Nom du paquet
libtiff
Date
2006-06-05
Advisory ID
MDKSA-2006:095
Affected versions
2006.0 i586 , 10.2 i586 , CS3.0 x86_64 , CS3.0 i586 , 10.2 x86_64 , 2006.0 x86_64

Problem description

A stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2
and earlier might might allow attackers to execute arbitrary code via a
long filename.

NOTE: tiffsplit is not setuid, and there may not be a common scenario under
which tiffsplit is called with attacker-controlled command line arguments.

The updated packages have been patched to correct this issue.

Updated packages

2006.0 i586

 d2da30628db3bbfd189e50d138e98ea4  2006.0/RPMS/libtiff3-3.6.1-12.3.20060mdk.i586.rpm
 c979002e80fa295f3392ce07333f83ab  2006.0/RPMS/libtiff3-devel-3.6.1-12.3.20060mdk.i586.rpm
 88486341b90203b68e664f8a56ed740f  2006.0/RPMS/libtiff3-static-devel-3.6.1-12.3.20060mdk.i586.rpm
 760d13e92ff1a25e10d822908e450e18  2006.0/RPMS/libtiff-progs-3.6.1-12.3.20060mdk.i586.rpm
 08e664ab32e12343f172896e7deed4ee  2006.0/SRPMS/libtiff-3.6.1-12.3.20060mdk.src.rpm

10.2 i586

 e356958f9c56b4ce0baac1f887e558c7  10.2/RPMS/libtiff3-3.6.1-11.4.102mdk.i586.rpm
 788a65c8f43f17e4c27e6dddfedbe199  10.2/RPMS/libtiff3-devel-3.6.1-11.4.102mdk.i586.rpm
 bab3512cd0b0574df7306f3d3b2f9c08  10.2/RPMS/libtiff3-static-devel-3.6.1-11.4.102mdk.i586.rpm
 d4df17ea2b32ab87abbc3e6434f3e182  10.2/RPMS/libtiff-progs-3.6.1-11.4.102mdk.i586.rpm
 58c68115b9dca1560dbaab7501fa56e5  10.2/SRPMS/libtiff-3.6.1-11.4.102mdk.src.rpm

CS3.0 x86_64

 156844705884d12ca65f5d636445398e  x86_64/corporate/3.0/RPMS/lib64tiff3-3.5.7-11.10.C30mdk.x86_64.rpm
 4b61f0dd365cac4307aff60957c25aeb  x86_64/corporate/3.0/RPMS/lib64tiff3-devel-3.5.7-11.10.C30mdk.x86_64.rpm
 9f4d1714e078864e2f63f6ea4510cae3  x86_64/corporate/3.0/RPMS/lib64tiff3-static-devel-3.5.7-11.10.C30mdk.x86_64.rpm
 08c2688f83c54120cf0440f18dd139c2  x86_64/corporate/3.0/RPMS/libtiff3-3.5.7-11.10.C30mdk.i586.rpm
 2cf52c985a86cbbc84538c7ce247c0fc  x86_64/corporate/3.0/RPMS/libtiff-progs-3.5.7-11.10.C30mdk.x86_64.rpm
 cdff1055d197c758f534e8b4d6599702  x86_64/corporate/3.0/SRPMS/libtiff-3.5.7-11.10.C30mdk.src.rpm

CS3.0 i586

 08c2688f83c54120cf0440f18dd139c2  corporate/3.0/RPMS/libtiff3-3.5.7-11.10.C30mdk.i586.rpm
 d2a6a62d1a1f27f79a5df3af6b7471bc  corporate/3.0/RPMS/libtiff3-devel-3.5.7-11.10.C30mdk.i586.rpm
 ef6ecfa50b8490e0086f840cbe9f60bb  corporate/3.0/RPMS/libtiff3-static-devel-3.5.7-11.10.C30mdk.i586.rpm
 5b9b9ba8455fd16fffaf8d2877caa417  corporate/3.0/RPMS/libtiff-progs-3.5.7-11.10.C30mdk.i586.rpm
 cdff1055d197c758f534e8b4d6599702  corporate/3.0/SRPMS/libtiff-3.5.7-11.10.C30mdk.src.rpm

10.2 x86_64

 1b9ec065ec8ff0c115fef2a02844b731  x86_64/10.2/RPMS/lib64tiff3-3.6.1-11.4.102mdk.x86_64.rpm
 6b940c1ed1452426e89d24b4ee7ba4a5  x86_64/10.2/RPMS/lib64tiff3-devel-3.6.1-11.4.102mdk.x86_64.rpm
 e315d4c99387b0907f1b327ad25f41a0  x86_64/10.2/RPMS/lib64tiff3-static-devel-3.6.1-11.4.102mdk.x86_64.rpm
 e356958f9c56b4ce0baac1f887e558c7  x86_64/10.2/RPMS/libtiff3-3.6.1-11.4.102mdk.i586.rpm
 788a65c8f43f17e4c27e6dddfedbe199  x86_64/10.2/RPMS/libtiff3-devel-3.6.1-11.4.102mdk.i586.rpm
 bab3512cd0b0574df7306f3d3b2f9c08  x86_64/10.2/RPMS/libtiff3-static-devel-3.6.1-11.4.102mdk.i586.rpm
 700da33c16257916229a0ce96fbc8d98  x86_64/10.2/RPMS/libtiff-progs-3.6.1-11.4.102mdk.x86_64.rpm
 58c68115b9dca1560dbaab7501fa56e5  x86_64/10.2/SRPMS/libtiff-3.6.1-11.4.102mdk.src.rpm

2006.0 x86_64

 0f030fe466df0b320da290ff091219cf  x86_64/2006.0/RPMS/lib64tiff3-3.6.1-12.3.20060mdk.x86_64.rpm
 97d32c411a051b6888e56822b60ffac0  x86_64/2006.0/RPMS/lib64tiff3-devel-3.6.1-12.3.20060mdk.x86_64.rpm
 70641ce6e7ee9d991cf93c6eda2ee5d9  x86_64/2006.0/RPMS/lib64tiff3-static-devel-3.6.1-12.3.20060mdk.x86_64.rpm
 d2da30628db3bbfd189e50d138e98ea4  x86_64/2006.0/RPMS/libtiff3-3.6.1-12.3.20060mdk.i586.rpm
 c979002e80fa295f3392ce07333f83ab  x86_64/2006.0/RPMS/libtiff3-devel-3.6.1-12.3.20060mdk.i586.rpm
 88486341b90203b68e664f8a56ed740f  x86_64/2006.0/RPMS/libtiff3-static-devel-3.6.1-12.3.20060mdk.i586.rpm
 a38cba2f7bafea266af58ffa2934f70b  x86_64/2006.0/RPMS/libtiff-progs-3.6.1-12.3.20060mdk.x86_64.rpm
 08e664ab32e12343f172896e7deed4ee  x86_64/2006.0/SRPMS/libtiff-3.6.1-12.3.20060mdk.src.rpm

References