libtiff-3.9.4-9.AXS4
エラータID: AXSA:2012-1046:03
リリース日:
2012/12/26 Wednesday - 14:17
題名:
libtiff-3.9.4-9.AXS4
影響のあるチャネル:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- LibTIFF の tiff2pdf (tools/tiff2pdf.c) 内の t2p_read_tiff_init 関数は、特定のエラーが発生する状況において、T2P コンテキストの構造体ポインタを適切に初期化しないため、サービス運用妨害 (クラッシュ) 状態となる、および任意のコードを実行される脆弱性が存在します。(CVE-2012-3401)
- LibTIFF の tif_pixarlog.c には、ヒープベースのバッファオーバーフローの脆弱性が存在します。(CVE-2012-4447)
- ppm2tiff は、TIFFScanlineSize 関数の戻り値をチェックしないため、サービス運用妨害 (クラッシュ) 状態になる、および任意のコードを実行される脆弱性が存在します。(CVE-2012-4564)
- 現時点では CVE-2012-5581 の情報が公開されておりません。
CVE の情報が公開され次第情報をアップデートいたします。(CVE-2012-5581)
一部 CVE の翻訳文は JVN からの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2012-3401
The t2p_read_tiff_init function in tiff2pdf (tools/tiff2pdf.c) in LibTIFF 4.0.2 and earlier does not properly initialize the T2P context struct pointer in certain error conditions, which allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers a heap-based buffer overflow.
The t2p_read_tiff_init function in tiff2pdf (tools/tiff2pdf.c) in LibTIFF 4.0.2 and earlier does not properly initialize the T2P context struct pointer in certain error conditions, which allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers a heap-based buffer overflow.
CVE-2012-4447
Heap-based buffer overflow in tif_pixarlog.c in LibTIFF before 4.0.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF image using the PixarLog Compression format.
Heap-based buffer overflow in tif_pixarlog.c in LibTIFF before 4.0.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF image using the PixarLog Compression format.
CVE-2012-4564
ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow.
ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow.
CVE-2012-5581
Stack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DOTRANGE tag in a TIFF image.
Stack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DOTRANGE tag in a TIFF image.
追加情報:
N/A
ダウンロード:
SRPMS
- libtiff-3.9.4-9.AXS4.src.rpm
MD5: f1d5607637cb857ed7deb3dbb53bb8cd
SHA-256: 68dec222235df806307c1fb4f232cf282b1a3aa5ae161953ea13c0b77932f036
Size: 1.40 MB
Asianux Server 4 for x86
- libtiff-3.9.4-9.AXS4.i686.rpm
MD5: 6924472d10b9930025515eb93af3845f
SHA-256: d3cd8ccb04c17a89ec9c31e0817746d3967a24fcf0799b7117c19daddefcb14e
Size: 338.29 kB - libtiff-devel-3.9.4-9.AXS4.i686.rpm
MD5: 59c50513915726ee49faa8e00b314334
SHA-256: ce24a3e1363e7deb887cc610e90fc052c2d1c5af04d854885228255385af286d
Size: 467.99 kB
Asianux Server 4 for x86_64
- libtiff-3.9.4-9.AXS4.x86_64.rpm
MD5: 7e5bffebce90a5ac6604037b0bdb8aa2
SHA-256: ff69e5e488b790f0e38e22f10067a7fb927f647edfd86b094a50080b40ff368d
Size: 341.26 kB - libtiff-devel-3.9.4-9.AXS4.x86_64.rpm
MD5: ae9c55b88eed27cfd4e843a4cafccdff
SHA-256: 39305098489b776444ccf96fbdf0361ef02ff82ea6b0423451e17b6425a2943c
Size: 467.60 kB - libtiff-3.9.4-9.AXS4.i686.rpm
MD5: 6924472d10b9930025515eb93af3845f
SHA-256: d3cd8ccb04c17a89ec9c31e0817746d3967a24fcf0799b7117c19daddefcb14e
Size: 338.29 kB - libtiff-devel-3.9.4-9.AXS4.i686.rpm
MD5: 59c50513915726ee49faa8e00b314334
SHA-256: ce24a3e1363e7deb887cc610e90fc052c2d1c5af04d854885228255385af286d
Size: 467.99 kB