libtiff-3.8.2-7.4.1AXS3

エラータID: AXSA:2009-380:01

Release date: 
Friday, August 28, 2009 - 20:45
Subject: 
libtiff-3.8.2-7.4.1AXS3
Affected Channels: 
Asianux Server 3 for x86
Asianux Server 3 for x86_64
Severity: 
High
Description: 

The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large.
The libtiff package should be installed if you need to manipulate TIFF format image files.
Fixed bugs:
CVE-2009-2285
Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327.
CVE-2009-2347
Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr.

Solution: 

Update packages.

CVEs: 
CVE-2009-2285
Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327.
CVE-2009-2347
Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr.
Additional Info: 

N/A

Download: 

SRPMS
  1. libtiff-3.8.2-7.4.1AXS3.src.rpm
    MD5: c8ecd9e1f4b82e49f660e7765a857aa3
    SHA-256: f2ba3e1f5c4670bca034be587d8a3fceccfd8ab08f2d94d15e4348444288110e
    Size: 1.30 MB

Asianux Server 3 for x86
  1. libtiff-3.8.2-7.4.1AXS3.i386.rpm
    MD5: 48ae927911fffeee66e0e21363d7d71e
    SHA-256: d769a034cb79cb0f7a67c4db3e6776cc4f2431a14665f75bfe5d8d4432c66ddf
    Size: 307.02 kB
  2. libtiff-devel-3.8.2-7.4.1AXS3.i386.rpm
    MD5: 19632bcf016406badc69b058930f1c57
    SHA-256: 2ebdca6d4021ca174a737d17bac0cc9145afb301d577a322418f5d92c6dc7cd5
    Size: 469.25 kB

Asianux Server 3 for x86_64
  1. libtiff-3.8.2-7.4.1AXS3.x86_64.rpm
    MD5: fd84dd5b41ca02180462847fa7b7a4b7
    SHA-256: e1af44333e115da0585e370854fde4a7de3383b23ed97223d0205b7e7048b5b3
    Size: 313.56 kB
  2. libtiff-devel-3.8.2-7.4.1AXS3.x86_64.rpm
    MD5: 78f9d55276c6716be6762fcf23973f46
    SHA-256: 64b703ebb78a9744abd118ceda77118c77dca1058fe7710c8093503197c3a7fa
    Size: 469.33 kB