Login
Newsletter
Werbung

Sicherheit: Denial of Service in libtiff
Aktuelle Meldungen Distributionen
Name: Denial of Service in libtiff
ID: TLSA-2005-89
Distribution: TurboLinux
Plattformen: Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux 7 Server, Turbolinux 7 Workstation, Turbolinux 8 Server, Turbolinux 8 Workstation, Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal, Turbolinux Appliance Server 1.0 Hosting Edition, Turbolinux Appliance Server 1.0 Workgroup Edition
Datum: Di, 6. September 2005, 03:50
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2452
Applikationen: libtiff

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2005-89
http://www.turbolinux.co.jp/security/
security-team@turbolinux.co.jp
--------------------------------------------------------------------------

Original released date: 05 Sep 2005
Last revised: 05 Sep 2005

Package: libtiff

Summary: libtiff crash

More information:
The libtiff package contains a library of functions for manipulating TIFF
(Tagged Image File Format) image format files.
The vulnerability in the manner in which libtiff handle a TIFF image header
with a zero "YCbCr subsampling" value.

Impact:
The libtiff allows remote attackers to cause a denial of service
(application crash)
via a TIFF image header with a zero "YCbCr subsampling" value.

Affected Products:
- Turbolinux Appliance Server 1.0 Hosting Edition
- Turbolinux Appliance Server 1.0 Workgroup Edition
- Turbolinux 10 Server
- Turbolinux Home
- Turbolinux 10 F...
- Turbolinux 10 Desktop
- Turbolinux Multimedia
- Turbolinux Personal
- Turbolinux 8 Server
- Turbolinux 8 Workstation
- Turbolinux 7 Server
- Turbolinux 7 Workstation

Solution:
Please use the turbopkg (zabom) tool to apply the update.
---------------------------------------------
[Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F...,
Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal]
# turbopkg
or
# zabom -u libtiff libtiff-devel

[other]
# turbopkg
or
# zabom update libtiff libtiff-devel
---------------------------------------------


<Turbolinux Appliance Server 1.0 Hosting Edition>

Source Packages
Size: MD5

libtiff-3.5.7-9.src.rpm
974329 716c62f8ee32410826760de977702aed

Binary Packages
Size: MD5

libtiff-3.5.7-9.i586.rpm
316938 1cbbd8798b8862c891e8b56ba5dc74e9

<Turbolinux Appliance Server 1.0 Workgroup Edition>

Source Packages
Size: MD5

libtiff-3.5.7-9.src.rpm
974329 bc3c7fdbd294d3dd820754cbfa65a3e0

Binary Packages
Size: MD5

libtiff-3.5.7-9.i586.rpm
317083 f78bbe59828e07dda0b1a8045da33cf7
libtiff-devel-3.5.7-9.i586.rpm
596043 cee24e67ad70e28b9c94fed29785e1e0

<Turbolinux 10 Server>

Source Packages
Size: MD5

libtiff-3.6.1-6.src.rpm
1094911 2b1848890ef6d8001add75bfaf014699

Binary Packages
Size: MD5

libtiff-3.6.1-6.i586.rpm
232954 e4d30e3fc3fd4eec4132356f2661542c
libtiff-debug-3.6.1-6.i586.rpm
256635 1f99ed0e81ad961077b3eb3872bd721b
libtiff-devel-3.6.1-6.i586.rpm
509801 517a91468797534b98f9e5b7ae98a87c

<Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux
Multimedia, Turbolinux Personal>

Source Packages
Size: MD5

libtiff-3.5.7-9.src.rpm
974329 1af536ee9d0704eef8c61c151c5c5aeb

Binary Packages
Size: MD5

libtiff-3.5.7-9.i586.rpm
223065 41300932e1b8a51835a487a911a7f601
libtiff-devel-3.5.7-9.i586.rpm
470626 5bbeeb31a7c7c1aa58ae36dc3856810b

<Turbolinux 8 Server>

Source Packages
Size: MD5

libtiff-3.5.7-9.src.rpm
974329 54747c18e16c67aca67442eb35251e2a

Binary Packages
Size: MD5

libtiff-3.5.7-9.i586.rpm
317146 39aab2b70951487cbffa51053bc4a03e
libtiff-devel-3.5.7-9.i586.rpm
595871 9acd20b145a134d2b09df3b1d88a638a

<Turbolinux 8 Workstation>

Source Packages
Size: MD5

libtiff-3.5.5-9.src.rpm
920201 59a9d7ea3c10898bd0e87f5d9b926904

Binary Packages
Size: MD5

libtiff-3.5.5-9.i586.rpm
739440 3242324bed80771cfcd4b78bb3db500b
libtiff-devel-3.5.5-9.i586.rpm
632716 e3d3d0b9c2dbea2de612ac13f4eb5fd7

<Turbolinux 7 Server>

Source Packages
Size: MD5

libtiff-3.5.5-9.src.rpm
920201 e23f38c9efbde538305abd2f6ac9574b

Binary Packages
Size: MD5

libtiff-3.5.5-9.i586.rpm
704071 7e46bee4a6d6387621c1a2a3e60966e0
libtiff-devel-3.5.5-9.i586.rpm
622416 680c24ba4c5f8b1aed78109e2bea19b6

<Turbolinux 7 Workstation>

Source Packages
Size: MD5

libtiff-3.5.5-9.src.rpm
920201 0d5ff757a07d7ce515232c428b7910fc

Binary Packages
Size: MD5

libtiff-3.5.5-9.i586.rpm
704169 4f6c73d033f797fa25869ce8789faa22
libtiff-devel-3.5.5-9.i586.rpm
622233 86e6cd0fe01634d683c8f54899c3884a


References:

CVE
[CAN-2005-2452]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2452

--------------------------------------------------------------------------
Revision History
05 Sep 2005 Initial release
--------------------------------------------------------------------------

Copyright(C) 2005 Turbolinux, Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDHB9jK0LzjOqIJMwRAiaEAKCEqzzshNhw9WLOHKkW3qg7C0b0UACeJkro
SUQ2uAxYxQHYMyM6RZWu43k=
=TSXG
-----END PGP SIGNATURE-----
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung