[SECURITY] [DSA 1054-1] New TIFF packages fix denial of service and arbitrary code execution
Date: Tue, 9 May 2006 13:25:22 +0200 (CEST)
From: [email protected] (Martin Schulze)
Subject: [SECURITY] [DSA 1054-1] New TIFF packages fix denial of service and arbitrary code execution
Priority: urgent
Resent-Message-ID: <BRIHMD.A.iWH.pxHYEB@murphy.>
Reply-To: [email protected]
Mail-Followup-To: [email protected]
To: [email protected]
Resent-Date: Tue, 9 May 2006 06:26:33 -0500 (CDT)
Resent-From: [email protected] (Mailing List Manager)
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Security Advisory DSA 1054-1 [email protected]
http://www.debian.org/security/ Martin Schulze
May 9th, 2006 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : tiff
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE IDs : CAN-2006-2024 CAN-2006-2025 CAN-2006-2026
BugTraq IDs : 17730 17732 17733
Tavis Ormandy discovered several vulnerabilities in the TIFF library
that can lead to a denial of service or the execution of arbitrary
code. The Common Vulnerabilities and Exposures project identifies the
following problems:
CVE-2006-2024
Multiple vulnerabilities allow attackers to cause a denial of
service.
CVE-2006-2025
An integer overflows allows attackers to cause a denial of service
and possibly execute arbitrary code.
CVE-2006-2026
A double-free vulnerability allows attackers to cause a denial of
service and possibly execute arbitrary code.
For the old stable distribution (woody) these problems have been fixed
in version 3.5.5-7woody1.
For the stable distribution (sarge) these problems have been fixed in
version 3.7.2-3sarge1.
For the unstable distribution (sid) these problems will be fixed soon.
We recommend that you upgrade your libtiff packages.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5-7woody1.dsc
Size/MD5 checksum: 637 cf22045e1a49b2742c91b7f0a905adeb
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5-7woody1.diff.gz
Size/MD5 checksum: 38424 d087fb3914b10aef86959b9ed52ec955
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5.orig.tar.gz
Size/MD5 checksum: 693641 3b7199ba793dec6ca88f38bb0c8cc4d8
Alpha architecture:
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_alpha.deb
Size/MD5 checksum: 141492 484fe914264072028ef4b02b97300ea8
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_alpha.deb
Size/MD5 checksum: 106130 65673af7006686eb2718f45abfb39130
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_alpha.deb
Size/MD5 checksum: 423888 2bc86fdbf9c751ac7173889e53d6ddcc
ARM architecture:
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_arm.deb
Size/MD5 checksum: 117008 1f272257c4987092ff80563840acd4e3
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_arm.deb
Size/MD5 checksum: 91560 e84fa486a3f25e69d7d6b093a8d890e4
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_arm.deb
Size/MD5 checksum: 404854 b709c95f40e52e4e1003dbf6e5c768f7
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_i386.deb
Size/MD5 checksum: 112074 0f9fb0719cb1ed7b5954b8c70d9c9049
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_i386.deb
Size/MD5 checksum: 82018 c8f11403adfa3ec5695d5468f56401b2
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_i386.deb
Size/MD5 checksum: 387406 1c2350b56c49cde7b899d6e8261397ec
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_ia64.deb
Size/MD5 checksum: 158788 883e3b5861f0f3610e6d1005ca760d3d
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_ia64.deb
Size/MD5 checksum: 136620 846e662216862a10e53e282a316400a6
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_ia64.deb
Size/MD5 checksum: 447038 73838b902a9dd1bb26146a397eb692db
HP Precision architecture:
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_hppa.deb
Size/MD5 checksum: 128282 eea419b6a514c4971d8cce8afe701b6e
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_hppa.deb
Size/MD5 checksum: 107664 b71f9194d14e10758a13259654fcc410
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_hppa.deb
Size/MD5 checksum: 420756 235956ededa69f803954040c8be01033
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_m68k.deb
Size/MD5 checksum: 107256 9d10fc534cf1bf95c16dd5db5373334c
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_m68k.deb
Size/MD5 checksum: 80700 9a1986ea34f0b86b3bfb5255315528d5
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_m68k.deb
Size/MD5 checksum: 380346 7ec9a504a5c39a3d2e2bddec81be6bc6
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_mips.deb
Size/MD5 checksum: 124018 a4f309ec307e0b965578ed940d4a0ea9
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_mips.deb
Size/MD5 checksum: 88772 1923797ce7bcc87a5717e9916314ba06
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_mips.deb
Size/MD5 checksum: 411214 f27e5579da8ca6a547286e5e7585cb86
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_mipsel.deb
Size/MD5 checksum: 123542 ea78a9c8d14ff4627b7f01846334789b
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_mipsel.deb
Size/MD5 checksum: 89078 6cb7602c3c14127a9df23b4b250a90cf
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_mipsel.deb
Size/MD5 checksum: 411310 b2b76ce9f914e4f8b27f4587a0777ccc
PowerPC architecture:
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_powerpc.deb
Size/MD5 checksum: 116098 3b39efd8b84ee2e30c9f5bae6e71733b
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_powerpc.deb
Size/MD5 checksum: 90574 b0d0cff70a07f0257ec0ebeb58e34d37
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_powerpc.deb
Size/MD5 checksum: 403134 b56fb0d12f26942ab109256bcf2b6c5f
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_s390.deb
Size/MD5 checksum: 116916 e2bf80099e059ded08e58da8cecf296f
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_s390.deb
Size/MD5 checksum: 92756 e2fedfbfd543ffdbcfbe670b63f6a7bc
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_s390.deb
Size/MD5 checksum: 395662 0648812bd3022237c75085deba6524c3
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_sparc.deb
Size/MD5 checksum: 132898 427a7a7666e5d5099368fc8290652e9a
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_sparc.deb
Size/MD5 checksum: 89748 1d42ae0eb84771f168696e118762a5c9
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_sparc.deb
Size/MD5 checksum: 397464 380f640a527e6a2cc659bd191f168631
Debian GNU/Linux 3.1 alias sarge
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2-3sarge1.dsc
Size/MD5 checksum: 750 5292d79663e45dc1a815fdf4fbced88f
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2-3sarge1.diff.gz
Size/MD5 checksum: 10929 0dc2c9b82a80b9aa72844089feeaf5b2
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2.orig.tar.gz
Size/MD5 checksum: 1252995 221679f6d5c15670b3c242cbfff79a00
Alpha architecture:
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_alpha.deb
Size/MD5 checksum: 46780 32137fed99cfe1e4abf975b76e53e534
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_alpha.deb
Size/MD5 checksum: 243516 cebb5556cac9f8a2989ce719175510de
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_alpha.deb
Size/MD5 checksum: 478224 075e9d2d41cecc0a12099004e2a3f5e5
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_alpha.deb
Size/MD5 checksum: 309642 b21266c7e4769ff718441113d6f06776
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_alpha.deb
Size/MD5 checksum: 40902 1300556889de2ca4a1db5fa67faf521d
AMD64 architecture:
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_amd64.deb
Size/MD5 checksum: 45708 aa3ec93031ee68464e1d179fa93a996d
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_amd64.deb
Size/MD5 checksum: 217720 95fba37c5822a8a76b049ff7c8f0e3e3
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_amd64.deb
Size/MD5 checksum: 459198 f73e3337905b20f021f21430e5d1cd6a
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_amd64.deb
Size/MD5 checksum: 266792 1d05b2504f1024b4ea1e42b939dd23d3
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_amd64.deb
Size/MD5 checksum: 40466 e99bcfb2c1c196a3a5883645e0e87f59
ARM architecture:
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_arm.deb
Size/MD5 checksum: 45226 493405e066e7e4e34382785c61ed63aa
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_arm.deb
Size/MD5 checksum: 208348 cebc75bc41462e3bbec3bb680782f2ae
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_arm.deb
Size/MD5 checksum: 453422 17e77299f3cfed68c18d45e49bfb0cdc
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_arm.deb
Size/MD5 checksum: 265098 a7fe69596d51036b8bc1aca3ddb4ffce
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_arm.deb
Size/MD5 checksum: 39974 0bcc5bbbca1a4a5e68c4915e71aa5264
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_i386.deb
Size/MD5 checksum: 45070 6d615bf5aabdb87e53b392e56d67a31c
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_i386.deb
Size/MD5 checksum: 206070 d243294914c50dd2184459ac4056d4da
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_i386.deb
Size/MD5 checksum: 452436 aaa4c81b1731ea3b936cef591ae0094d
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_i386.deb
Size/MD5 checksum: 251548 c769d9abda84f2581a0918d8d0e14ad6
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_i386.deb
Size/MD5 checksum: 40518 1d1983f8b8d910d829024f0e68c3f430
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_ia64.deb
Size/MD5 checksum: 48174 95f9a574537c9e4749b61d36ba7f0c4b
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_ia64.deb
Size/MD5 checksum: 268840 e7ada3b6f4dede0cc615f2e357c7f1b6
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_ia64.deb
Size/MD5 checksum: 510948 baa9e6bb3e5b47c20f12648c683ad650
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_ia64.deb
Size/MD5 checksum: 330612 7e23b99dfd8e7611ce90eec63ee7f298
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_ia64.deb
Size/MD5 checksum: 42102 4398a87b268ef69b54adac33e616252e
HP Precision architecture:
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_hppa.deb
Size/MD5 checksum: 46506 626e3e1f6704a8f1660c079c15c55f5d
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_hppa.deb
Size/MD5 checksum: 230020 a7a58223d62a7929b7810628efaf7ec4
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_hppa.deb
Size/MD5 checksum: 472842 c051e1c0b5853f695c193ac6e45996ff
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_hppa.deb
Size/MD5 checksum: 281488 ac8dff3f4c0e06f9634871431da84272
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_hppa.deb
Size/MD5 checksum: 41158 58bbe3291069c661e9ec2206ea15b787
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_m68k.deb
Size/MD5 checksum: 45082 5b41876dbeb2620959880fe2255151c3
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_m68k.deb
Size/MD5 checksum: 193346 d19e70706a4f421421360dcbf50f79bc
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_m68k.deb
Size/MD5 checksum: 442584 feb24367354884bfbcb260fc81308192
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_m68k.deb
Size/MD5 checksum: 234324 e15dd919316bb5a1392b2c8a1c1d230a
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_m68k.deb
Size/MD5 checksum: 40108 0c96a6175862ef00c892752b91f4558f
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_mips.deb
Size/MD5 checksum: 45966 01b790d715989a69e712102d7f75bb9b
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_mips.deb
Size/MD5 checksum: 252098 703f77c67402e375af6042803c0a853c
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_mips.deb
Size/MD5 checksum: 458446 39e019da604ea401404262d1148e67e2
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_mips.deb
Size/MD5 checksum: 280364 e69fd2380a2aac192e81f548461586db
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_mips.deb
Size/MD5 checksum: 40746 ecc9da81ea37deff720a8a1f4b146680
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_mipsel.deb
Size/MD5 checksum: 45924 2cf8e9413e317a7ca6db5a25115e3198
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_mipsel.deb
Size/MD5 checksum: 252556 c0bc05bdc88e29e400bc011457b8e80c
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_mipsel.deb
Size/MD5 checksum: 458864 8c07f54637d99e347f3a87fd2e40ef21
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_mipsel.deb
Size/MD5 checksum: 280238 94681c55971b4fe94869ad558e625139
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_mipsel.deb
Size/MD5 checksum: 40730 9482ea1a711ff8cec430b1c909c2dc58
PowerPC architecture:
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_powerpc.deb
Size/MD5 checksum: 47144 96335b6a94658bb97852948f6abd538a
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_powerpc.deb
Size/MD5 checksum: 235298 d77e58b3988c957830e076beefba79ec
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_powerpc.deb
Size/MD5 checksum: 460428 2185eb42d4629fd7615c6d267a8d3f64
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_powerpc.deb
Size/MD5 checksum: 271916 4eb6af54a34a4441819248611e2b2ed3
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_powerpc.deb
Size/MD5 checksum: 42316 5d14ce57ad1b666dbe99301221623d9c
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_s390.deb
Size/MD5 checksum: 46096 c275b88c86572311c723910cf626305e
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_s390.deb
Size/MD5 checksum: 213682 96082e599832fb8d0a7e9df202ee411b
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_s390.deb
Size/MD5 checksum: 465848 c90098e745601ac1409d18144a55d32f
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_s390.deb
Size/MD5 checksum: 266562 b378324e62843c012a0bf64a24da00d5
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_s390.deb
Size/MD5 checksum: 40742 eeabd51cc38bb74ede6c5b0c9c7dca78
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_sparc.deb
Size/MD5 checksum: 45394 3bcb5ac9c212b0aace2c71b8812d5e52
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_sparc.deb
Size/MD5 checksum: 205236 58f316a2cc2041988b64551a70b45cef
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_sparc.deb
Size/MD5 checksum: 454594 01c1d5c7d7ee0fa4729a1bfa83fd9273
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_sparc.deb
Size/MD5 checksum: 257742 b8af195da2e880cbae59826bf84b8d32
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_sparc.deb
Size/MD5 checksum: 40470 02164452e05683ad474441be7beadb37
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: [email protected]
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFEYHwhW5ql+IAeqTIRAlqEAJ44sh0nDlwv3udX8lDFsSlaxPl4zgCeIlA+
X6GeKPzGGps9iWfbU2hx414=
=MsHz
-----END PGP SIGNATURE-----