libtiff-3.8.2-7.6.0.1.AXS3
エラータID: AXSA:2011-76:01
リリース日:
2011/03/07 Monday - 20:22
題名:
libtiff-3.8.2-7.6.0.1.AXS3
影響のあるチャネル:
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity:
High
Description:
以下項目について対処しました。<br /><br /><br /><br /><br /><br /><br /><br />
<br /><br /><br /><br /><br /><br /><br /><br />
[Security Fix]<br /><br /><br /><br /><br /><br /><br /><br />
- LibTIFF にはバッファオーバーフローが存在し、巧妙に細工された CCITT Group 4 エンコードされた TIFF イメージによって、リモートの攻撃者が任意のコードを実行したり、サービス拒否(アプリケーションのクラッシュ)を引き起こす脆弱性があります。(CVE-2011-0192)<br /><br /><br /><br /><br /><br /><br /><br />
<br /><br /><br /><br /><br /><br /><br /><br />
一部CVEの翻訳文はJVNからの引用になります。<br /><br /><br /><br /><br /><br /><br /><br />
http://jvndb.jvn.jp/<br /><br /><br /><br /><br /><br /><br /><br />
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2011-0192
Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF Internet Fax image file that has been compressed using CCITT Group 4 encoding, related to the EXPAND2D macro in libtiff/tif_fax3.h. NOTE: some of these details are obtained from third party information.
Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF Internet Fax image file that has been compressed using CCITT Group 4 encoding, related to the EXPAND2D macro in libtiff/tif_fax3.h. NOTE: some of these details are obtained from third party information.
追加情報:
N/A
ダウンロード:
SRPMS
- libtiff-3.8.2-7.6.0.1.AXS3.src.rpm
MD5: 2f955fb7b8515dfffe77dc1b117ff43b
SHA-256: 32de8b8a3781550296fe395569d12d9a6fa8d4c33fbbc7e8f9117f0080a50482
Size: 1.30 MB
Asianux Server 3 for x86
- libtiff-3.8.2-7.6.0.1.AXS3.i386.rpm
MD5: 558e2339f4340fa199ac308ce6a71743
SHA-256: 89b2f00f251770b177acee851a629cb24b54555b0144a129ad380e40541e5e5a
Size: 309.22 kB - libtiff-devel-3.8.2-7.6.0.1.AXS3.i386.rpm
MD5: 5e398dd2eb26f373257d9fd6741d8a28
SHA-256: 83899414fb030134fcd2e7d1587496ee1600c07530249946cac9e00e8cbd086f
Size: 469.58 kB
Asianux Server 3 for x86_64
- libtiff-3.8.2-7.6.0.1.AXS3.x86_64.rpm
MD5: b224f7a07d60e8d93a621d60ecbb0d70
SHA-256: 618c7473e27d674c08eb0bcc46924b4fe26227c1b989bd24567fbad36eb7ae4a
Size: 314.66 kB - libtiff-devel-3.8.2-7.6.0.1.AXS3.x86_64.rpm
MD5: 649fc18c867ea2c831bff6ac29d2d0d9
SHA-256: 4e403e40deb17ca8038d6c20d7697915a15b2cf6fb513fa3bce264987727d944
Size: 469.57 kB