-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1091-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze June 8th, 2006 http://www.debian.org/security/faq - --------------------------------------------------------------------------
Package : tiff Vulnerability : buffer overflows Problem type : none or remote Debian-specific: no CVE ID : CVE-2006-2656 CVE-2006-2193 Debian Bug : 369819 Several problems have been discovered in the TIFF library. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2006-2193 SuSE discovered a buffer overflow in the conversion of TIFF files into PDF documents which could be exploited when tiff2pdf is used e.g. in a printer filter. CVE-2006-2656 The tiffsplit command from the TIFF library contains a buffer overflow in the commandline handling which could be exploited when the program is executed automatically on unknown filenames. For the old stable distribution (woody) this problem has been fixed in version 3.5.5-7woody2. For the stable distribution (sarge) this problem has been fixed in version 3.7.2-5. For the unstable distribution (sid) this problem has been fixed in version 3.8.2-4. We recommend that you upgrade your tiff packages. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5-7woody2.dsc Size/MD5 checksum: 635 63c05c844a00a57f87f1804dc668ccbf http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5-7woody2.diff.gz Size/MD5 checksum: 38682 5905ba8ea39b409b4aa2893b697f35bc http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5.orig.tar.gz Size/MD5 checksum: 693641 3b7199ba793dec6ca88f38bb0c8cc4d8 Alpha architecture: http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody2_alpha.deb Size/MD5 checksum: 141478 2e995b46f312ecf35858f06e50c2ae2e http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody2_alpha.deb Size/MD5 checksum: 106182 c383b1a1f292525e60efa68750bda5ae http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody2_alpha.deb Size/MD5 checksum: 423868 da0015dd297de4f4128488fca92c3a88 ARM architecture: http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody2_arm.deb Size/MD5 checksum: 117012 fe039271e5e9a94f56a2ca4c8a38a373 http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody2_arm.deb Size/MD5 checksum: 91610 d52006c179bfc3a13a779dfab1afa8fd http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody2_arm.deb Size/MD5 checksum: 404850 69dd0252a4e15f0bc84ddb0d53ce5c96 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody2_i386.deb Size/MD5 checksum: 112058 cc978252d32d2e853ed08a655940b15b http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody2_i386.deb Size/MD5 checksum: 82070 22733411e25f7fac444f148dcfb685a7 http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody2_i386.deb Size/MD5 checksum: 387442 dc8f36b0bfed0cc69d53c14f6b6e2fd4 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody2_ia64.deb Size/MD5 checksum: 158834 dda97df687d64fef045e7dd425a9b01e http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody2_ia64.deb Size/MD5 checksum: 136678 e43c8ca8bcbdb54d09cee79f7c2f5665 http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody2_ia64.deb Size/MD5 checksum: 447048 100db6566cc42766d93fd67913834096 HP Precision architecture: http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody2_hppa.deb Size/MD5 checksum: 128284 43c94055d54efb3d3d0708f527617ca8 http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody2_hppa.deb Size/MD5 checksum: 107708 089f41dfe3629250ddc02cbe1c76c649 http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody2_hppa.deb Size/MD5 checksum: 420730 018d785c7890016dfab3cba41e949dc5 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody2_m68k.deb Size/MD5 checksum: 107282 1719b7463ef81d07075c39453f793080 http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody2_m68k.deb Size/MD5 checksum: 80748 2020a4999f141c2b5ba47090c551de36 http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody2_m68k.deb Size/MD5 checksum: 380718 d75aa876cef53d488178caae1dc160f2 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody2_mips.deb Size/MD5 checksum: 124022 7deeb5d1d0b5eb2c536143949e507fb0 http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody2_mips.deb Size/MD5 checksum: 88820 ef4eed05b2bb2f853c74997141bab9e6 http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody2_mips.deb Size/MD5 checksum: 411210 d9a0dd8ae266524ff80efcd88e74365a Little endian MIPS architecture: http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody2_mipsel.deb Size/MD5 checksum: 123536 88738fa15be0cb199c006503a12e13df http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody2_mipsel.deb Size/MD5 checksum: 89122 beaf555e5d72f290852777b750a676cc http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody2_mipsel.deb Size/MD5 checksum: 411326 61a6b79d2fd527d1c3fcd41eac1bd408 PowerPC architecture: http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody2_powerpc.deb Size/MD5 checksum: 116102 5bb725af64e1f4c2d4a9bc90ab2cc8e0 http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody2_powerpc.deb Size/MD5 checksum: 90618 2e4cfb7cd4e2dee6418fa7f88f01c68f http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody2_powerpc.deb Size/MD5 checksum: 403142 39f179238a6d70f1a755c7a7751c6b1d IBM S/390 architecture: http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody2_s390.deb Size/MD5 checksum: 116912 a4c1ef170588a8be47985338e6f99074 http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody2_s390.deb Size/MD5 checksum: 92814 c33810f1cae1535ceb0d2f06a2cc4875 http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody2_s390.deb Size/MD5 checksum: 395670 0925a01ed6e686c24aecba121ee12a7f Sun Sparc architecture: http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody2_sparc.deb Size/MD5 checksum: 132896 653921fed0879588e859ec05555d25ad http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody2_sparc.deb Size/MD5 checksum: 89798 7097a2950a1a40f46c91cccd97e9fef3 http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody2_sparc.deb Size/MD5 checksum: 397444 82752cc23951fc4e26838a704fd18561 Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2-5.dsc Size/MD5 checksum: 736 a818c1d8f13bba145e33b79f5b476707 http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2-5.diff.gz Size/MD5 checksum: 11836 91da082b84456d159fcea664b99012d2 http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2.orig.tar.gz Size/MD5 checksum: 1252995 221679f6d5c15670b3c242cbfff79a00 Alpha architecture: http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-5_alpha.deb Size/MD5 checksum: 46922 0c35a8df000764e528ae384ac325b8ad http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-5_alpha.deb Size/MD5 checksum: 243676 b8745078cb5af1773f1b28e97a787343 http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-5_alpha.deb Size/MD5 checksum: 478368 6aa0652b69c62bfc7e51c6781d06fa19 http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-5_alpha.deb Size/MD5 checksum: 309918 adb7022423ccd165188e8071e19cc442 http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-5_alpha.deb Size/MD5 checksum: 41048 72d163b97923c66a8b632e1907bc0865 AMD64 architecture: http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-5_amd64.deb Size/MD5 checksum: 45848 f79893646f9c74fdef624f949fea88ad http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-5_amd64.deb Size/MD5 checksum: 217914 b4abe50b4c24e899cbb961612ff3bdb2 http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-5_amd64.deb Size/MD5 checksum: 459378 d01fdb8c0c066e5e4503b006b696658d http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-5_amd64.deb Size/MD5 checksum: 266960 a13564cc4b1ab7cfe8e956a556c8ee25 http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-5_amd64.deb Size/MD5 checksum: 40618 9114caa1d68c7197f9fa24c1747cd99d ARM architecture: http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-5_arm.deb Size/MD5 checksum: 45362 fce43634a68f4a8867764f9b8649f07a http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-5_arm.deb Size/MD5 checksum: 208490 64553848b27faef1fc6072623904db18 http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-5_arm.deb Size/MD5 checksum: 453542 16cde56a8e4d74ff39fec6f1cc664171 http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-5_arm.deb Size/MD5 checksum: 265224 c1e43bfa93d33ea20c970485c2559ec1 http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-5_arm.deb Size/MD5 checksum: 40112 835f54888f47687d80bd283956b6a433 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-5_i386.deb Size/MD5 checksum: 45226 fb6a72018e538b9c01be4f1d7b83f5ee http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-5_i386.deb Size/MD5 checksum: 206256 bc2113c8fa422bfa43770aff225ef6a2 http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-5_i386.deb Size/MD5 checksum: 452596 ecd7de1fd8b95c90a20e8418781c129b http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-5_i386.deb Size/MD5 checksum: 251726 5d7ab853c833dbf09fecb7da82a90f1d http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-5_i386.deb Size/MD5 checksum: 40666 94f82a8a5aa26e51e6cb5d8dd2b2d6d7 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-5_ia64.deb Size/MD5 checksum: 48314 eced941bad1e44163b1732e7d140e47f http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-5_ia64.deb Size/MD5 checksum: 268978 791e5bdfdc7ffc390156b80715c76511 http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-5_ia64.deb Size/MD5 checksum: 511152 6c74c5b71ae314d7332e5c717edb4a0b http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-5_ia64.deb Size/MD5 checksum: 330884 e73f9cd34760e6e90705a22a082e701b http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-5_ia64.deb Size/MD5 checksum: 42252 6b66dd7679be12ffe5927e6fb4fea6df HP Precision architecture: http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-5_hppa.deb Size/MD5 checksum: 46654 d8f619cfa26dde8579513f6d0b81a0f1 http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-5_hppa.deb Size/MD5 checksum: 230166 1321bf6e1d105ddd339b7e5557aa5719 http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-5_hppa.deb Size/MD5 checksum: 473080 ab55bbf0033b1b650ee927d21ce9c738 http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-5_hppa.deb Size/MD5 checksum: 281620 93cf9c2dfa23e2c20e8795dd62dfc1ff http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-5_hppa.deb Size/MD5 checksum: 41294 6ff9f727d5da771f334f75d58e118bfe Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-5_m68k.deb Size/MD5 checksum: 45238 4020963162aeba32e183855003f5282c http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-5_m68k.deb Size/MD5 checksum: 193466 dd132dae95518b681b29f18dc72b5126 http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-5_m68k.deb Size/MD5 checksum: 442750 64ec9d1c9e3cc0bcf916b685437af60d http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-5_m68k.deb Size/MD5 checksum: 234514 7a50d86d056760ff37bbd585b136df14 http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-5_m68k.deb Size/MD5 checksum: 40270 491986255b51eaccb5ddcece25ecc732 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-5_mips.deb Size/MD5 checksum: 46118 2a6f6b1f5e1557c3ef4297ee0eabc985 http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-5_mips.deb Size/MD5 checksum: 252258 a21f9c0fc9c53b13b14efd641a3cb8ae http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-5_mips.deb Size/MD5 checksum: 458604 30db35156ea16a19a75edfb35ad2a14d http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-5_mips.deb Size/MD5 checksum: 280506 53f30322a6fc900b4f0ebc5f3d492676 http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-5_mips.deb Size/MD5 checksum: 40894 170ea7645a3c5543cc5caae43ad5c0a6 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-5_mipsel.deb Size/MD5 checksum: 46080 43c5a8ea470cb03a0d2ef8b9933c7857 http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-5_mipsel.deb Size/MD5 checksum: 252690 857f1625966dbc12f508700a471ac831 http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-5_mipsel.deb Size/MD5 checksum: 458972 6f4c7d7ffe16f8c99ab81924da944985 http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-5_mipsel.deb Size/MD5 checksum: 280370 cd2a531fa482b3e48c539e2dd3561494 http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-5_mipsel.deb Size/MD5 checksum: 40880 a81fef82f1d0a9d7d1001e7a325fee30 PowerPC architecture: http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-5_powerpc.deb Size/MD5 checksum: 47288 24f1d1ac568afd55118a1fc57f903394 http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-5_powerpc.deb Size/MD5 checksum: 235464 69addcbeaeeba30abe98dcb1efc1a285 http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-5_powerpc.deb Size/MD5 checksum: 460614 651e56b2fd88160d3a43b92aba8875eb http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-5_powerpc.deb Size/MD5 checksum: 272120 17b13db9ffe5f47941db64522210a26e http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-5_powerpc.deb Size/MD5 checksum: 42466 eaa2cce3db4913037c21d73e59cfed63 IBM S/390 architecture: http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-5_s390.deb Size/MD5 checksum: 46240 826c2293b0729b990ee4e78f5d44d5c4 http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-5_s390.deb Size/MD5 checksum: 213880 b4caf3c3eec6f7261af4eaff0f764bbf http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-5_s390.deb Size/MD5 checksum: 466012 2371e8d875c366fe532d447f9e4d185a http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-5_s390.deb Size/MD5 checksum: 266758 7b6b6981382dccaede04ffef2f5cfea1 http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-5_s390.deb Size/MD5 checksum: 40886 9e4f621bc83ac85dcf2a56fa7aa59e88 Sun Sparc architecture: http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-5_sparc.deb Size/MD5 checksum: 45530 a6cc6e6db7136497800635f5cd991381 http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-5_sparc.deb Size/MD5 checksum: 205358 8f72175e2f33bc5ab15ea5e9b5c77b91 http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-5_sparc.deb Size/MD5 checksum: 454782 229cc03ccc4397b839a9545cbe6e6500 http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-5_sparc.deb Size/MD5 checksum: 257914 f99730a57980cf56a28dc1ce2a74e016 http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-5_sparc.deb Size/MD5 checksum: 40616 8d38793d5c79a5498f7c5e0e2f9c37fe These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFEh/hAW5ql+IAeqTIRAov9AKCWBpr1DJ93OkzAAblfwOJ8GI7S4gCcDCTy ggrbN6fApkcg5Gwwqz6uQY0= =gJ1I -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/