From owner-freebsd-emulation@FreeBSD.ORG Sat Feb 26 12:18:21 2005 Return-Path: Delivered-To: freebsd-emulation@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 51FD116A4CE for ; Sat, 26 Feb 2005 12:18:21 +0000 (GMT) Received: from smtp.ade.swiftdsl.com.au (smtp.ade.swiftdsl.com.au [218.214.228.98]) by mx1.FreeBSD.org (Postfix) with SMTP id 21C5343D5E for ; Sat, 26 Feb 2005 12:18:20 +0000 (GMT) (envelope-from no-spam@swiftdsl.com.au) Received: (qmail 16571 invoked from network); 26 Feb 2005 12:18:21 -0000 Received: from unknown (HELO daemon.foo.lan) (218.214.176.70) by smtp.ade.swiftdsl.com.au with SMTP; 26 Feb 2005 12:18:21 -0000 From: Ian Moore To: Alexander Leidinger Date: Sat, 26 Feb 2005 22:48:08 +1030 User-Agent: KMail/1.7.2 References: <200502191157.06108.no-spam@swiftdsl.com.au> <20050226124625.5a336b16@Magellan.Leidinger.net> In-Reply-To: <20050226124625.5a336b16@Magellan.Leidinger.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1412344.YoRikpDQaF"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200502262248.16121.no-spam@swiftdsl.com.au> cc: freebsd-emulation@freebsd.org Subject: Re: linux-tiff port update X-BeenThere: freebsd-emulation@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Development of Emulators of other operating systems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 26 Feb 2005 12:18:21 -0000 --nextPart1412344.YoRikpDQaF Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Sat, 26 Feb 2005 22:16, Alexander Leidinger wrote: > On Sat, 19 Feb 2005 11:56:59 +1030 > > Ian Moore wrote: > > Hi, > > The linux-tiff port seems to have a security vunerablility for quite so= me > > time now. Is a new version due sometime soon, or has it perhaps been ma= de > > Can you point me please to the vulnerabilities (and perhaps newer RPMs)? > > I've just looked for a new update at the suse ftp site, but can' find a > newer version. > > Bye, > Alexander. The vunerablilities for 3.5.5_2 are: Affected package: linux-tiff-3.5.5_2 Type of problem: tiff -- divide-by-zero denial-of-service. Reference:=20 Affected package: linux-tiff-3.5.5_2 Type of problem: tiff -- tiffdump integer overflow vulnerability. Reference:=20 Affected package: linux-tiff-3.5.5_2 Type of problem: tiff -- directory entry count integer overflow vulnerabili= ty. Reference:=20 Affected package: linux-tiff-3.5.5_2 Type of problem: tiff -- multiple integer overflows. Reference:=20 Affected package: linux-tiff-3.5.5_2 Type of problem: tiff -- RLE decoder heap overflows. Reference:=20 =46or 3.6.1_1 (the current port): =3D=3D=3D> linux-tiff-3.6.1_1 has known vulnerabilities: =3D> tiff -- tiffdump integer overflow vulnerability. Reference:=20 =3D> tiff -- directory entry count integer overflow vulnerability. Reference:=20 =3D> tiff -- multiple integer overflows. Reference:=20 =3D> tiff -- RLE decoder heap overflows. Reference:=20 Cheers, =2D-=20 Ian GPG Key: http://home.swiftdsl.com.au/~imoore/no-spam.asc --nextPart1412344.YoRikpDQaF Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQBCIGkIPUlnmbKkJ6ARAgyOAJ9uF1vugRrthkN1/nKCN9Jq8Ifr4QCfbmjM ipdQJtdLLZqj6Pqpoa2FBY0= =N9m6 -----END PGP SIGNATURE----- --nextPart1412344.YoRikpDQaF--