages. Execute the command

         md5sum <filename.rpm>

       after you downloaded the file from a SUSE FTP server or its mirrors.
       Then compare the resulting md5sum with the one that is listed in the
       SUSE security announcement. Because the announcement containing the
       checksums is cryptographically signed (by, the
       checksums show proof of the authenticity of the package if the
       signature of the announcement is valid. Note that the md5 sums
       published in the SUSE Security Announcements are valid for the
       respective packages only. Newer versions of these packages cannot be

  - SUSE runs two security mailing lists to which any interested party may
        -   General Linux and SUSE security discussion.
            All SUSE security announcements are sent to this list.
            To subscribe, send an e-mail to
        -   SUSE's announce-only mailing list.
            Only SUSE's security announcements are sent to this list.
            To subscribe, send an e-mail to

    For general information or the frequently asked questions (FAQ),
    send mail to <> or

    SUSE's security contact is <> or <>.
    The <> public key is listed below.

    The information in this advisory may be distributed or reproduced,
    provided that the advisory is not modified in any way. In particular, the
    clear text signature should show proof of the authenticity of the text.

    SUSE Linux Products GmbH provides no warranties of any kind whatsoever
    with respect to the information contained in this security advisory.

Type Bits/KeyID     Date       User ID
pub  2048R/3D25D3D9 1999-03-06 SuSE Security Team <>
pub  1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <>

Version: GnuPG v1.4.2 (GNU/Linux)


Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)


- 漏洞信息

LibTIFF Custom Tag Support Unspecified Issue
Local Access Required, Location Unknown Input Manipulation, Attack Type Unknown
Loss of Integrity
Exploit Unknown

- 漏洞描述

LibTIFF contains an unspecified local overflow related to custom tag support in the TIFF library that may allow an attacker to execute arbitrary code. No further details have been provided.

- 时间线

2006-08-02 Unknow
Unknow 2006-03-23

- 解决方案

It has been reported that this issue has been fixed. Upgrade to version 3.8.2, or higher, to address this vulnerability.

- 相关参考

- 漏洞作者

- 漏洞信息

LibTIFF Library Anonymous Field Merging Denial of Service Vulnerability
Failure to Handle Exceptional Conditions 19287
Yes No
2006-08-01 12:00:00 2008-08-26 11:25:00
These issues were disclosed by Tavis Ormandy of the Google Security Team.

- 受影响的程序版本

Ubuntu Ubuntu Linux 5.10 sparc
Ubuntu Ubuntu Linux 5.10 powerpc
Ubuntu Ubuntu Linux 5.10 i386
Ubuntu Ubuntu Linux 5.10 amd64
Ubuntu Ubuntu Linux 5.0 4 powerpc
Ubuntu Ubuntu Linux 5.0 4 i386
Ubuntu Ubuntu Linux 5.0 4 amd64
Ubuntu Ubuntu Linux 6.06 LTS sparc
Ubuntu Ubuntu Linux 6.06 LTS powerpc
Ubuntu Ubuntu Linux 6.06 LTS i386
Ubuntu Ubuntu Linux 6.06 LTS amd64
Trustix Secure Linux 3.0
Trustix Secure Linux 2.2
Trustix Secure Enterprise Linux 2.0
SuSE SUSE Linux Enterprise Server 8
SuSE SUSE Linux Enterprise SDK 10
Sun Solaris 9_x86
Sun Solaris 9
Sun Solaris 8_x86
Sun Solaris 8_sparc
Sun Solaris 10.0_x86
Sun Solaris 10.0
Slackware Linux 10.2
Slackware Linux 10.1
Slackware Linux 10.0
Slackware Linux 9.1
Slackware Linux 9.0
SGI ProPack 3.0 SP6
S.u.S.E. UnitedLinux 1.0
S.u.S.E. Novell Linux Desktop 1.0
S.u.S.E. Linux Professional 10.0
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 10.1
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 10.1
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Enterprise Server 10
S.u.S.E. Linux Desktop 1.0
rPath rPath Linux 1
RedHat kernel-BOOT-2.2.12-20.i386.rpm
+ RedHat Linux 6.1
RedHat kernel-bigmem-2.4.20-8.i686.rpm
+ RedHat Linux 9.0 i386
RedHat kernel-bigmem-2.4.18-3.i686.rpm
RedHat kernel-bigmem-2.4.18-14.i686.rpm
+ RedHat Linux 8.0
RedHat kernel-2.4.7-10.i686.rpm
+ RedHat Linux 7.2
RedHat kernel-2.4.7-10.i386.rpm
RedHat kernel-2.4.7-10.athlon.rpm
RedHat kernel-2.4.21-27
RedHat kernel-2.4.20-8.i686.rpm
RedHat kernel-2.4.20-8.i586.rpm
+ RedHat Linux 9.0 i386
RedHat kernel-2.4.20-8.i386.rpm
RedHat kernel-2.4.20-8.athlon.rpm
+ RedHat Linux 9.0 i386
RedHat kernel-2.4.2-2.i686.rpm
RedHat kernel-2.4.2-2.i586.rpm
RedHat kernel-2.4.2-2.i386.rpm
RedHat kernel-2.4.18-3.i686.rpm
RedHat kernel-2.4.18-3.i386.rpm
RedHat kernel-2.4.18-3.athlon.rpm
+ RedHat Linux 7.3
RedHat kernel-2.4.18-14.i686.rpm
RedHat kernel-2.4.18-14.i586.rpm
RedHat kernel-2.4.18-14.athlon.rpm
RedHat kernel-2.2.5-15.i686.rpm
RedHat kernel-2.2.5-15.i586.rpm
RedHat kernel-2.2.5-15.i386.rpm
RedHat kernel-2.2.16-22.i686.rpm
RedHat kernel-2.2.16-22.i586.rpm
+ RedHat Linux 7.0
RedHat kernel-2.2.16-22.i386.rpm
RedHat kernel-2.2.14-5.0.i686.rpm
RedHat kernel-2.2.14-5.0.i586.rpm
RedHat kernel-2.2.14-5.0.i386.rpm
RedHat kernel-2.2.12-20.i686.rpm
RedHat kernel-2.2.12-20.i586.rpm
RedHat kernel-2.2.12-20.i386.rpm
RedHat kermit 1.0 -3
RedHat kdepim-devel-3.1-5.i386.rpm
RedHat kdepim-3.1-5.i386.rpm
RedHat kdelibs-sound-devel-2.2.2-8.ia64.rpm
RedHat kdelibs-sound-devel-2.2.2-8.i386.rpm
RedHat kdelibs-sound-devel-2.2.2-0.71.3.i386.rpm
RedHat kdelibs-sound-devel-2.2-11.ia64.rpm
RedHat kdelibs-sound-devel-2.2-11.i386.rpm
RedHat kdelibs-sound-devel-2.1.1-5.i386.rpm delete
RedHat kdelibs-sound-devel-2.1.1-5.i386.rpm
RedHat kdelibs-sound-2.2.2-8.ia64.rpm
+ RedHat Linux 7.2 ia64
RedHat kdelibs-sound-2.2.2-8.i386.rpm
RedHat kdelibs-sound-2.2.2-0.71.3.i386.rpm
+ RedHat Linux 7.1 i386
RedHat kdelibs-sound-2.2-11.ia64.rpm
RedHat kdelibs-sound-2.2-11.i386.rpm
RedHat kdelibs-sound-2.1.1-5.i386.rpm delete
RedHat kdelibs-sound-2.1.1-5.i386.rpm
RedHat kdelibs-devel-3.1.4-4.x86_64.rpm
+ Red Hat Fedora Core2
RedHat kdelibs-devel-3.1-10.i386.rpm
+ RedHat Linux 9.0 i386
RedHat kdelibs-devel-3.0.3-8.i386.rpm
RedHat kdelibs-devel-3.0.0-10.i386.rpm
+ RedHat Linux 7.3 i386
RedHat kdelibs-devel-2.2.2-8.ia64.rpm
RedHat kdelibs-devel-2.2.2-8.i386.rpm
RedHat kdelibs-devel-2.2.2-0.71.3.i386.rpm
RedHat kdelibs-devel-2.2-11.ia64.rpm
RedHat kdelibs-devel-2.2-11.i386.rpm
RedHat kdelibs-devel-2.1.1-5.i386.rpm delete
RedHat kdelibs-devel-2.1.1-5.i386.rpm
RedHat kdelibs-debuginfo-3.2.2-4.x86_64.rpm
+ Red Hat Fedora Core2
RedHat kdelibs-3.1.4-4.x86_64.rpm
RedHat kdelibs-3.1-10.i386.rpm
RedHat kdelibs-3.0.3-8.i386.rpm
RedHat kdelibs-3.0.0-10.i386.rpm
+ RedHat Linux 7.3 i386
RedHat kdelibs-2.2.2-8.ia64.rpm
RedHat kdelibs-2.2.2-8.i386.rpm
+ RedHat Linux 7.2 i386
RedHat kdelibs-2.2.2-0.71.3.i386.rpm
RedHat kdelibs-2.2-11.ia64.rpm
+ RedHat Linux 7.2 i386
RedHat kdelibs-2.2-11.i386.rpm
+ RedHat Linux 7.2 i386
RedHat kdelibs-2.1.1-5.i386.rpm delete
RedHat kdelibs-2.1.1-5.i386.rpm
RedHat kdebase-devel-3.0.3-13.i386.rpm
+ RedHat Linux 8.0 i386
RedHat kdebase-3.0.3-13.i386.rpm
RedHat joe-2.9.7-4.i386.rpm
RedHat joe-2.8-40.i386.rpm
RedHat joe-2.8-24.i386.rpm
RedHat joe-2.8-22.i386.rpm
RedHat joe-2.8-18.i386.rpm
RedHat joe-2.8-14.i386.rpm
RedHat itcl-3.1.0-53.i386.rpm
RedHat itcl-3.1.0-46.i386.rpm
RedHat iputils-20000418-6.i386.rpm
RedHat iputils-20000121-2.i386.rpm
+ Red Hat Linux 6.2
RedHat iptables-ipv6-1.2.6a-2.i386.rpm
RedHat iptables-ipv6-1.2.5-3.i386.rpm
RedHat iptables-ipv6-1.2.3-1.i386.rpm
RedHat iptables-ipv6-1.2.1a-1.i386.rpm
RedHat iptables-1.2.6a-2.i386.rpm
RedHat iptables-1.2.5-3.i386.rpm
+ RedHat Linux 7.3 i386
RedHat iptables-1.2.3-1.i386.rpm
RedHat iptables-1.2.3-1.i386.rpm
RedHat iproute-debuginfo-2.4.7-11.x86_64.rpm
RedHat iproute-debuginfo-2.4.7-11.i386.rpm
RedHat iproute-2.4.7-11.x86_64.rpm
+ Red Hat Fedora Core1
RedHat iproute-2.4.7-11.i386.rpm
+ Red Hat Fedora Core1
RedHat Interchange 4.8.6
RedHat Interchange 4.8.5
RedHat Interchange 4.8.4
RedHat Interchange 4.8.3
RedHat Interchange 4.8.2
RedHat Interchange 4.8.1
RedHat initscripts 7.93.24
RedHat inetd-0.16-4.i386.rpm
+ Red Hat Linux 6.2
RedHat imap 4.5 -4
RedHat httpd-manual-2.0.40-8.i386.rpm
RedHat httpd-manual-2.0.40-21.i386.rpm
+ RedHat Linux 9.0 i386
RedHat httpd-devel-2.0.40-8.i386.rpm
RedHat httpd-devel-2.0.40-21.i386.rpm
+ RedHat Linux 9.0 i386
RedHat httpd-2.0.40-8.i386.rpm
RedHat httpd-2.0.40-21.i386.rpm
RedHat httpd-2.0.40-21.5.i386.rpm
RedHat hanterm-xf-p19-15.ia64.rpm
RedHat hanterm-xf-p19-15.i386.rpm
RedHat hanterm-xf-p19-15.i386.rpm
RedHat hanterm-xf-2.0.5-5.8.0.i386.rpm
+ RedHat Linux 8.0 i386
RedHat hanterm-xf-2.0.5-5.7.4.ia64.rpm
RedHat hanterm-xf-2.0.5-5.7.4.i386.rpm
RedHat hanterm-xf-2.0.5-5.7.4.i386.rpm
+ RedHat Linux 7.2 i386
RedHat hanterm-xf-2.0.0-6.i386.rpm
RedHat gnupg-1.2.1-3.i386.rpm
RedHat gnupg-1.0.7-6.i386.rpm
RedHat gnupg-1.0.6-5.i386.rpm
RedHat gnupg-1.0.6-3.ia64.rpm
RedHat gnupg-1.0.6-3.i386.rpm
RedHat gnupg-1.0.4-11.i386.rpm
RedHat gnome-core-devel-
+ RedHat Linux 7.3 i386
RedHat gnome-core-devel-1.0.39-10.i386.rpm
RedHat gnome-core-
+ RedHat Linux 7.3 i386
RedHat gnome-core-1.0.39-10.i386.rpm
+ RedHat Linux 6.1
RedHat Glint 2.6.3
RedHat Glint 2.6.2
RedHat glibc-utils-2.2.93-5.i386.rpm
RedHat glibc-utils-2.2.5-34.i386.rpm
+ RedHat Linux 7.3
RedHat glibc-profile-2.2.93-5.i386.rpm
RedHat glibc-profile-2.2.5-34.i386.rpm
+ RedHat Linux 7.3
RedHat glibc-profile-2.2.4-13.i386.rpm
RedHat glibc-profile-2.2.2-10.i386.rpm
RedHat glibc-profile-2.1.92-14.i386.rpm
RedHat glibc-profile-2.1.3-15.i386.rpm
RedHat glibc-profile-2.1.2-11.i386.rpm
RedHat glibc-profile-2.1.1-6.i386.rpm
RedHat glibc-devel-2.2.93-5.i386.rpm
RedHat glibc-devel-2.2.5-34.i386.rpm
RedHat glibc-devel-2.2.4-13.i386.rpm
RedHat glibc-devel-2.2.2-10.i386.rpm
RedHat glibc-devel-2.1.92-14.i386.rpm
+ RedHat Linux 7.0
RedHat glibc-devel-2.1.3-15.i386.rpm
RedHat glibc-devel-2.1.2-11.i386.rpm
RedHat glibc-devel-2.1.1-6.i386.rpm
+ RedHat Linux 6.0
RedHat glibc-debug-static-2.2.93-5.i386.rpm
RedHat glibc-debug-static-2.2.5-34.i386.rpm
RedHat glibc-debug-2.2.93-5.i686.rpm
RedHat glibc-debug-2.2.93-5.i386.rpm
RedHat glibc-debug-2.2.5-34.i686.rpm
RedHat glibc-debug-2.2.5-34.i386.rpm
RedHat glibc-common-2.2.93-5.i386.rpm
+ RedHat Linux 8.0
RedHat glibc-common-2.2.5-34.i386.rpm
RedHat glibc-common-2.2.4-13.i386.rpm
RedHat glibc-common-2.2.2-10.i386.rpm
RedHat glibc-2.2.93-5.i686.rpm
RedHat glibc-2.2.93-5.i386.rpm
RedHat glibc-2.2.5-34.i686.rpm
RedHat glibc-2.2.5-34.i386.rpm
+ RedHat Linux 7.3
RedHat glibc-2.2.4-13.i686.rpm
+ RedHat Linux 7.2
RedHat glibc-2.2.4-13.i386.rpm
RedHat glibc-2.2.2-10.i686.rpm
RedHat glibc-2.2.2-10.i386.rpm
+ RedHat Linux 7.1
RedHat glibc-2.1.92-14.i686.rpm
RedHat glibc-2.1.92-14.i386.rpm
RedHat glibc-2.1.3-15.i386.rpm
+ Red Hat Linux 6.2
RedHat glibc-2.1.2-11.i386.rpm
RedHat glibc-2.1.1-6.i386.rpm
RedHat gkermit-1.0-9.i386.rpm
RedHat gkermit-1.0-9.i386.rpm
RedHat gftp-2.0.7b-3.i386.rpm
RedHat gftp-2.0.7b-2.i386.rpm
RedHat gftp-2.0.6a-3.i386.rpm
RedHat gftp-2.0.11-2.i386.rpm
RedHat gdm-
RedHat gdm-
RedHat gdm-
RedHat gdm-
RedHat gdm-
RedHat gdm-2.0beta2-45.ppc.rpm
RedHat gdm-2.0beta2-45.ppc.rpm
RedHat gdm-2.0beta2-45.i386.rpm
+ RedHat Linux 7.1 i386
RedHat gdk-pixbuf-gnome-0.18.0-7.i386.rpm
+ RedHat Linux 9.0 i386
RedHat gdk-pixbuf-devel-0.18.0-7.i386.rpm
RedHat gdk-pixbuf-0.18.0-7.i386.rpm
+ RedHat Linux 9.0 i386
RedHat gcc-3.2.2-6.i386.rpm 0
RedHat gcc-3.2.2-5.i386.rpm
RedHat gcc-3.2-7.i386.rpm
+ RedHat Linux 8.0 i386
RedHat Fedora Directory Server 1.0.1
RedHat Fedora Directory Server 1.0
RedHat expect-5.31-53.i386.rpm
RedHat expect-5.31-46.i386.rpm
+ RedHat Linux 7.0
RedHat ethereal-gnome-0.9.8-6.i386.rpm
RedHat ethereal-0.9.8-6.i386.rpm
+ RedHat Linux 9.0 i386
RedHat esound-devel-0.2.14-1.i386.rpm
RedHat esound-0.2.14-1.i386.rpm
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
RedHat Enterprise Linux Desktop version 4
RedHat dump-0.4b27-3.i386.rpm
+ RedHat Linux 7.3 i386
RedHat dump 0.4 b15-1
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 alpha
RedHat docbook-utils 0.6.9 -2
RedHat docbook-utils 0.6 -13
+ HP Secure OS software for Linux 1.0
+ RedHat Linux 7.1 noarch
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i686
+ RedHat Linux 7.1 i586
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.1
RedHat Directory Server 7.1 SP1
RedHat Directory Server 7.1
RedHat dip-3.3.7o-23.i386.rpm
+ RedHat Linux 7.3 i386
RedHat dip-3.3.7o-23.i386.rpm
RedHat dip 3.3.7 o-8
RedHat diffutils-2.7-21.i386.rpm
RedHat diffutils-2.7-17.i386.rpm
RedHat diffutils-2.7-11.i386.rpm
+ RedHat Linux 5.2
RedHat Desktop 4.0
RedHat Desktop 3.0
RedHat ddskk-xemacs-11.6.0-8.noarch.rpm
RedHat ddskk-xemacs-11.6.0-6.noarch.rpm
+ RedHat Linux 7.3 i386
RedHat ddskk-xemacs-11.6.0-10.noarch.rpm
RedHat ddskk-11.6.0-8.noarch.rpm
RedHat ddskk-11.6.0-6.noarch.rpm
RedHat ddskk-11.6.0-10.noarch.rpm 0
RedHat ddskk-11.6.0-10.noarch.rpm
+ RedHat Linux 8.0 i386
RedHat ddskk-11.3.20010617-2.noarch.rpm
+ RedHat Linux 7.2 i386
RedHat ddskk-11.3.20010225-5.noarch.rpm
RedHat cvs-1.11.2-10.i386.rpm
+ RedHat Linux 9.0 i386
RedHat cups-libs-1.1.17-13.3.i386.rpm
RedHat cups-libs-1.1.17-0.7.i386.rpm
+ RedHat Linux 8.0 i386
RedHat cups-libs-1.1.14-15.4.i386.rpm
+ RedHat Linux 7.2 i386
RedHat cups-devel-1.1.17-13.3.i386.rpm
+ RedHat Linux 9.0 i386
RedHat cups-devel-1.1.17-0.7.i386.rpm
RedHat cups-devel-1.1.14-15.4.i386.rpm
RedHat cups-1.1.17-13.3.i386.rpm
RedHat cups-1.1.17-0.7.i386.rpm
RedHat cups-1.1.14-15.4.i386.rpm
RedHat Certificate Server 7.1 SP1
RedHat Certificate Server 7.1
RedHat bind-8.2.2_P5-9.i386.rpm
RedHat bind-8.2.2_P5-25.i386.rpm
RedHat bind-8.2.1-7.i386.rpm
RedHat bind-8.2-6.i386.rpm
RedHat bind-8.1.2-5.i386.rpm
RedHat bash-2.05a-13.i386.rpm
RedHat bash-1.14.7-22.i386.rpm
+ Red Hat Linux 6.2
RedHat bash-1.14.7-16.i386.rpm
RedHat bash-1.14.7-13.i386.rpm
+ RedHat Linux 5.2
RedHat arts-2.2.2-8.ia64.rpm
RedHat arts-2.2.2-8.i386.rpm
RedHat arts-2.2.2-0.71.3.i386.rpm
RedHat arts-2.2-11.ia64.rpm
RedHat arts-2.2-11.i386.rpm
RedHat arts-2.1.1-5.i386.rpm delete
RedHat arts-2.1.1-5.i386.rpm
RedHat arts-1.0.0-4.i386.rpm
RedHat arpwatch-2.1a11-7.1.x86_64.rpm
RedHat arpwatch-2.1a11-7.1.i386.rpm
+ Red Hat Fedora Core1
RedHat arpwatch-2.1a11-1.i386.rpm
RedHat Application Server WS 3
RedHat Application Server ES 3
RedHat Application Server AS 3
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
RedHat Advanced Workstation for the Itanium Processor 2.1
RedHat 7.0 traceroute 1.4 a5
+ RedHat Linux 7.0
Red Hat Fedora Core6
Red Hat Fedora Core5
Red Hat Fedora Core5
Red Hat Fedora Core4
Red Hat Fedora Core3
Red Hat Fedora Core2
Red Hat Fedora Core1
Red Hat Enterprise Linux AS 4
Red Hat Enterprise Linux AS 3
Red Hat Enterprise Linux AS 2.1 IA64
Red Hat Enterprise Linux AS 2.1
Red Hat Cygwin 1.5.9 -1
Red Hat Cygwin 1.5.8 -1
Red Hat Cygwin 1.5.7 -1
Red Hat Cygwin 1.5.6 -1
Red Hat Cygwin 1.5.5 -1
Red Hat Cygwin 1.5.4 -1
Red Hat Cygwin 1.5.3 -1
Red Hat Cygwin 1.5.2 -1
Red Hat Cygwin 1.5.1 -1
Red Hat Cygwin 1.5 -1
Red Hat 6.2 traceroute 1.4 a5
Mandriva Linux Mandrake 2006.0 x86_64
Mandriva Linux Mandrake 2006.0
MandrakeSoft Multi Network Firewall 2.0
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Avaya Messaging Storage Server
Avaya Message Networking
Avaya Intuity LX
Apple Mac OS X Server 10.4.7
Apple Mac OS X Server 10.3.9
Apple Mac OS X 10.3.9
Apple Mac OS X 10.3.7
Apple iPod Touch 1.1.1
Apple iPod Touch 1.1
Apple iPhone 1.1.1
Apple iPhone 1.0.2
Apple iPhone 1.0.1
Apple iPhone 1

- 漏洞讨论

The libTIFF library is prone to a denial-of-service vulnerability.

An attacker can exploit this issue by submitting malformed image files.

When the libTIFF library routines process a malicious TIFF file, this could result in abnormal behavior, cause the application to become unresponsive, or possibly allow malicious code to execute.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: &lt;;.

- 解决方案

The vendor has released a patch to address this issue.

Please see the referenced advisories for more information.

Red Hat Fedora Core1

- 相关参考