From owner-freebsd-emulation@FreeBSD.ORG Fri Apr 28 14:39:40 2006 Return-Path: X-Original-To: freebsd-emulation@FreeBSD.org Delivered-To: freebsd-emulation@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 93AC616A402 for ; Fri, 28 Apr 2006 14:39:40 +0000 (UTC) (envelope-from mnag@FreeBSD.org) Received: from corp.grupos.com.br (corp.grupos.com.br [200.193.29.43]) by mx1.FreeBSD.org (Postfix) with ESMTP id F30F843D45 for ; Fri, 28 Apr 2006 14:39:39 +0000 (GMT) (envelope-from mnag@FreeBSD.org) Received: from corp.grupos.com.br (localhost [127.0.0.1]) by corp.grupos.com.br (Postfix) with ESMTP id DD92955B2 for ; Fri, 28 Apr 2006 11:39:34 -0300 (BRT) Received: from [192.168.10.10] (marcus.grupos.com.br [192.168.10.10]) by corp.grupos.com.br (Postfix) with ESMTP id D2B51559E for ; Fri, 28 Apr 2006 11:39:34 -0300 (BRT) Message-ID: <44522926.7050400@FreeBSD.org> Date: Fri, 28 Apr 2006 11:39:34 -0300 From: Marcus Alves Grando Organization: FreeBSD User-Agent: Thunderbird 1.5 (X11/20060114) MIME-Version: 1.0 To: freebsd-emulation@FreeBSD.org X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Filtered: By ProxSMTP using Clamav and Bogofilter Cc: Subject: [Fwd: [SA19838] LibTIFF Multiple Vulnerabilities] X-BeenThere: freebsd-emulation@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Development of Emulators of other operating systems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Apr 2006 14:39:40 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Can someone update graphics/linux-tiff to fix this issue? Thanks - -------- Original Message -------- Subject: [SA19838] LibTIFF Multiple Vulnerabilities Date: 28 Apr 2006 09:33:52 -0000 From: Secunia Security Advisories To: marcus@corp.grupos.com.br TITLE: LibTIFF Multiple Vulnerabilities SECUNIA ADVISORY ID: SA19838 VERIFY ADVISORY: http://secunia.com/advisories/19838/ CRITICAL: Moderately critical IMPACT: DoS, System access WHERE: - From remote SOFTWARE: LibTIFF 3.x http://secunia.com/product/4053/ DESCRIPTION: Tavis Ormandy has reported some vulnerabilities in LibTIFF, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system. 1) Several unspecified errors in the "TIFFFetchAnyArray()" function and in the cleanup functions can be exploited to crash an application linked against LibTIFF when a specially crafted TIFF image is processed. 2) An integer overflow error in the "TIFFFetchData()" function in tif_dirread.c can be exploited to crash an application linked against LibTIFF and may allow arbitrary code execution when a specially crafted TIFF image is processed. 3) A double free error in tif_jpeg.c within the setfield/getfield methods in the cleanup functions can be exploited to crash an application linked against LibTIFF and may allow arbitrary code execution when a specially crafted TIFF image is processed. The vulnerabilities have been reported in version 3.8.0. Prior versions may also be affected. SOLUTION: Update to version 3.8.1 or later. http://www.remotesensing.org/libtiff/ PROVIDED AND/OR DISCOVERED BY: Tavis Ormandy ORIGINAL ADVISORY: http://www.remotesensing.org/libtiff/v3.8.1.html http://bugzilla.remotesensing.org/show_bug.cgi?id=1102 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189933 - ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. - ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=marcus%40corp.grupos.com.br - ---------------------------------------------------------------------- - -- Marcus Alves Grando FreeBSD Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEUikli+5fOs3MJz8RAsNfAJ4uUn8CCjpAVTeBPUTbqKf4HfqumgCfXZd+ EsvaV6xjmgla8V9bvO4r2ks= =KkmQ -----END PGP SIGNATURE-----