linux-tiff port update
Ian Moore
no-spam at swiftdsl.com.au
Sat Feb 26 12:18:21 GMT 2005
On Sat, 26 Feb 2005 22:16, Alexander Leidinger wrote:
> On Sat, 19 Feb 2005 11:56:59 +1030
>
> Ian Moore <no-spam at swiftdsl.com.au> wrote:
> > Hi,
> > The linux-tiff port seems to have a security vunerablility for quite some
> > time now. Is a new version due sometime soon, or has it perhaps been made
>
> Can you point me please to the vulnerabilities (and perhaps newer RPMs)?
>
> I've just looked for a new update at the suse ftp site, but can' find a
> newer version.
>
> Bye,
> Alexander.
The vunerablilities for 3.5.5_2 are:
Affected package: linux-tiff-3.5.5_2
Type of problem: tiff -- divide-by-zero denial-of-service.
Reference:
<http://www.FreeBSD.org/ports/portaudit/b58ff497-6977-11d9-ae49-000c41e2cdad.html>
Affected package: linux-tiff-3.5.5_2
Type of problem: tiff -- tiffdump integer overflow vulnerability.
Reference:
<http://www.FreeBSD.org/ports/portaudit/8f86d8b5-6025-11d9-a9e7-0001020eed82.html>
Affected package: linux-tiff-3.5.5_2
Type of problem: tiff -- directory entry count integer overflow vulnerability.
Reference:
<http://www.FreeBSD.org/ports/portaudit/fc7e6a42-6012-11d9-a9e7-0001020eed82.html>
Affected package: linux-tiff-3.5.5_2
Type of problem: tiff -- multiple integer overflows.
Reference:
<http://www.FreeBSD.org/ports/portaudit/3897a2f8-1d57-11d9-bc4a-000c41e2cdad.html>
Affected package: linux-tiff-3.5.5_2
Type of problem: tiff -- RLE decoder heap overflows.
Reference:
<http://www.FreeBSD.org/ports/portaudit/f6680c03-0bd8-11d9-8a8a-000c41e2cdad.html>
For 3.6.1_1 (the current port):
===> linux-tiff-3.6.1_1 has known vulnerabilities:
=> tiff -- tiffdump integer overflow vulnerability.
Reference:
<http://www.FreeBSD.org/ports/portaudit/8f86d8b5-6025-11d9-a9e7-0001020eed82.html>
=> tiff -- directory entry count integer overflow vulnerability.
Reference:
<http://www.FreeBSD.org/ports/portaudit/fc7e6a42-6012-11d9-a9e7-0001020eed82.html>
=> tiff -- multiple integer overflows.
Reference:
<http://www.FreeBSD.org/ports/portaudit/3897a2f8-1d57-11d9-bc4a-000c41e2cdad.html>
=> tiff -- RLE decoder heap overflows.
Reference:
<http://www.FreeBSD.org/ports/portaudit/f6680c03-0bd8-11d9-8a8a-000c41e2cdad.html>
Cheers,
--
Ian
GPG Key: http://home.swiftdsl.com.au/~imoore/no-spam.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-emulation/attachments/20050226/6af7fc8d/attachment.bin
More information about the freebsd-emulation
mailing list