libtiff-3.8.2-7.2

エラータID: AXSA:2008-91:01

Release date: 
Monday, September 22, 2008 - 12:53
Subject: 
libtiff-3.8.2-7.2
Affected Channels: 
Asianux Server 3 for ia64
Asianux Server 3 for x86
Asianux Server 3 for x86_64
Asianux Server 3 for ppc
Severity: 
High
Description: 

The libtiff package contains a library of functions for manipulating
TIFF (Tagged Image File Format) image format files. TIFF is a widely
used file format for bitmapped images. TIFF files usually end in the
.tif extension and they are often quite large.
CVE-2008-2327 libtiff:
use of uninitialized memory in LZW decoder. Multiple buffer underflows in the (1) ZWDecode and (2) LZWDecodeCompat functions in tif_lzw.c in the LZW decoder in ibTIFF 3.8.2 and earlier allow context-dependent attackers to execute arbitrary code via a crafted TIFF file.
NOTE: some of these details are obtained from third party information.

Solution: 

Update packages

CVEs: 
CVE-2008-2327
Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, and (3) LZWDecodeVector functions in tif_lzw.c in the LZW decoder in LibTIFF 3.8.2 and earlier allow context-dependent attackers to execute arbitrary code via a crafted TIFF file, related to improper handling of the CODE_CLEAR code.


Additional Info: 

N/A

Download: 

Asianux Server 3 for x86
  1. libtiff-3.8.2-7.2.i386.rpm
    MD5: 41eadbb89dbdf82c2c16640f7c67168d
    SHA-256: 68d5504711f633a07216e72bbb58f49d40d9c28b31f5fff0480fd4086fec3f85
    Size: 308.43 kB
  2. libtiff-devel-3.8.2-7.2.i386.rpm
    MD5: eea95314c59ab755c51ffa0354ab5d19
    SHA-256: a56cee78ae6ba79aedf948806e2ac31d1a4adb52cc994d8d9263f7ec2b2d49e5
    Size: 476.30 kB

Asianux Server 3 for x86_64
  1. libtiff-3.8.2-7.2.x86_64.rpm
    MD5: dd5a2394157dd4a102ecd22c30f9db8e
    SHA-256: 8a30350c32e13dbf04e7cae653d4b3ef55e568365d266405a5d958894b9b1b18
    Size: 315.57 kB
  2. libtiff-devel-3.8.2-7.2.x86_64.rpm
    MD5: d9445940ea2e210591e85a1c38dbd773
    SHA-256: 5910c6fa57d2fb49a9ff2ee71f8df1d8a4e9e1f36cb2a3623ebeae0643ad5d83
    Size: 475.93 kB