Support / Security / Advisories / Multi Network Firewall 2.0 / MDKSA-2005:142

Package name: libtiff
Date: 2005-08-17
Advisory ID: MDKSA-2005:142
Affected versions: MNF2.0 i586 , 10.2 x86_64 , CS2.1 x86_64 , 10.0 amd64 , 10.2 i586 , 10.1 i586 , 10.0 i586 , CS3.0 x86_64 , CS3.0 i586 , CS2.1 i586 , 10.1 x86_64

Problem description

Wouter Hanegraaff discovered that the TIFF library did not sufficiently validate the "YCbCr subsampling" value in TIFF image headers. Decoding a malicious image with a zero value resulted in an arithmetic exception, which can cause a program that uses the TIFF library to crash. The updated packages are patched to protect against this vulnerability.

Updated packages

MNF2.0 i586

 29096b79d63f19c6e6602b6fe8859bae  mnf/2.0/RPMS/libtiff3-3.5.7-11.7.M20mdk.i586.rpm
6983f0e032014df1ffeeb14306e5d410  mnf/2.0/SRPMS/libtiff-3.5.7-11.7.M20mdk.src.rpm

10.2 x86_64

 b19a75b4230c1a67febfbbd1d7e3bd0b  x86_64/10.2/RPMS/lib64tiff3-3.6.1-11.1.102mdk.x86_64.rpm
dd11b518706b082c138aa4a7a427235d  x86_64/10.2/RPMS/lib64tiff3-devel-3.6.1-11.1.102mdk.x86_64.rpm
78da0140db6312a7813e21da700cc129  x86_64/10.2/RPMS/lib64tiff3-static-devel-3.6.1-11.1.102mdk.x86_64.rpm
1a3d856456e521653f3f94b29b561b1d  x86_64/10.2/RPMS/libtiff-progs-3.6.1-11.1.102mdk.x86_64.rpm
60bd2c3885e06f49e97ed114ea22c260  x86_64/10.2/SRPMS/libtiff-3.6.1-11.1.102mdk.src.rpm

CS2.1 x86_64

 b9a3c705853bfc458adbbe7b9b35292c  x86_64/corporate/2.1/RPMS/libtiff3-3.5.7-6.2.C21mdk.x86_64.rpm
ccb61469627ec442bbb1606e2c5493fe  x86_64/corporate/2.1/RPMS/libtiff3-devel-3.5.7-6.2.C21mdk.x86_64.rpm
ed0414cff8b668737b401b3874295fb0  x86_64/corporate/2.1/RPMS/libtiff3-progs-3.5.7-6.2.C21mdk.x86_64.rpm
2cb106b7e639a4adbf866fcf0bcb95a2  x86_64/corporate/2.1/RPMS/libtiff3-static-devel-3.5.7-6.2.C21mdk.x86_64.rpm
261d009314678a8e54d903234e53f2d5  x86_64/corporate/2.1/SRPMS/libtiff-3.5.7-6.2.C21mdk.src.rpm

10.0 amd64

 a3b989bdce7af31d4886466ff1441526  amd64/10.0/RPMS/lib64tiff3-3.5.7-11.7.100mdk.amd64.rpm
97d58685556a85cb2ab884f7ebadb536  amd64/10.0/RPMS/lib64tiff3-devel-3.5.7-11.7.100mdk.amd64.rpm
8b8ddac45016f59118a7779ff6d027c6  amd64/10.0/RPMS/lib64tiff3-static-devel-3.5.7-11.7.100mdk.amd64.rpm
30c99b6bb385cd3dfc98d50c8a3c9196  amd64/10.0/RPMS/libtiff-progs-3.5.7-11.7.100mdk.amd64.rpm
f7d3fce17d5e63a28f9438a29e640aa4  amd64/10.0/SRPMS/libtiff-3.5.7-11.7.100mdk.src.rpm

10.2 i586

 ddfec22eb079ad3e3c3e181581a32515  10.2/RPMS/libtiff-progs-3.6.1-11.1.102mdk.i586.rpm
85002ad26c89bd5f00f49aa7848914ed  10.2/RPMS/libtiff3-3.6.1-11.1.102mdk.i586.rpm
1680f0094d4a1f4d7783a63536992342  10.2/RPMS/libtiff3-devel-3.6.1-11.1.102mdk.i586.rpm
ab5d56da0e46e583d7d5559b460c015b  10.2/RPMS/libtiff3-static-devel-3.6.1-11.1.102mdk.i586.rpm
60bd2c3885e06f49e97ed114ea22c260  10.2/SRPMS/libtiff-3.6.1-11.1.102mdk.src.rpm

10.1 i586

 c76c200a605c1f0584782fb49518e29d  10.1/RPMS/libtiff-progs-3.6.1-4.4.101mdk.i586.rpm
773afaac9d2ed45b124216a7b8059f55  10.1/RPMS/libtiff3-3.6.1-4.4.101mdk.i586.rpm
bcc744f04a6a8b772fa3c63ad5e5bda3  10.1/RPMS/libtiff3-devel-3.6.1-4.4.101mdk.i586.rpm
c2f0a831fc371041221c54f288e99bb2  10.1/RPMS/libtiff3-static-devel-3.6.1-4.4.101mdk.i586.rpm
835e5009fabee9050f055d951a3d0f8a  10.1/SRPMS/libtiff-3.6.1-4.4.101mdk.src.rpm

10.0 i586

 cc0fa1b1b5fd12c4083cc9eb98a5458f  10.0/RPMS/libtiff-progs-3.5.7-11.7.100mdk.i586.rpm
8fb0219e7d642d2fdc241d8927421d48  10.0/RPMS/libtiff3-3.5.7-11.7.100mdk.i586.rpm
cbfd4d23c8ac8562c92e55a035d80a67  10.0/RPMS/libtiff3-devel-3.5.7-11.7.100mdk.i586.rpm
e74038d540e7d00a1b050f7b26cd56a9  10.0/RPMS/libtiff3-static-devel-3.5.7-11.7.100mdk.i586.rpm
f7d3fce17d5e63a28f9438a29e640aa4  10.0/SRPMS/libtiff-3.5.7-11.7.100mdk.src.rpm

CS3.0 x86_64

 3c87ea4b94f226decf5a8e751ec9ad17  x86_64/corporate/3.0/RPMS/lib64tiff3-3.5.7-11.7.C30mdk.x86_64.rpm
5b5663889c26d6c52de85dc300bcab18  x86_64/corporate/3.0/RPMS/lib64tiff3-devel-3.5.7-11.7.C30mdk.x86_64.rpm
aa63bf920d4c74f6ce6cabc896846241  x86_64/corporate/3.0/RPMS/lib64tiff3-static-devel-3.5.7-11.7.C30mdk.x86_64.rpm
022ac2f20e0c349d7dcce42e6cbe7a6c  x86_64/corporate/3.0/RPMS/libtiff-progs-3.5.7-11.7.C30mdk.x86_64.rpm
6bd7338ff5198c5f9edd77b31ecf7190  x86_64/corporate/3.0/SRPMS/libtiff-3.5.7-11.7.C30mdk.src.rpm

CS3.0 i586

 5d467dc33e472e58f78111bef860b052  corporate/3.0/RPMS/libtiff-progs-3.5.7-11.7.C30mdk.i586.rpm
c6e92b32bb20db8d058299b3da175a55  corporate/3.0/RPMS/libtiff3-3.5.7-11.7.C30mdk.i586.rpm
e104fdfdfc2e3df51e459a5e56169c41  corporate/3.0/RPMS/libtiff3-devel-3.5.7-11.7.C30mdk.i586.rpm
e725905e66036c32093aaa4b478e5c6a  corporate/3.0/RPMS/libtiff3-static-devel-3.5.7-11.7.C30mdk.i586.rpm
6bd7338ff5198c5f9edd77b31ecf7190  corporate/3.0/SRPMS/libtiff-3.5.7-11.7.C30mdk.src.rpm

CS2.1 i586

 e17fd0f6fdf37c67d7cc94223806b652  corporate/2.1/RPMS/libtiff3-3.5.7-6.2.C21mdk.i586.rpm
ae1dee85cddb636fa9126fd14e5c9384  corporate/2.1/RPMS/libtiff3-devel-3.5.7-6.2.C21mdk.i586.rpm
659cc8d21c830f379ebf92d45fe92b0c  corporate/2.1/RPMS/libtiff3-progs-3.5.7-6.2.C21mdk.i586.rpm
473e992205374da87b91cb8fdd9b6d65  corporate/2.1/RPMS/libtiff3-static-devel-3.5.7-6.2.C21mdk.i586.rpm
261d009314678a8e54d903234e53f2d5  corporate/2.1/SRPMS/libtiff-3.5.7-6.2.C21mdk.src.rpm

10.1 x86_64

 d2cec129a11f6c1181c486eed8a024ab  x86_64/10.1/RPMS/lib64tiff3-3.6.1-4.4.101mdk.x86_64.rpm
73321d2e2a109f6993c8e44879284139  x86_64/10.1/RPMS/lib64tiff3-devel-3.6.1-4.4.101mdk.x86_64.rpm
28f7ea7a0ee1954a64e0c9d1ca17f224  x86_64/10.1/RPMS/lib64tiff3-static-devel-3.6.1-4.4.101mdk.x86_64.rpm
f2c2b82c083d035f32e105437c00ef40  x86_64/10.1/RPMS/libtiff-progs-3.6.1-4.4.101mdk.x86_64.rpm
835e5009fabee9050f055d951a3d0f8a  x86_64/10.1/SRPMS/libtiff-3.6.1-4.4.101mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2452