libtiff-3.8.2-15.AXS3
エラータID: AXSA:2012-688:02
リリース日:
2012/08/02 Thursday - 21:57
題名:
libtiff-3.8.2-15.AXS3
影響のあるチャネル:
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- libtiff の tif_dirread.c の TIFFReadDirectory 関数には整数 signedness エラーが存在し,tiff イメージの負のタイルの深さによってリモートの攻撃者がサービス拒否 (アプリケーションのクラッシュ) を引き起こしたり,任意のコードを実行する可能性のある脆弱性があります。(CVE-2012-2088)
- libtiff の tiff2pdf には複数の整数オーバーフローが存在し,巧妙に細工された tiff イメージによって,リモートの攻撃者がサービス拒否 (アプリケーションのクラッシュ) を引き起こしたり,あるいは任意のコードを実行する可能性のある脆弱性があります。(CVE-2012-2113)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2012-2088
Integer signedness error in the TIFFReadDirectory function in tif_dirread.c in libtiff 3.9.4 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a negative tile depth in a tiff image, which triggers an improper conversion between signed and unsigned types, leading to a heap-based buffer overflow.
Integer signedness error in the TIFFReadDirectory function in tif_dirread.c in libtiff 3.9.4 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a negative tile depth in a tiff image, which triggers an improper conversion between signed and unsigned types, leading to a heap-based buffer overflow.
CVE-2012-2113
Multiple integer overflows in tiff2pdf in libtiff before 4.0.2 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.
Multiple integer overflows in tiff2pdf in libtiff before 4.0.2 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.
追加情報:
N/A
ダウンロード:
SRPMS
- libtiff-3.8.2-15.AXS3.src.rpm
MD5: 0924b90838c46eb601c979cc02e42765
SHA-256: bed522170c8d2c265845f235fcc7712b28f5265f0fa824ae655782bcb4ca8684
Size: 1.30 MB
Asianux Server 3 for x86
- libtiff-3.8.2-15.AXS3.i386.rpm
MD5: 0569b6cced344c949daf8950d40f4b6f
SHA-256: 5cf80aad6642cc63a9a9e78f4d0bfcc396d35e0c233971c1eb4d3425330deaef
Size: 310.30 kB - libtiff-devel-3.8.2-15.AXS3.i386.rpm
MD5: 3074555936261fa7aa24d18a80d68513
SHA-256: 08015601b8e26a20b24c1f2b4be983a94f5d95d67a7c6a6a3b81d97e24e5c13e
Size: 469.84 kB
Asianux Server 3 for x86_64
- libtiff-3.8.2-15.AXS3.x86_64.rpm
MD5: 794a3e6f33ef013e1bfb48d8a0b2fa9a
SHA-256: 89b3ff79d0a22f448e59ec907d9b45354527f45eff926f76dddb382607483a5b
Size: 315.41 kB - libtiff-devel-3.8.2-15.AXS3.x86_64.rpm
MD5: f6559e9257045c53cf878be8bdbafcbc
SHA-256: 6d8a11c12fb7db1aa3596bf10b33948508663968f06c3d0bc989b4d0ff2cd171
Size: 469.81 kB