Date: Sat, 26 Feb 2005 22:48:08 +1030 From: Ian Moore <no-spam@swiftdsl.com.au> To: Alexander Leidinger <Alexander@leidinger.net> Cc: freebsd-emulation@freebsd.org Subject: Re: linux-tiff port update Message-ID: <200502262248.16121.no-spam@swiftdsl.com.au> In-Reply-To: <20050226124625.5a336b16@Magellan.Leidinger.net> References: <200502191157.06108.no-spam@swiftdsl.com.au> <20050226124625.5a336b16@Magellan.Leidinger.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart1412344.YoRikpDQaF Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Sat, 26 Feb 2005 22:16, Alexander Leidinger wrote: > On Sat, 19 Feb 2005 11:56:59 +1030 > > Ian Moore <no-spam@swiftdsl.com.au> wrote: > > Hi, > > The linux-tiff port seems to have a security vunerablility for quite so= me > > time now. Is a new version due sometime soon, or has it perhaps been ma= de > > Can you point me please to the vulnerabilities (and perhaps newer RPMs)? > > I've just looked for a new update at the suse ftp site, but can' find a > newer version. > > Bye, > Alexander. The vunerablilities for 3.5.5_2 are: Affected package: linux-tiff-3.5.5_2 Type of problem: tiff -- divide-by-zero denial-of-service. Reference:=20 <http://www.FreeBSD.org/ports/portaudit/b58ff497-6977-11d9-ae49-000c41e2cda= d.html> Affected package: linux-tiff-3.5.5_2 Type of problem: tiff -- tiffdump integer overflow vulnerability. Reference:=20 <http://www.FreeBSD.org/ports/portaudit/8f86d8b5-6025-11d9-a9e7-0001020eed8= 2.html> Affected package: linux-tiff-3.5.5_2 Type of problem: tiff -- directory entry count integer overflow vulnerabili= ty. Reference:=20 <http://www.FreeBSD.org/ports/portaudit/fc7e6a42-6012-11d9-a9e7-0001020eed8= 2.html> Affected package: linux-tiff-3.5.5_2 Type of problem: tiff -- multiple integer overflows. Reference:=20 <http://www.FreeBSD.org/ports/portaudit/3897a2f8-1d57-11d9-bc4a-000c41e2cda= d.html> Affected package: linux-tiff-3.5.5_2 Type of problem: tiff -- RLE decoder heap overflows. Reference:=20 <http://www.FreeBSD.org/ports/portaudit/f6680c03-0bd8-11d9-8a8a-000c41e2cda= d.html> =46or 3.6.1_1 (the current port): =3D=3D=3D> linux-tiff-3.6.1_1 has known vulnerabilities: =3D> tiff -- tiffdump integer overflow vulnerability. Reference:=20 <http://www.FreeBSD.org/ports/portaudit/8f86d8b5-6025-11d9-a9e7-0001020eed8= 2.html> =3D> tiff -- directory entry count integer overflow vulnerability. Reference:=20 <http://www.FreeBSD.org/ports/portaudit/fc7e6a42-6012-11d9-a9e7-0001020eed8= 2.html> =3D> tiff -- multiple integer overflows. Reference:=20 <http://www.FreeBSD.org/ports/portaudit/3897a2f8-1d57-11d9-bc4a-000c41e2cda= d.html> =3D> tiff -- RLE decoder heap overflows. Reference:=20 <http://www.FreeBSD.org/ports/portaudit/f6680c03-0bd8-11d9-8a8a-000c41e2cda= d.html> Cheers, =2D-=20 Ian GPG Key: http://home.swiftdsl.com.au/~imoore/no-spam.asc --nextPart1412344.YoRikpDQaF Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQBCIGkIPUlnmbKkJ6ARAgyOAJ9uF1vugRrthkN1/nKCN9Jq8Ifr4QCfbmjM ipdQJtdLLZqj6Pqpoa2FBY0= =N9m6 -----END PGP SIGNATURE----- --nextPart1412344.YoRikpDQaF--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200502262248.16121.no-spam>