CVE-2006-3465
CVSS7.5
发布时间 :2006-08-02 21:04:00
修订时间 :2011-03-07 21:38:42
NMCOPS    

[原文]Unspecified vulnerability in the custom tag support for the TIFF library (libtiff) before 3.8.2 allows remote attackers to cause a denial of service (instability or crash) and execute arbitrary code via unknown vectors.


[CNNVD]libtiff自定义标签的漏洞(CNNVD-200608-033)

        LibTiff是负责对TIFF图象格式进行编码/解码的应用库。
        libtiff自定义标签支持中的漏洞可能导致异常、崩溃或执行任意代码。
        
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:9067Unspecified vulnerability in the custom tag support for the TIFF library (libtiff) before 3.8.2 allows remote attackers to cause a denial of...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3465
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3465
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200608-033
(官方数据源) CNNVD

- 其它链接及资源

http://www.us-cert.gov/cas/techalerts/TA06-214A.html
(UNKNOWN)  CERT  TA06-214A
http://www.debian.org/security/2006/dsa-1137
(VENDOR_ADVISORY)  DEBIAN  DSA-1137
https://issues.rpath.com/browse/RPL-558
(UNKNOWN)  CONFIRM  https://issues.rpath.com/browse/RPL-558
http://www.vupen.com/english/advisories/2007/4034
(UNKNOWN)  VUPEN  ADV-2007-4034
http://www.vupen.com/english/advisories/2006/3105
(UNKNOWN)  VUPEN  ADV-2006-3105
http://www.vupen.com/english/advisories/2006/3101
(UNKNOWN)  VUPEN  ADV-2006-3101
http://www.ubuntu.com/usn/usn-330-1
(UNKNOWN)  UBUNTU  USN-330-1
http://www.securityfocus.com/bid/19289
(UNKNOWN)  BID  19289
http://www.securityfocus.com/bid/19287
(UNKNOWN)  BID  19287
http://www.redhat.com/support/errata/RHSA-2006-0603.html
(UNKNOWN)  REDHAT  RHSA-2006:0603
http://www.osvdb.org/27729
(UNKNOWN)  OSVDB  27729
http://www.novell.com/linux/security/advisories/2006_44_libtiff.html
(UNKNOWN)  SUSE  SUSE-SA:2006:044
http://www.gentoo.org/security/en/glsa/glsa-200608-07.xml
(UNKNOWN)  GENTOO  GLSA-200608-07
http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm
(UNKNOWN)  CONFIRM  http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.536600
(UNKNOWN)  SLACKWARE  SSA:2006-230
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.536600
(UNKNOWN)  SLACKWARE  SSA:2006-230
http://securitytracker.com/id?1016671
(UNKNOWN)  SECTRACK  1016671
http://securitytracker.com/id?1016628
(UNKNOWN)  SECTRACK  1016628
http://secunia.com/advisories/21537
(UNKNOWN)  SECUNIA  21537
http://secunia.com/advisories/21501
(UNKNOWN)  SECUNIA  21501
http://secunia.com/advisories/21392
(UNKNOWN)  SECUNIA  21392
http://secunia.com/advisories/21370
(UNKNOWN)  SECUNIA  21370
http://secunia.com/advisories/21334
(UNKNOWN)  SECUNIA  21334
http://secunia.com/advisories/21290
(UNKNOWN)  SECUNIA  21290
http://secunia.com/advisories/21274
(UNKNOWN)  SECUNIA  21274
http://secunia.com/advisories/21253
(UNKNOWN)  SECUNIA  21253
http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html
(UNKNOWN)  APPLE  APPLE-SA-2006-08-01
http://docs.info.apple.com/article.html?artnum=304063
(UNKNOWN)  MISC  http://docs.info.apple.com/article.html?artnum=304063
http://www.redhat.com/support/errata/RHSA-2006-0648.html
(UNKNOWN)  REDHAT  RHSA-2006:0648
http://www.mandriva.com/security/advisories?name=MDKSA-2006:137
(UNKNOWN)  MANDRIVA  MDKSA-2006:137
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1
(UNKNOWN)  SUNALERT  201331
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1
(UNKNOWN)  SUNALERT  103160
http://secunia.com/advisories/27832
(UNKNOWN)  SECUNIA  27832
http://secunia.com/advisories/22036
(UNKNOWN)  SECUNIA  22036
http://secunia.com/advisories/21632
(UNKNOWN)  SECUNIA  21632
http://secunia.com/advisories/21598
(UNKNOWN)  SECUNIA  21598
http://secunia.com/advisories/21346
(UNKNOWN)  SECUNIA  21346
http://secunia.com/advisories/21338
(UNKNOWN)  SECUNIA  21338
http://secunia.com/advisories/21319
(UNKNOWN)  SECUNIA  21319
http://secunia.com/advisories/21304
(UNKNOWN)  SECUNIA  21304
http://lwn.net/Alerts/194228/
(UNKNOWN)  TRUSTIX  2006-0044
ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc
(UNKNOWN)  SGI  20060901-01-P
ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P
(UNKNOWN)  SGI  20060801-01-P

- 漏洞信息

libtiff自定义标签的漏洞
高危 其他
2006-08-02 00:00:00 2006-08-26 00:00:00
远程  
        LibTiff是负责对TIFF图象格式进行编码/解码的应用库。
        libtiff自定义标签支持中的漏洞可能导致异常、崩溃或执行任意代码。
        
        

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        Apple Mac OS X Server 10.3.9
        Apple SecUpdSrvr2006-004Pan.dmg
        http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=11231&cat= 1&platform=osx&method=sa/SecUpdSrvr2006-004Pan.dmg
        Apple Mac OS X 10.3.9
        Apple SecUpd2006-004Pan.dmg
        http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=11230&cat= 1&platform=osx&method=sa/SecUpd2006-004Pan.dmg
        Apple Mac OS X 10.4.7
        Apple SecUpd2006-004Intel.dmg
        http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=11232&cat= 1&platform=osx&method=sa/SecUpd2006-004Intel.dmg
        RedHat Fedora Core1
        Fedora tcpdump-3.7.2-7.fc1.1.i386.rpm
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386 /tcpdump-3.7.2-7.fc1.1.i386.rpm
        Fedora tcpdump-debuginfo-3.7.2-7.fc1.1.i386.rpm
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386 /debug/tcpdump-debuginfo-3.7.2-7.fc1.1.i386.rpm
        

- 漏洞信息 (F49012)

Ubuntu Security Notice 330-1 (PacketStormID:F49012)
2006-08-17 00:00:00
Ubuntu  security.ubuntu.com
advisory,arbitrary
linux,ubuntu
CVE-2006-3459,CVE-2006-3460,CVE-2006-3461,CVE-2006-3462,CVE-2006-3463,CVE-2006-3464,CVE-2006-3465
[点击下载]

Ubuntu Security Notice USN-330-1 - Tavis Ormandy discovered that the TIFF library did not sufficiently check handled images for validity. By tricking an user or an automated system into processing a specially crafted TIFF image, an attacker could exploit these weaknesses to execute arbitrary code with the target application's privileges.

=========================================================== 
Ubuntu Security Notice USN-330-1            August 02, 2006
tiff vulnerabilities
CVE-2006-3459, CVE-2006-3460, CVE-2006-3461, CVE-2006-3462,
CVE-2006-3463, CVE-2006-3464, CVE-2006-3465
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
  libtiff4                                 3.6.1-5ubuntu0.6

Ubuntu 5.10:
  libtiff4                                 3.7.3-1ubuntu1.5

Ubuntu 6.06 LTS:
  libtiff4                                 3.7.4-1ubuntu3.2

After a standard system upgrade you need to reboot your computer to
effect the necessary changes.

Details follow:

Tavis Ormandy discovered that the TIFF library did not sufficiently
check handled images for validity. By tricking an user or an automated
system into processing a specially crafted TIFF image, an attacker
could exploit these weaknesses to execute arbitrary code with the
target application's privileges.

This library is used in many client and server applications, thus you
should reboot your computer after the upgrade to ensure that all
running programs use the new version of the library.


Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1-5ubuntu0.6.diff.gz
      Size/MD5:    30691 49722c5266cd7abd26af4e2930806b9c
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1-5ubuntu0.6.dsc
      Size/MD5:      681 7ad4b09fd3ae17ac3469befee5a0bdbe
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1.orig.tar.gz
      Size/MD5:   848760 bd252167a20ac7910ab3bd2b3ee9e955

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.6.1-5ubuntu0.6_amd64.deb
      Size/MD5:   172866 61bd186e530802e933781ec95ecc75a9
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1-5ubuntu0.6_amd64.deb
      Size/MD5:   459690 585475d89d429435077cf76a1ea26137
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-5ubuntu0.6_amd64.deb
      Size/MD5:   113776 4780d38316de3537a1b55ba45f2fe735

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.6.1-5ubuntu0.6_i386.deb
      Size/MD5:   155968 389e7151c6cea9cee5c4a5f95a13b77d
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1-5ubuntu0.6_i386.deb
      Size/MD5:   441462 cb6274340b13def24594a42a90b68251
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-5ubuntu0.6_i386.deb
      Size/MD5:   104694 16b136cb563918fd5cbea35772af378a

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.6.1-5ubuntu0.6_powerpc.deb
      Size/MD5:   188188 6749e48524a1dae0a6ff5d7e3a2de413
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1-5ubuntu0.6_powerpc.deb
      Size/MD5:   464676 6074afb200b1b839eb612e195a9cdfa7
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-5ubuntu0.6_powerpc.deb
      Size/MD5:   115188 956c9014eb02b96505808da786ad5a76

Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.3-1ubuntu1.5.diff.gz
      Size/MD5:    17432 462f974440018758467c211ae4287a38
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.3-1ubuntu1.5.dsc
      Size/MD5:      756 588e4e00764c879078155ea33e75ff09
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.3.orig.tar.gz
      Size/MD5:  1268182 48fbef3d76a6253699f28f49c8f25a8b

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.3-1ubuntu1.5_amd64.deb
      Size/MD5:    48612 4963d3463e3dc627d7587bddaa49141c
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.3-1ubuntu1.5_amd64.deb
      Size/MD5:   220048 34fbca2f7003642e99a2441ef83aabf7
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.3-1ubuntu1.5_amd64.deb
      Size/MD5:   282498 2b30fa42f5e443215af23faead443c9f
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.3-1ubuntu1.5_amd64.deb
      Size/MD5:   472892 1b3f3aa4f34d2afc75ecece36ff5af09
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.3-1ubuntu1.5_amd64.deb
      Size/MD5:    43448 e60c1e20c08710c65445587d7735a231

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.3-1ubuntu1.5_i386.deb
      Size/MD5:    48018 96eaa5eb44709bedeb613b9f1a22931a
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.3-1ubuntu1.5_i386.deb
      Size/MD5:   205062 5ed40e3a33a7d58775625f5da2971c32
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.3-1ubuntu1.5_i386.deb
      Size/MD5:   258994 4b0faa18540b8850ac5994dae4d814c3
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.3-1ubuntu1.5_i386.deb
      Size/MD5:   458804 347087a64d991f3379d826db0fac0599
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.3-1ubuntu1.5_i386.deb
      Size/MD5:    43464 8331d867bf64e79ee2ab8a639f30fc9d

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.3-1ubuntu1.5_powerpc.deb
      Size/MD5:    50334 0b0325a1c212e27821d0141c59ddc1fb
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.3-1ubuntu1.5_powerpc.deb
      Size/MD5:   239530 2478436b1ed5ddfdf18d077d5ec0212a
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.3-1ubuntu1.5_powerpc.deb
      Size/MD5:   287894 a0f95176643fb7126a967a61f106da73
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.3-1ubuntu1.5_powerpc.deb
      Size/MD5:   473162 8be329a8ad8961071e712404b659b42c
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.3-1ubuntu1.5_powerpc.deb
      Size/MD5:    45670 f0e946707c7eb7bb3ce56730e27ae76a

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.3-1ubuntu1.5_sparc.deb
      Size/MD5:    48610 64c7435b7ce23b66b3a90e15f575845a
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.3-1ubuntu1.5_sparc.deb
      Size/MD5:   210412 98e14a7b26a3d23a6416fa2b211ef1fe
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.3-1ubuntu1.5_sparc.deb
      Size/MD5:   271428 3ef34fd17abbc5d261f998b4808f9cf3
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.3-1ubuntu1.5_sparc.deb
      Size/MD5:   464560 9d13ba6ded259ff29456328901bb00a6
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.3-1ubuntu1.5_sparc.deb
      Size/MD5:    43362 56ee90c0206249bd10c8b10f2948747f

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4-1ubuntu3.2.diff.gz
      Size/MD5:    19124 a1e98bba276f935aebd6ab7d2f757cf7
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4-1ubuntu3.2.dsc
      Size/MD5:      758 be3125f609008aeef14df7c3cd35a349
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4.orig.tar.gz
      Size/MD5:  1280113 02cf5c3820bda83b35bb35b45ae27005

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.2_amd64.deb
      Size/MD5:    49640 036260cccaf5422219611f29e541b9a8
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.2_amd64.deb
      Size/MD5:   220568 b370e81168090a997cdeec22ba2772ca
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.2_amd64.deb
      Size/MD5:   282000 b1e1df69d96431d857f01e6efdf74b47
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.2_amd64.deb
      Size/MD5:   475234 01679bc8144b2cfc39f7e30817ebe895
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.2_amd64.deb
      Size/MD5:    44464 443d29a19341a9a3d8e8406543a0f879

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.2_i386.deb
      Size/MD5:    48972 1487f93c4ae0b7d89a2ec20fc1cf7751
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.2_i386.deb
      Size/MD5:   205728 a1c62563ff4f15720fe41dad46aa47c1
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.2_i386.deb
      Size/MD5:   258772 a01fc13c7120e0470deb17bb4416b9df
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.2_i386.deb
      Size/MD5:   461560 66f17cac2fa69165f799e57c12ee53cb
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.2_i386.deb
      Size/MD5:    44438 25fcb41c5c348031eae48bd5ff837c22

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.2_powerpc.deb
      Size/MD5:    51312 3fb7912024ac85a7c16f68d7f4064f27
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.2_powerpc.deb
      Size/MD5:   239548 e5f378e86f46be643fd358926e61fd1f
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.2_powerpc.deb
      Size/MD5:   287558 8d93e194d4ba4e63bdbe8d5e0242cfe3
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.2_powerpc.deb
      Size/MD5:   475648 7800d2741705bc25397094a5c8ee3148
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.2_powerpc.deb
      Size/MD5:    46672 bb4698013afd1f6c86785e8cc28e4a6f

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.2_sparc.deb
      Size/MD5:    49520 e13fa9d1515fe5bc78ffface31611484
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.2_sparc.deb
      Size/MD5:   208396 d925feff7ff15ed4411708266cb53d2b
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.2_sparc.deb
      Size/MD5:   269778 e08346a2f3bae86f419753f10350e617
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.2_sparc.deb
      Size/MD5:   466472 d3398c5e98ac9991550f3f3d0148025b
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.2_sparc.deb
      Size/MD5:    44386 47bf6769b8cb9a87372cd5f25fd88338

    

- 漏洞信息 (F49010)

Debian Linux Security Advisory 1137-1 (PacketStormID:F49010)
2006-08-17 00:00:00
Debian  debian.org
advisory
linux,debian
CVE-2006-3459,CVE-2006-3460,CVE-2006-3461,CVE-2006-3462,CVE-2006-3463,CVE-2006-3464,CVE-2006-3465
[点击下载]

Debian Security Advisory 1137-1 - Tavis Ormandy of the Google Security Team discovered several problems in the TIFF library.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1137-1                    security@debian.org
http://www.debian.org/security/                             Martin Schulze
August 2nd, 2006                        http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : tiff
Vulnerability  : several
Problem type   : local (remote)
Debian-specific: no
CVE IDs        : CVE-2006-3459 CVE-2006-3460 CVE-2006-3461 CVE-2006-3462
                 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465

Tavis Ormandy of the Google Security Team discovered several problems
in the TIFF library.  The Common Vulnerabilities and Exposures project
identifies the following issues:

CVE-2006-3459

    Several stack-buffer overflows have been discovered.

CVE-2006-3460

    A heap overflow vulnerability in the JPEG decoder may overrun a
    buffer with more data than expected.

CVE-2006-3461

    A heap overflow vulnerability in the PixarLog decoder may allow an
    attacker to execute arbitrary code.

CVE-2006-3462

    A heap overflow vulnerability has been discovered in the NeXT RLE
    decoder.

CVE-2006-3463

    An loop was discovered where a 16bit unsigned short was used to
    iterate over a 32bit unsigned value so that the loop would never
    terminate and continue forever.

CVE-2006-3464

    Multiple unchecked arithmetic operations were uncovered, including
    a number of the range checking operations designed to ensure the
    offsets specified in TIFF directories are legitimate.

CVE-2006-3465

    A flaw was also uncovered in libtiffs custom tag support which may
    result in abnormal behaviour, crashes, or potentially arbitrary
    code execution.

For the stable distribution (sarge) these problems have been fixed in
version 3.7.2-7.

For the unstable distribution (sid) these problems have been fixed in
version 3.8.2-6.

We recommend that you upgrade your libtiff packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2-7.dsc
      Size/MD5 checksum:      736 ce0ffb8cdd1130153deaefa8b59abe81
    http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2-7.diff.gz
      Size/MD5 checksum:    17174 ff485016221ededfc8ce649538322211
    http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2.orig.tar.gz
      Size/MD5 checksum:  1252995 221679f6d5c15670b3c242cbfff79a00

  Alpha architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_alpha.deb
      Size/MD5 checksum:    47112 a4f7feea087ba03a84f745ee79a7ff56
    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_alpha.deb
      Size/MD5 checksum:   243840 f7abb618f36082be959f6e3c9a99cf8f
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_alpha.deb
      Size/MD5 checksum:   479064 c137c6857ed320928f182115fbd94b21
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_alpha.deb
      Size/MD5 checksum:   311206 c202ef6404c23ea7dc999c03e586c07f
    http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_alpha.deb
      Size/MD5 checksum:    41228 53c5979e8c2556e5a19607c19e862368

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_amd64.deb
      Size/MD5 checksum:    46036 bc6d0c7db57a1dcae4b8dd65b4640243
    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_amd64.deb
      Size/MD5 checksum:   218060 d09ef1de8b31f074d2f05c7522858cf1
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_amd64.deb
      Size/MD5 checksum:   459964 8be097d74ac788d87a8358b8f9e68d79
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_amd64.deb
      Size/MD5 checksum:   267872 cc0a4241cd53de29b561286fcd91cf2c
    http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_amd64.deb
      Size/MD5 checksum:    40804 136bc49ad0c85dc6fa9f61242cf97c05

  ARM architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_arm.deb
      Size/MD5 checksum:    45536 0253b94c6f94a33c9942568f9093fedd
    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_arm.deb
      Size/MD5 checksum:   208630 45e2ef6af43bfbddb4aee00b659d287a
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_arm.deb
      Size/MD5 checksum:   454194 354e1b4560b4a407c4b4faf5d2555b20
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_arm.deb
      Size/MD5 checksum:   266148 f535b441d81a7786815d954c843b9c81
    http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_arm.deb
      Size/MD5 checksum:    40304 fcd0980c8fc2dedaa8a6380e0d4736bd

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_i386.deb
      Size/MD5 checksum:    45400 e51d8f157a2ef94cbc4e893f756be29a
    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_i386.deb
      Size/MD5 checksum:   206412 69a3c66b2c9733653e6e7f667ab260b3
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_i386.deb
      Size/MD5 checksum:   453078 267f8f361f0dc87f40c8bc37d4785f57
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_i386.deb
      Size/MD5 checksum:   252412 5720af1515d6c9ce04f0e7abea045955
    http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_i386.deb
      Size/MD5 checksum:    40850 18710ba8ae073bd5a6e7b3c299cbae23

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_ia64.deb
      Size/MD5 checksum:    48512 c57280d747f62859c4477a0f1dcbcfef
    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_ia64.deb
      Size/MD5 checksum:   269156 277ad4a79cd2148991134c6ed8c029fe
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_ia64.deb
      Size/MD5 checksum:   511782 4b64fd28c917e7e2e158c7244cfc892d
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_ia64.deb
      Size/MD5 checksum:   331790 614a46318d671800caab21e26df9c1bf
    http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_ia64.deb
      Size/MD5 checksum:    42450 af80a3234e174d9f15bbb4e68d2b558f

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_hppa.deb
      Size/MD5 checksum:    46846 e863b11db8f25a221776ea306eeb1539
    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_hppa.deb
      Size/MD5 checksum:   230316 9ccb777cf49096a2dabf144de609b83c
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_hppa.deb
      Size/MD5 checksum:   473764 6938692095c40fba1f5feca1efd243a8
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_hppa.deb
      Size/MD5 checksum:   282648 68ffb8ebaac2404aa1f9a709e83abfc6
    http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_hppa.deb
      Size/MD5 checksum:    41476 4327a6e2887ab7d5bb69d0476186d69e

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_m68k.deb
      Size/MD5 checksum:    45408 e33d428b54a5776181803c28475e2a30
    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_m68k.deb
      Size/MD5 checksum:   193578 d7f3db57205002a50354df9cc1e74767
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_m68k.deb
      Size/MD5 checksum:   443280 2e982f2b17745777ff6e249f627b1b4c
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_m68k.deb
      Size/MD5 checksum:   235056 c362aaa8589f44a3dc533143c37fd16b
    http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_m68k.deb
      Size/MD5 checksum:    40450 279a59887fd7a90b9d92415a07fe87f1

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_mips.deb
      Size/MD5 checksum:    46300 c26b165f7098aa083170b90c8002406e
    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_mips.deb
      Size/MD5 checksum:   252404 77b6d4382ee49bab1d3b94ea69d3bd88
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_mips.deb
      Size/MD5 checksum:   459088 34e8d02f8bac8bc4b059bc36109dda66
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_mips.deb
      Size/MD5 checksum:   281156 c2bf726c93de2c1ce1cb289d65fec892
    http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_mips.deb
      Size/MD5 checksum:    41086 85b8389df1df050f12fd87488ab46c02

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_mipsel.deb
      Size/MD5 checksum:    46256 8a1cc8fbd9e7679f2ec722f46a300fe1
    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_mipsel.deb
      Size/MD5 checksum:   252820 876a24a6b4b49d19eb2d425f7271528e
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_mipsel.deb
      Size/MD5 checksum:   459392 f1d09bb13a31f8ec73922f50d538b073
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_mipsel.deb
      Size/MD5 checksum:   280986 eff50ab58f511148d9d56ecbbc02c162
    http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_mipsel.deb
      Size/MD5 checksum:    41066 7490a101b2de00f6f458359f64b05daa

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_powerpc.deb
      Size/MD5 checksum:    47462 3eaaac85e15b48dd1add1fb314de9b74
    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_powerpc.deb
      Size/MD5 checksum:   235624 2d13e7c1769aab6d8a051817009d10ca
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_powerpc.deb
      Size/MD5 checksum:   461300 94dddf225b2130da2daca1ec54b2c0b0
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_powerpc.deb
      Size/MD5 checksum:   272868 0517f72923504549f4acf0fab1e1924f
    http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_powerpc.deb
      Size/MD5 checksum:    42658 9dd0f68f37713263bc9a729d7216b35f

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_s390.deb
      Size/MD5 checksum:    46422 039bfe0dde0063b276a57c1414a6d9ca
    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_s390.deb
      Size/MD5 checksum:   214056 b87d71aa653f45726d3b4ecd60b226b3
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_s390.deb
      Size/MD5 checksum:   466474 6b6e2dd8152760e65d2af459deac62fc
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_s390.deb
      Size/MD5 checksum:   267648 fc8d5662348991874f47953f20102b38
    http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_s390.deb
      Size/MD5 checksum:    41078 090b4edea314fadf183bb31fd891be34

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_sparc.deb
      Size/MD5 checksum:    45706 955588f87bf3796b962c6f18ad5ecbb3
    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_sparc.deb
      Size/MD5 checksum:   205502 710eb39e993e988dcc1abc5cefd2f559
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_sparc.deb
      Size/MD5 checksum:   455492 76e4acd2000175c52d60f6b6f53aaa25
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_sparc.deb
      Size/MD5 checksum:   258764 c33aacda7a8162ff5ba7fd9399e347a6
    http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_sparc.deb
      Size/MD5 checksum:    40806 cefaef4ab3ed03fdeeec97a40081721f


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFE0O68W5ql+IAeqTIRAu2CAKCen9woCeYUfmTgqnDcigV2qzkpewCfaiz6
UuRcpsNysRI+l/oPURUKGZ0=
=cFlc
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F48991)

Mandriva Linux Security Advisory 2006.137 (PacketStormID:F48991)
2006-08-17 00:00:00
Mandriva  mandriva.com
advisory,vulnerability
linux,mandriva
CVE-2006-3459,CVE-2006-3460,CVE-2006-3461,CVE-2006-3462,CVE-2006-3463,CVE-2006-3464,CVE-2006-3465
[点击下载]

Mandriva Linux Security Advisory MDKSA-2006-137 - Tavis Ormandy, Google Security Team, has discovered several vulnerabilities in the libtiff image processing library.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:137
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : libtiff
 Date    : August 1, 2006
 Affected: 2006.0, Corporate 3.0, Multi Network Firewall 2.0
 _______________________________________________________________________
 
 Problem Description:
 
 Tavis Ormandy, Google Security Team, discovered several vulnerabilites
 the libtiff image processing library:
 
 Several buffer overflows have been discovered, including a stack
 buffer overflow via TIFFFetchShortPair() in tif_dirread.c, which is
 used to read two unsigned shorts from the input file. While a bounds
 check is performed via CheckDirCount(), no action is taken on the
 result allowing a pathological tdir_count to read an arbitrary number
 of unsigned shorts onto a stack buffer. (CVE-2006-3459) 
 
 A heap overflow vulnerability was discovered in the jpeg decoder,
 where TIFFScanLineSize() is  documented to return the size in bytes
 that a subsequent call to TIFFReadScanline() would write, however the
 encoded jpeg stream may disagree with these results and overrun the
 buffer with more data than expected. (CVE-2006-3460)
 
 Another heap overflow exists in the PixarLog decoder where a run
 length encoded data stream may specify a stride that is not an exact
 multiple of the number of samples. The result is that on the final
 decode operation the destination buffer is overrun, potentially
 allowing an attacker to execute arbitrary code. (CVE-2006-3461)
 
 The NeXT RLE decoder was also vulnerable to a heap overflow
 vulnerability, where no bounds checking was performed on the result of
 certain RLE decoding operations. This was solved by ensuring the
 number of pixels written did not exceed the size of the scanline
 buffer already prepared. (CVE-2006-3462)
 
 An infinite loop was discovered in EstimateStripByteCounts(), where a
 16bit unsigned short was used to iterate over a 32bit unsigned value,
 should the unsigned int (td_nstrips) have exceeded USHORT_MAX, the
 loop would never terminate and continue forever. (CVE-2006-3463)
 
 Multiple unchecked arithmetic operations were uncovered, including a
 number of the range checking operations deisgned to ensure the offsets
 specified in tiff directories are legitimate. These  can be caused to
 wrap for extreme values, bypassing sanity checks. Additionally, a
 number of codepaths were uncovered where assertions did not hold true,
 resulting in the client application calling abort(). (CVE-2006-3464)
 
 A flaw was also uncovered in libtiffs custom tag support, as
 documented here http://www.libtiff.org/v3.6.0.html. While well formed
 tiff files must have correctly ordered directories, libtiff attempts
 to support broken images that do not. However in certain
 circumstances, creating anonymous fields prior to merging field
 information from codec information can result in recognised fields
 with unexpected values. This state results in abnormal behaviour,
 crashes, or potentially arbitrary code execution. (CVE-2006-3465)
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3459
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3460
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3461
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3462
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3463
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3464
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3465
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 c0173eb2f2d497fce68b863a6d01433e  2006.0/RPMS/libtiff3-3.6.1-12.6.20060mdk.i586.rpm
 55369714ae92ea654507f33944285322  2006.0/RPMS/libtiff3-devel-3.6.1-12.6.20060mdk.i586.rpm
 8303a2a5f5b98d0fe984c4f62a8849e7  2006.0/RPMS/libtiff3-static-devel-3.6.1-12.6.20060mdk.i586.rpm
 898dbc11589b623cba53d4e0dea4ec6e  2006.0/RPMS/libtiff-progs-3.6.1-12.6.20060mdk.i586.rpm
 1f77f216c421961825035b17e2fc3d0f  2006.0/SRPMS/libtiff-3.6.1-12.6.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 67217a6617c35cfa110b9199ce827c7f  x86_64/2006.0/RPMS/lib64tiff3-3.6.1-12.6.20060mdk.x86_64.rpm
 b5ea6efd7fcb1db40c69457de4d90980  x86_64/2006.0/RPMS/lib64tiff3-devel-3.6.1-12.6.20060mdk.x86_64.rpm
 673437e87cd25febee28993cd3c9488d  x86_64/2006.0/RPMS/lib64tiff3-static-devel-3.6.1-12.6.20060mdk.x86_64.rpm
 c0173eb2f2d497fce68b863a6d01433e  x86_64/2006.0/RPMS/libtiff3-3.6.1-12.6.20060mdk.i586.rpm
 55369714ae92ea654507f33944285322  x86_64/2006.0/RPMS/libtiff3-devel-3.6.1-12.6.20060mdk.i586.rpm
 8303a2a5f5b98d0fe984c4f62a8849e7  x86_64/2006.0/RPMS/libtiff3-static-devel-3.6.1-12.6.20060mdk.i586.rpm
 c3a7a68b6fef5f74240a6f526412d216  x86_64/2006.0/RPMS/libtiff-progs-3.6.1-12.6.20060mdk.x86_64.rpm
 1f77f216c421961825035b17e2fc3d0f  x86_64/2006.0/SRPMS/libtiff-3.6.1-12.6.20060mdk.src.rpm

 Corporate 3.0:
 7ed65170763bdbb2db2c73a0e6d21dc5  corporate/3.0/RPMS/libtiff3-3.5.7-11.12.C30mdk.i586.rpm
 c4fd193c4ac3c199f98751b615f7f5ad  corporate/3.0/RPMS/libtiff3-devel-3.5.7-11.12.C30mdk.i586.rpm
 2d4920c58d576d4174358a62eb533acd  corporate/3.0/RPMS/libtiff3-static-devel-3.5.7-11.12.C30mdk.i586.rpm
 aa07135a25873d7265dfb1a4ac1fd365  corporate/3.0/RPMS/libtiff-progs-3.5.7-11.12.C30mdk.i586.rpm
 8c70315b6e8fcbfeb56abaf9df8fef52  corporate/3.0/SRPMS/libtiff-3.5.7-11.12.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 c48326e5749da37145fe7744b2ec7da7  x86_64/corporate/3.0/RPMS/lib64tiff3-3.5.7-11.12.C30mdk.x86_64.rpm
 d5a2fa2ad3de5d7a77332920eea6ccb2  x86_64/corporate/3.0/RPMS/lib64tiff3-devel-3.5.7-11.12.C30mdk.x86_64.rpm
 3582b0f21935141f83bb83787ce6537a  x86_64/corporate/3.0/RPMS/lib64tiff3-static-devel-3.5.7-11.12.C30mdk.x86_64.rpm
 7ed65170763bdbb2db2c73a0e6d21dc5  x86_64/corporate/3.0/RPMS/libtiff3-3.5.7-11.12.C30mdk.i586.rpm
 b8de80aaa29a62815ef364357c319d95  x86_64/corporate/3.0/RPMS/libtiff-progs-3.5.7-11.12.C30mdk.x86_64.rpm
 8c70315b6e8fcbfeb56abaf9df8fef52  x86_64/corporate/3.0/SRPMS/libtiff-3.5.7-11.12.C30mdk.src.rpm

 Multi Network Firewall 2.0:
 8cc2951ca065dced86d900d2713f7755  mnf/2.0/RPMS/libtiff3-3.5.7-11.12.M20mdk.i586.rpm
 20c7813342fc7964cfc3f35465232ade  mnf/2.0/SRPMS/libtiff-3.5.7-11.12.M20mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEz4TtmqjQ0CJFipgRAjTYAJ9tZ6Kqz9K0x3vYAWL8PHtli0+rTgCeN5m8
+R9B81Ti9uezqZlT1CNf3o8=
=TKF2
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F48988)

SUSE-SA-2006-044.txt (PacketStormID:F48988)
2006-08-17 00:00:00
 
advisory,remote,code execution
linux,suse
CVE-2006-3459,CVE-2006-3460,CVE-2006-3461,CVE-2006-3462,CVE-2006-3463,CVE-2006-3464,CVE-2006-3465
[点击下载]

SUSE Security Announcement SUSE-SA:2006:044 - This update of libtiff is the result of a source-code audit done by Tavis Ormandy, Google Security Team. It fixes various bugs that can lead to denial-of-service conditions as well as to remote code execution while parsing a tiff image provided by an attacker.

-----BEGIN PGP SIGNED MESSAGE-----

______________________________________________________________________________

                        SUSE Security Announcement

        Package:                libtiff
        Announcement ID:        SUSE-SA:2006:044
        Date:                   Tue, 01 Aug 2006 17:00:00 +0000
        Affected Products:      SLE SDK 10
                                SUSE LINUX 10.1
                                SUSE LINUX 10.0
                                SUSE LINUX 9.3
                                SUSE LINUX 9.2
                                SuSE Linux Desktop 1.0
                                SuSE Linux Enterprise Server 8
                                SUSE SLES 10
                                SUSE SLES 9
                                UnitedLinux 1.0
        Vulnerability Type:     possible remote code execution
        Severity (1-10):        8
        SUSE Default Package:   yes
        Cross-References:       CVE-2006-3459, CVE-2006-3460, CVE-2006-3461,
				CVE-2006-3462, CVE-2006-3463, CVE-2006-3464,
				CVE-2006-3465

    Content of This Advisory:
        1) Security Vulnerability Resolved:
             fixed heap- and  integer-overflows
           Problem Description
        2) Solution or Work-Around
        3) Special Instructions and Notes
        4) Package Location and Checksums
        5) Pending Vulnerabilities, Solutions, and Work-Arounds:
        6) Authenticity Verification and Additional Information

______________________________________________________________________________

1) Problem Description and Brief Discussion

   This update of libtiff is the result of a source-code audit done by
   Tavis Ormandy, Google Security Team. It fixes various bugs that can
   lead to denial-of-service conditions as well as to remote code execution
   while parsing a tiff image provided by an attacker.

2) Solution or Work-Around

   No work-around known.

3) Special Instructions and Notes

   Please restart all applications using libtiff. Desktop users should logout
   and re-login.
   On server systems you have to restart all server applications manually.

4) Package Location and Checksums

   The preferred method for installing security updates is to use the YaST
   Online Update (YOU) tool. YOU detects which updates are required and
   automatically performs the necessary steps to verify and install them.
   Alternatively, download the update packages for your distribution manually
   and verify their integrity by the methods listed in Section 6 of this
   announcement. Then install the packages using the command

     rpm -Fhv <file.rpm>

   to apply the update, replacing <file.rpm> with the filename of the
   downloaded RPM package.

   
   x86 Platform:
   
   SUSE LINUX 10.1:
   ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/libtiff-3.8.2-5.9.i586.rpm
          cee78f3b8393e87212f6c7eee1f1352f
   ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/libtiff-devel-3.8.2-5.9.i586.rpm
          29374ea1d07be6b3c19828622fc8d85d
   
   SUSE LINUX 10.0:
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/libtiff-3.7.3-2.6.i586.rpm
          c48675b2ee56aedbe4d14ae756343883
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/libtiff-devel-3.7.3-2.6.i586.rpm
          a19043509104bbdf56e208c44533fd17
   
   SUSE LINUX 9.3:
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/libtiff-3.7.1-7.8.i586.rpm
          a9302f4fcd3b68edcbf6fa65ee8442c3
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/libtiff-devel-3.7.1-7.8.i586.rpm
          12d72bbfb69a3fdb99007570d1e085ad
   
   SUSE LINUX 9.2:
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/libtiff-3.6.1-47.12.i586.rpm
          7f20ea84b8c0f57b61d885c45111d6b5
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/libtiff-devel-3.6.1-47.12.i586.rpm
          f36060a6d1979685ee7ca48e7b752a13
   
   Power PC Platform:
   
   SUSE LINUX 10.1:
   ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/libtiff-3.8.2-5.9.ppc.rpm
          854544b32d5b37295c74ccb50117696f
   ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/libtiff-devel-3.8.2-5.9.ppc.rpm
          133cb5b0ca0d416e9680f887c97ad755
   
   SUSE LINUX 10.0:
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/libtiff-3.7.3-2.6.ppc.rpm
          99f01efad45f24e8d6d71d267cb8268c
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/libtiff-devel-3.7.3-2.6.ppc.rpm
          d7e48acc3fcb3c1ba3f4eb1f10ea1bee
   
   x86-64 Platform:
   
   SUSE LINUX 10.1:
   ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/libtiff-3.8.2-5.9.x86_64.rpm
          1925947454d5a294eea0ae33f84e7a18
   ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/libtiff-32bit-3.8.2-5.9.x86_64.rpm
          d5815aa12ff3a020e9db8217a968d413
   ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/libtiff-devel-3.8.2-5.9.x86_64.rpm
          aef78c4623c541daffd9d7264481028d
   ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/libtiff-devel-32bit-3.8.2-5.9.x86_64.rpm
          2310393005c3a73e8a07149febf55d0c
   
   SUSE LINUX 10.0:
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/libtiff-3.7.3-2.6.x86_64.rpm
          58b69feace7592ebe3d2cfb89145e23f
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/libtiff-32bit-3.7.3-2.6.x86_64.rpm
          3eb152a3d6896290bb14ce2e282f7fa4
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/libtiff-devel-3.7.3-2.6.x86_64.rpm
          01395b47c733b9e8624b1c16fb7d3da0
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/libtiff-devel-32bit-3.7.3-2.6.x86_64.rpm
          06071d61873c07b51feec446cd708bb8
   
   SUSE LINUX 9.3:
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/libtiff-3.7.1-7.8.x86_64.rpm
          1c210504374ad6344a8a6e4f4d248707
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/libtiff-32bit-9.3-7.3.x86_64.rpm
          86b90ea77293182e332ace686ae7d08e
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/libtiff-devel-3.7.1-7.8.x86_64.rpm
          9f87e7aed1c3847bb74795e3f9180354
   
   SUSE LINUX 9.2:
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/libtiff-3.6.1-47.12.x86_64.rpm
          17a80e08f430667462d8c8dbda680671
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/libtiff-32bit-9.2-200607271428.x86_64.rpm
          f11b621445853ca5e01a85dba0e86709
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/libtiff-devel-3.6.1-47.12.x86_64.rpm
          63006aa37717b2e4151847e71e94b9ad
   
   Our maintenance customers are notified individually. The packages are
   offered for installation from the maintenance web:
   
   http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/e25437fbc064183ed90d520bb8ab53f2.html
   http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/af67a688fbb2e507784c8a1e9db46ab3.html

______________________________________________________________________________

5) Pending Vulnerabilities, Solutions, and Work-Arounds:

   Please read the weekly summary report.

______________________________________________________________________________

6) Authenticity Verification and Additional Information

  - Announcement authenticity verification:

    SUSE security announcements are published via mailing lists and on Web
    sites. The authenticity and integrity of a SUSE security announcement is
    guaranteed by a cryptographic signature in each announcement. All SUSE
    security announcements are published with a valid signature.

    To verify the signature of the announcement, save it as text into a file
    and run the command

      gpg --verify <file>

    replacing <file> with the name of the file where you saved the
    announcement. The output for a valid signature looks like:

      gpg: Signature made <DATE> using RSA key ID 3D25D3D9
      gpg: Good signature from "SuSE Security Team <security@suse.de>"

    where <DATE> is replaced by the date the document was signed.

    If the security team's key is not contained in your key ring, you can
    import it from the first installation CD. To import the key, use the
    command

      gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc

  - Package authenticity verification:

    SUSE update packages are available on many mirror FTP servers all over the
    world. While this service is considered valuable and important to the free
    and open source software community, the authenticity and the integrity of
    a package needs to be verified to ensure that it has not been tampered
    with.

    There are two verification methods that can be used independently from
    each other to prove the authenticity of a downloaded file or RPM package:

    1) Using the internal gpg signatures of the rpm package
    2) MD5 checksums as provided in this announcement

    1) The internal rpm package signatures provide an easy way to verify the
       authenticity of an RPM package. Use the command

        rpm -v --checksig <file.rpm>

       to verify the signature of the package, replacing <file.rpm> with the
       filename of the RPM package downloaded. The package is unmodified if it
       contains a valid signature from build@suse.de with the key ID 9C800ACA.

       This key is automatically imported into the RPM database (on
       RPMv4-based distributions) and the gpg key ring of 'root' during
       installation. You can also find it on the first installation CD and at
       the end of this announcement.

    2) If you need an alternative means of verification, use the md5sum
       command to verify the authenticity of the packages. Execute the command

         md5sum <filename.rpm>

       after you downloaded the file from a SUSE FTP server or its mirrors.
       Then compare the resulting md5sum with the one that is listed in the
       SUSE security announcement. Because the announcement containing the
       checksums is cryptographically signed (by security@suse.de), the
       checksums show proof of the authenticity of the package if the
       signature of the announcement is valid. Note that the md5 sums
       published in the SUSE Security Announcements are valid for the
       respective packages only. Newer versions of these packages cannot be
       verified.

  - SUSE runs two security mailing lists to which any interested party may
    subscribe:

    suse-security@suse.com
        -   General Linux and SUSE security discussion.
            All SUSE security announcements are sent to this list.
            To subscribe, send an e-mail to
                <suse-security-subscribe@suse.com>.

    suse-security-announce@suse.com
        -   SUSE's announce-only mailing list.
            Only SUSE's security announcements are sent to this list.
            To subscribe, send an e-mail to
                <suse-security-announce-subscribe@suse.com>.

    For general information or the frequently asked questions (FAQ),
    send mail to <suse-security-info@suse.com> or
    <suse-security-faq@suse.com>.

    =====================================================================
    SUSE's security contact is <security@suse.com> or <security@suse.de>.
    The <security@suse.de> public key is listed below.
    =====================================================================
______________________________________________________________________________

    The information in this advisory may be distributed or reproduced,
    provided that the advisory is not modified in any way. In particular, the
    clear text signature should show proof of the authenticity of the text.

    SUSE Linux Products GmbH provides no warranties of any kind whatsoever
    with respect to the information contained in this security advisory.

Type Bits/KeyID     Date       User ID
pub  2048R/3D25D3D9 1999-03-06 SuSE Security Team <security@suse.de>
pub  1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build@suse.de>

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.2 (GNU/Linux)

mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU
F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS
FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW
tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It
Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF
AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+
3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk
YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP
+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR
8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U
8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S
cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh
ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB
UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo
AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n
KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi
BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro
nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg
KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx
yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn
B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV
wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh
UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF
5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3
D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu
zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd
9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi
a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13
CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp
271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE
t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG
B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw
rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt
IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL
rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H
RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa
g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA
CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO
=ypVs
- -----END PGP PUBLIC KEY BLOCK-----

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)

iQEVAwUBRM+Cx3ey5gA9JdPZAQHZvwgAm1AP+ejYu9zM35NFQXJINtzwNRtu/bzW
SN6repzdnbto7pMf4FewsgHZmTHLJq34httzDG6xRP1dV0ZhRpVNA4kZxMSzmRQW
HbE0NGmpzuatYG2T8gNy8vlVoVAzna/UuiRGAF51ufqrfI5rmIZD288k6E/otlfv
QVLyt9n3c1WIdO/vVoKZG598FrDpOO4y657rllckjSGKKKnop5uTNyYsyOTcxndi
+oTwcbKbXXCvKvTbK5bpQbeRZLJA5F4weZL8UvxvQ8Y97U9ySH8fkHdBLseHs8CG
B6cuYyH5kq76dESgMdxcVQQSoVEnVJGKDH2cjMOa+3M1sBPvgygadQ==
=tl5J
-----END PGP SIGNATURE-----
    

- 漏洞信息

27729
LibTIFF Custom Tag Support Unspecified Issue
Local Access Required, Location Unknown Input Manipulation, Attack Type Unknown
Loss of Integrity
Exploit Unknown

- 漏洞描述

LibTIFF contains an unspecified local overflow related to custom tag support in the TIFF library that may allow an attacker to execute arbitrary code. No further details have been provided.

- 时间线

2006-08-02 Unknow
Unknow 2006-03-23

- 解决方案

It has been reported that this issue has been fixed. Upgrade to version 3.8.2, or higher, to address this vulnerability.

- 相关参考

- 漏洞作者

- 漏洞信息

LibTIFF Library Anonymous Field Merging Denial of Service Vulnerability
Failure to Handle Exceptional Conditions 19287
Yes No
2006-08-01 12:00:00 2008-08-26 11:25:00
These issues were disclosed by Tavis Ormandy of the Google Security Team.

- 受影响的程序版本

Ubuntu Ubuntu Linux 5.10 sparc
Ubuntu Ubuntu Linux 5.10 powerpc
Ubuntu Ubuntu Linux 5.10 i386
Ubuntu Ubuntu Linux 5.10 amd64
Ubuntu Ubuntu Linux 5.0 4 powerpc
Ubuntu Ubuntu Linux 5.0 4 i386
Ubuntu Ubuntu Linux 5.0 4 amd64
Ubuntu Ubuntu Linux 6.06 LTS sparc
Ubuntu Ubuntu Linux 6.06 LTS powerpc
Ubuntu Ubuntu Linux 6.06 LTS i386
Ubuntu Ubuntu Linux 6.06 LTS amd64
Trustix Secure Linux 3.0
Trustix Secure Linux 2.2
Trustix Secure Enterprise Linux 2.0
SuSE SUSE Linux Enterprise Server 8
SuSE SUSE Linux Enterprise SDK 10
Sun Solaris 9_x86
Sun Solaris 9
Sun Solaris 8_x86
Sun Solaris 8_sparc
Sun Solaris 10.0_x86
Sun Solaris 10.0
Slackware Linux 10.2
Slackware Linux 10.1
Slackware Linux 10.0
Slackware Linux 9.1
Slackware Linux 9.0
SGI ProPack 3.0 SP6
S.u.S.E. UnitedLinux 1.0
S.u.S.E. Novell Linux Desktop 1.0
S.u.S.E. Linux Professional 10.0
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 10.1
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 10.1
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Enterprise Server 10
S.u.S.E. Linux Desktop 1.0
rPath rPath Linux 1
RedHat kernel-BOOT-2.2.12-20.i386.rpm
+ RedHat Linux 6.1
RedHat kernel-bigmem-2.4.20-8.i686.rpm
+ RedHat Linux 9.0 i386
RedHat kernel-bigmem-2.4.18-3.i686.rpm
RedHat kernel-bigmem-2.4.18-14.i686.rpm
+ RedHat Linux 8.0
RedHat kernel-2.4.7-10.i686.rpm
+ RedHat Linux 7.2
RedHat kernel-2.4.7-10.i386.rpm
RedHat kernel-2.4.7-10.athlon.rpm
RedHat kernel-2.4.21-27
RedHat kernel-2.4.20-8.i686.rpm
RedHat kernel-2.4.20-8.i586.rpm
+ RedHat Linux 9.0 i386
RedHat kernel-2.4.20-8.i386.rpm
RedHat kernel-2.4.20-8.athlon.rpm
+ RedHat Linux 9.0 i386
RedHat kernel-2.4.2-2.i686.rpm
RedHat kernel-2.4.2-2.i586.rpm
RedHat kernel-2.4.2-2.i386.rpm
RedHat kernel-2.4.18-3.i686.rpm
RedHat kernel-2.4.18-3.i386.rpm
RedHat kernel-2.4.18-3.athlon.rpm
+ RedHat Linux 7.3
RedHat kernel-2.4.18-14.i686.rpm
RedHat kernel-2.4.18-14.i586.rpm
RedHat kernel-2.4.18-14.athlon.rpm
RedHat kernel-2.2.5-15.i686.rpm
RedHat kernel-2.2.5-15.i586.rpm
RedHat kernel-2.2.5-15.i386.rpm
RedHat kernel-2.2.16-22.i686.rpm
RedHat kernel-2.2.16-22.i586.rpm
+ RedHat Linux 7.0
RedHat kernel-2.2.16-22.i386.rpm
RedHat kernel-2.2.14-5.0.i686.rpm
RedHat kernel-2.2.14-5.0.i586.rpm
RedHat kernel-2.2.14-5.0.i386.rpm
RedHat kernel-2.2.12-20.i686.rpm
RedHat kernel-2.2.12-20.i586.rpm
RedHat kernel-2.2.12-20.i386.rpm
RedHat kermit 1.0 -3
RedHat kdepim-devel-3.1-5.i386.rpm
RedHat kdepim-3.1-5.i386.rpm
RedHat kdelibs-sound-devel-2.2.2-8.ia64.rpm
RedHat kdelibs-sound-devel-2.2.2-8.i386.rpm
RedHat kdelibs-sound-devel-2.2.2-0.71.3.i386.rpm
RedHat kdelibs-sound-devel-2.2-11.ia64.rpm
RedHat kdelibs-sound-devel-2.2-11.i386.rpm
RedHat kdelibs-sound-devel-2.1.1-5.i386.rpm delete
RedHat kdelibs-sound-devel-2.1.1-5.i386.rpm
RedHat kdelibs-sound-2.2.2-8.ia64.rpm
+ RedHat Linux 7.2 ia64
RedHat kdelibs-sound-2.2.2-8.i386.rpm
RedHat kdelibs-sound-2.2.2-0.71.3.i386.rpm
+ RedHat Linux 7.1 i386
RedHat kdelibs-sound-2.2-11.ia64.rpm
RedHat kdelibs-sound-2.2-11.i386.rpm
RedHat kdelibs-sound-2.1.1-5.i386.rpm delete
RedHat kdelibs-sound-2.1.1-5.i386.rpm
RedHat kdelibs-devel-3.1.4-4.x86_64.rpm
+ Red Hat Fedora Core2
RedHat kdelibs-devel-3.1-10.i386.rpm
+ RedHat Linux 9.0 i386
RedHat kdelibs-devel-3.0.3-8.i386.rpm
RedHat kdelibs-devel-3.0.0-10.i386.rpm
+ RedHat Linux 7.3 i386
RedHat kdelibs-devel-2.2.2-8.ia64.rpm
RedHat kdelibs-devel-2.2.2-8.i386.rpm
RedHat kdelibs-devel-2.2.2-0.71.3.i386.rpm
RedHat kdelibs-devel-2.2-11.ia64.rpm
RedHat kdelibs-devel-2.2-11.i386.rpm
RedHat kdelibs-devel-2.1.1-5.i386.rpm delete
RedHat kdelibs-devel-2.1.1-5.i386.rpm
RedHat kdelibs-debuginfo-3.2.2-4.x86_64.rpm
+ Red Hat Fedora Core2
RedHat kdelibs-3.1.4-4.x86_64.rpm
RedHat kdelibs-3.1-10.i386.rpm
RedHat kdelibs-3.0.3-8.i386.rpm
RedHat kdelibs-3.0.0-10.i386.rpm
+ RedHat Linux 7.3 i386
RedHat kdelibs-2.2.2-8.ia64.rpm
RedHat kdelibs-2.2.2-8.i386.rpm
+ RedHat Linux 7.2 i386
RedHat kdelibs-2.2.2-0.71.3.i386.rpm
RedHat kdelibs-2.2-11.ia64.rpm
+ RedHat Linux 7.2 i386
RedHat kdelibs-2.2-11.i386.rpm
+ RedHat Linux 7.2 i386
RedHat kdelibs-2.1.1-5.i386.rpm delete
RedHat kdelibs-2.1.1-5.i386.rpm
RedHat kdebase-devel-3.0.3-13.i386.rpm
+ RedHat Linux 8.0 i386
RedHat kdebase-3.0.3-13.i386.rpm
RedHat joe-2.9.7-4.i386.rpm
RedHat joe-2.8-40.i386.rpm
RedHat joe-2.8-24.i386.rpm
RedHat joe-2.8-22.i386.rpm
RedHat joe-2.8-18.i386.rpm
RedHat joe-2.8-14.i386.rpm
RedHat itcl-3.1.0-53.i386.rpm
RedHat itcl-3.1.0-46.i386.rpm
RedHat iputils-20000418-6.i386.rpm
RedHat iputils-20000121-2.i386.rpm
+ Red Hat Linux 6.2
RedHat iptables-ipv6-1.2.6a-2.i386.rpm
RedHat iptables-ipv6-1.2.5-3.i386.rpm
RedHat iptables-ipv6-1.2.3-1.i386.rpm
RedHat iptables-ipv6-1.2.1a-1.i386.rpm
RedHat iptables-1.2.6a-2.i386.rpm
RedHat iptables-1.2.5-3.i386.rpm
+ RedHat Linux 7.3 i386
RedHat iptables-1.2.3-1.i386.rpm
RedHat iptables-1.2.3-1.i386.rpm
RedHat iproute-debuginfo-2.4.7-11.x86_64.rpm
RedHat iproute-debuginfo-2.4.7-11.i386.rpm
RedHat iproute-2.4.7-11.x86_64.rpm
+ Red Hat Fedora Core1
RedHat iproute-2.4.7-11.i386.rpm
+ Red Hat Fedora Core1
RedHat Interchange 4.8.6
RedHat Interchange 4.8.5
RedHat Interchange 4.8.4
RedHat Interchange 4.8.3
RedHat Interchange 4.8.2
RedHat Interchange 4.8.1
RedHat initscripts 7.93.24
RedHat inetd-0.16-4.i386.rpm
+ Red Hat Linux 6.2
RedHat imap 4.5 -4
RedHat httpd-manual-2.0.40-8.i386.rpm
RedHat httpd-manual-2.0.40-21.i386.rpm
+ RedHat Linux 9.0 i386
RedHat httpd-devel-2.0.40-8.i386.rpm
RedHat httpd-devel-2.0.40-21.i386.rpm
+ RedHat Linux 9.0 i386
RedHat httpd-2.0.40-8.i386.rpm
RedHat httpd-2.0.40-21.i386.rpm
RedHat httpd-2.0.40-21.5.i386.rpm
RedHat hanterm-xf-p19-15.ia64.rpm
RedHat hanterm-xf-p19-15.i386.rpm
RedHat hanterm-xf-p19-15.i386.rpm
RedHat hanterm-xf-2.0.5-5.8.0.i386.rpm
+ RedHat Linux 8.0 i386
RedHat hanterm-xf-2.0.5-5.7.4.ia64.rpm
RedHat hanterm-xf-2.0.5-5.7.4.i386.rpm
RedHat hanterm-xf-2.0.5-5.7.4.i386.rpm
+ RedHat Linux 7.2 i386
RedHat hanterm-xf-2.0.0-6.i386.rpm
RedHat gnupg-1.2.1-3.i386.rpm
RedHat gnupg-1.0.7-6.i386.rpm
RedHat gnupg-1.0.6-5.i386.rpm
RedHat gnupg-1.0.6-3.ia64.rpm
RedHat gnupg-1.0.6-3.i386.rpm
RedHat gnupg-1.0.4-11.i386.rpm
RedHat gnome-core-devel-1.4.0.4-54.i386.rpm
+ RedHat Linux 7.3 i386
RedHat gnome-core-devel-1.0.39-10.i386.rpm
RedHat gnome-core-1.4.0.4-54.i386.rpm
+ RedHat Linux 7.3 i386
RedHat gnome-core-1.0.39-10.i386.rpm
+ RedHat Linux 6.1
RedHat Glint 2.6.3
RedHat Glint 2.6.2
RedHat glibc-utils-2.2.93-5.i386.rpm
RedHat glibc-utils-2.2.5-34.i386.rpm
+ RedHat Linux 7.3
RedHat glibc-profile-2.2.93-5.i386.rpm
RedHat glibc-profile-2.2.5-34.i386.rpm
+ RedHat Linux 7.3
RedHat glibc-profile-2.2.4-13.i386.rpm
RedHat glibc-profile-2.2.2-10.i386.rpm
RedHat glibc-profile-2.1.92-14.i386.rpm
RedHat glibc-profile-2.1.3-15.i386.rpm
RedHat glibc-profile-2.1.2-11.i386.rpm
RedHat glibc-profile-2.1.1-6.i386.rpm
RedHat glibc-devel-2.2.93-5.i386.rpm
RedHat glibc-devel-2.2.5-34.i386.rpm
RedHat glibc-devel-2.2.4-13.i386.rpm
RedHat glibc-devel-2.2.2-10.i386.rpm
RedHat glibc-devel-2.1.92-14.i386.rpm
+ RedHat Linux 7.0
RedHat glibc-devel-2.1.3-15.i386.rpm
RedHat glibc-devel-2.1.2-11.i386.rpm
RedHat glibc-devel-2.1.1-6.i386.rpm
+ RedHat Linux 6.0
RedHat glibc-debug-static-2.2.93-5.i386.rpm
RedHat glibc-debug-static-2.2.5-34.i386.rpm
RedHat glibc-debug-2.2.93-5.i686.rpm
RedHat glibc-debug-2.2.93-5.i386.rpm
RedHat glibc-debug-2.2.5-34.i686.rpm
RedHat glibc-debug-2.2.5-34.i386.rpm
RedHat glibc-common-2.2.93-5.i386.rpm
+ RedHat Linux 8.0
RedHat glibc-common-2.2.5-34.i386.rpm
RedHat glibc-common-2.2.4-13.i386.rpm
RedHat glibc-common-2.2.2-10.i386.rpm
RedHat glibc-2.2.93-5.i686.rpm
RedHat glibc-2.2.93-5.i386.rpm
RedHat glibc-2.2.5-34.i686.rpm
RedHat glibc-2.2.5-34.i386.rpm
+ RedHat Linux 7.3
RedHat glibc-2.2.4-13.i686.rpm
+ RedHat Linux 7.2
RedHat glibc-2.2.4-13.i386.rpm
RedHat glibc-2.2.2-10.i686.rpm
RedHat glibc-2.2.2-10.i386.rpm
+ RedHat Linux 7.1
RedHat glibc-2.1.92-14.i686.rpm
RedHat glibc-2.1.92-14.i386.rpm
RedHat glibc-2.1.3-15.i386.rpm
+ Red Hat Linux 6.2
RedHat glibc-2.1.2-11.i386.rpm
RedHat glibc-2.1.1-6.i386.rpm
RedHat gkermit-1.0-9.i386.rpm
RedHat gkermit-1.0-9.i386.rpm
RedHat gftp-2.0.7b-3.i386.rpm
RedHat gftp-2.0.7b-2.i386.rpm
RedHat gftp-2.0.6a-3.i386.rpm
RedHat gftp-2.0.11-2.i386.rpm
RedHat gdm-2.4.1.3-5.i386.rpm
RedHat gdm-2.4.0.7-13.i386.rpm
RedHat gdm-2.2.3.1-22.i386.rpm
RedHat gdm-2.2.3.1-20.ia64.rpm
RedHat gdm-2.2.3.1-20.i386.rpm
RedHat gdm-2.0beta2-45.ppc.rpm
RedHat gdm-2.0beta2-45.ppc.rpm
RedHat gdm-2.0beta2-45.i386.rpm
+ RedHat Linux 7.1 i386
RedHat gdk-pixbuf-gnome-0.18.0-7.i386.rpm
+ RedHat Linux 9.0 i386
RedHat gdk-pixbuf-devel-0.18.0-7.i386.rpm
RedHat gdk-pixbuf-0.18.0-7.i386.rpm
+ RedHat Linux 9.0 i386
RedHat gcc-3.2.2-6.i386.rpm 0
RedHat gcc-3.2.2-5.i386.rpm
RedHat gcc-3.2-7.i386.rpm
+ RedHat Linux 8.0 i386
RedHat Fedora Directory Server 1.0.1
RedHat Fedora Directory Server 1.0
RedHat expect-5.31-53.i386.rpm
RedHat expect-5.31-46.i386.rpm
+ RedHat Linux 7.0
RedHat ethereal-gnome-0.9.8-6.i386.rpm
RedHat ethereal-0.9.8-6.i386.rpm
+ RedHat Linux 9.0 i386
RedHat esound-devel-0.2.14-1.i386.rpm
RedHat esound-0.2.14-1.i386.rpm
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
RedHat Enterprise Linux Desktop version 4
RedHat dump-0.4b27-3.i386.rpm
+ RedHat Linux 7.3 i386
RedHat dump 0.4 b15-1
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 alpha
RedHat docbook-utils 0.6.9 -2
RedHat docbook-utils 0.6 -13
+ HP Secure OS software for Linux 1.0
+ RedHat Linux 7.1 noarch
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i686
+ RedHat Linux 7.1 i586
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.1
RedHat Directory Server 7.1 SP1
RedHat Directory Server 7.1
RedHat dip-3.3.7o-23.i386.rpm
+ RedHat Linux 7.3 i386
RedHat dip-3.3.7o-23.i386.rpm
RedHat dip 3.3.7 o-8
RedHat diffutils-2.7-21.i386.rpm
RedHat diffutils-2.7-17.i386.rpm
RedHat diffutils-2.7-11.i386.rpm
+ RedHat Linux 5.2
RedHat Desktop 4.0
RedHat Desktop 3.0
RedHat ddskk-xemacs-11.6.0-8.noarch.rpm
RedHat ddskk-xemacs-11.6.0-6.noarch.rpm
+ RedHat Linux 7.3 i386
RedHat ddskk-xemacs-11.6.0-10.noarch.rpm
RedHat ddskk-11.6.0-8.noarch.rpm
RedHat ddskk-11.6.0-6.noarch.rpm
RedHat ddskk-11.6.0-10.noarch.rpm 0
RedHat ddskk-11.6.0-10.noarch.rpm
+ RedHat Linux 8.0 i386
RedHat ddskk-11.3.20010617-2.noarch.rpm
+ RedHat Linux 7.2 i386
RedHat ddskk-11.3.20010225-5.noarch.rpm
RedHat cvs-1.11.2-10.i386.rpm
+ RedHat Linux 9.0 i386
RedHat cups-libs-1.1.17-13.3.i386.rpm
RedHat cups-libs-1.1.17-0.7.i386.rpm
+ RedHat Linux 8.0 i386
RedHat cups-libs-1.1.14-15.4.i386.rpm
+ RedHat Linux 7.2 i386
RedHat cups-devel-1.1.17-13.3.i386.rpm
+ RedHat Linux 9.0 i386
RedHat cups-devel-1.1.17-0.7.i386.rpm
RedHat cups-devel-1.1.14-15.4.i386.rpm
RedHat cups-1.1.17-13.3.i386.rpm
RedHat cups-1.1.17-0.7.i386.rpm
RedHat cups-1.1.14-15.4.i386.rpm
RedHat Certificate Server 7.1 SP1
RedHat Certificate Server 7.1
RedHat bind-8.2.2_P5-9.i386.rpm
RedHat bind-8.2.2_P5-25.i386.rpm
RedHat bind-8.2.1-7.i386.rpm
RedHat bind-8.2-6.i386.rpm
RedHat bind-8.1.2-5.i386.rpm
RedHat bash-2.05a-13.i386.rpm
RedHat bash-1.14.7-22.i386.rpm
+ Red Hat Linux 6.2
RedHat bash-1.14.7-16.i386.rpm
RedHat bash-1.14.7-13.i386.rpm
+ RedHat Linux 5.2
RedHat arts-2.2.2-8.ia64.rpm
RedHat arts-2.2.2-8.i386.rpm
RedHat arts-2.2.2-0.71.3.i386.rpm
RedHat arts-2.2-11.ia64.rpm
RedHat arts-2.2-11.i386.rpm
RedHat arts-2.1.1-5.i386.rpm delete
RedHat arts-2.1.1-5.i386.rpm
RedHat arts-1.0.0-4.i386.rpm
RedHat arpwatch-2.1a11-7.1.x86_64.rpm
RedHat arpwatch-2.1a11-7.1.i386.rpm
+ Red Hat Fedora Core1
RedHat arpwatch-2.1a11-1.i386.rpm
RedHat Application Server WS 3
RedHat Application Server ES 3
RedHat Application Server AS 3
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
RedHat Advanced Workstation for the Itanium Processor 2.1
RedHat 7.0 traceroute 1.4 a5
+ RedHat Linux 7.0
Red Hat Fedora Core6
Red Hat Fedora Core5
Red Hat Fedora Core5
Red Hat Fedora Core4
Red Hat Fedora Core3
Red Hat Fedora Core2
Red Hat Fedora Core1
Red Hat Enterprise Linux AS 4
Red Hat Enterprise Linux AS 3
Red Hat Enterprise Linux AS 2.1 IA64
Red Hat Enterprise Linux AS 2.1
Red Hat Cygwin 1.5.9 -1
Red Hat Cygwin 1.5.8 -1
Red Hat Cygwin 1.5.7 -1
Red Hat Cygwin 1.5.6 -1
Red Hat Cygwin 1.5.5 -1
Red Hat Cygwin 1.5.4 -1
Red Hat Cygwin 1.5.3 -1
Red Hat Cygwin 1.5.2 -1
Red Hat Cygwin 1.5.1 -1
Red Hat Cygwin 1.5 -1
Red Hat 6.2 traceroute 1.4 a5
Mandriva Linux Mandrake 2006.0 x86_64
Mandriva Linux Mandrake 2006.0
MandrakeSoft Multi Network Firewall 2.0
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Avaya Messaging Storage Server
Avaya Message Networking
Avaya Intuity LX
Apple Mac OS X Server 10.4.7
Apple Mac OS X Server 10.3.9
Apple Mac OS X 10.3.9
Apple Mac OS X 10.3.7
Apple iPod Touch 1.1.1
Apple iPod Touch 1.1
Apple iPhone 1.1.1
Apple iPhone 1.0.2
Apple iPhone 1.0.1
Apple iPhone 1

- 漏洞讨论

The libTIFF library is prone to a denial-of-service vulnerability.

An attacker can exploit this issue by submitting malformed image files.

When the libTIFF library routines process a malicious TIFF file, this could result in abnormal behavior, cause the application to become unresponsive, or possibly allow malicious code to execute.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

The vendor has released a patch to address this issue.

Please see the referenced advisories for more information.


Red Hat Fedora Core1

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站