FrSIRT - Fedora Security Update Fixes LibTIFF Code Execution and DoS Vulnerabilities / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Fedora Security Update Fixes LibTIFF Code Execution and DoS Vulnerabilities

Title : Fedora Security Update Fixes LibTIFF Code Execution and DoS Vulnerabilities
Advisory ID : FrSIRT/ADV-2006-1619
CVE ID : CVE-2006-2024 - CVE-2006-2025 - CVE-2006-2026
Rated as : High Risk

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-05-03

Advisory Details

Description

Affected Products

Solution

References

Technical Description

Fedora has released updated packages to address multiple vulnerabilities identified in LibTIFF [...]

Solution

Upgrade the affected packages :

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

fc85fc083881e06fdeece647aeb98a2e9b2f7952 SRPMS/libtiff-3.7.1-6.fc4.1.src.rpm
e2db5abb2efd165434e20d29b99154c37566edf6 ppc/libtiff-3.7.1-6.fc4.1.ppc.rpm
74b40fd554620c1aa5d9b4920761fccbdc8f2bb6 ppc/libtiff-devel-3.7.1-6.fc4.1.ppc.rpm
0f1fcc2bb8973859cc8e00a4900ea82782f63c1c ppc/debug/libtiff-debuginfo-3.7.1-6.fc4.1.ppc.rpm
63321e57b0445da06864815c675eb6d2eef7c3bc x86_64/libtiff-3.7.1-6.fc4.1.x86_64.rpm
2c96cf3bfb814830e6f3fc8ac573a3b90732b653 x86_64/libtiff-devel-3.7.1-6.fc4.1.x86_64.rpm
94968b95b8798b173a23ba6b7b449b213195a20a x86_64/debug/libtiff-debuginfo-3.7.1-6.fc4.1.x86_64.rpm
6c362bcbc13becdd3cb7a91ecd272bd260564d04 i386/libtiff-3.7.1-6.fc4.1.i386.rpm
6a89ec5b0e4a6945ebef4f2a0c310f3f5104964b i386/libtiff-devel-3.7.1-6.fc4.1.i386.rpm
b2f21b90d05b9b508213e7461185098cb1adcba0 i386/debug/libtiff-debuginfo-3.7.1-6.fc4.1.i386.rpm

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

f10f9f02eeed876e595757f26b7001f89d429acd SRPMS/libtiff-3.7.4-4.src.rpm
63df5887d2e5eef6e5825c31becdd2a3fd4ac331 ppc/libtiff-3.7.4-4.ppc.rpm
1c918c481ba1424d23487481a1746ce2e2a351cc ppc/libtiff-devel-3.7.4-4.ppc.rpm
64536d586ab9b70544b3030e4ca7cd0cfbd92408 ppc/debug/libtiff-debuginfo-3.7.4-4.ppc.rpm
e67065b4eff65172ea28cb52fcb74dc8a51f9e9d x86_64/libtiff-3.7.4-4.x86_64.rpm
0a96584fb47408728abc6f0c4856f4eb22f90f96 x86_64/libtiff-devel-3.7.4-4.x86_64.rpm
c6816dcc190d212a929ca208e4dd09a9ae384062 x86_64/debug/libtiff-debuginfo-3.7.4-4.x86_64.rpm
10a8510cf5b10ca29df0d046bc41ca551b87828d i386/libtiff-3.7.4-4.i386.rpm
1e9d034a1331234afeed76134b9eef4bc4f00f8b i386/libtiff-devel-3.7.4-4.i386.rpm
c9d13d1a6523a044393f97daff65653888a0c046 i386/debug/libtiff-debuginfo-3.7.4-4.i386.rpm

ChangeLog

2006-05-03 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	IBM AIX Multiple Command Local Privilege Escalation Vulnerabilities
	IBM AIX Sendmail Header Lines Denial of Service Vulnerability
	IBM Metrica Multiple Parameter Cross Site Scripting Vulnerabilities
	IBM Lotus Quickr Unspecified Cross Site Scripting Vulnerabilities
	IBM Hardware Management Console Denial of Service Vulnerability
	IBM Tivoli Storage Manager Client Buffer Overflow Vulnerability
	IBM DB2 Denial of Service and Information Disclosure Vulnerabilities

	Microsoft XML Core Services Multiple Remote Vulnerabilities (MS08-069)
	Microsoft Windows SMB Credential Reflection Vulnerability (MS08-068)
	Microsoft Windows Server Service Vulnerability (MS08-067)
	Microsoft Windows "afd.sys" Privilege Escalation Vulnerability (MS08-066)
	Microsoft Windows MSMQ Code Execution Vulnerability (MS08-065)
	Microsoft Windows VADs Privilege Escalation Vulnerability (MS08-064)
	Microsoft Windows SMB Code Execution Vulnerability (MS08-063)

	Oracle and BEA Products Multiple Code Execution Vulnerabilities
	Oracle Products Multiple Code Execution and Security Bypass Issues
	Oracle Products Command Execution and SQL Injection Vulnerabilities
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle Database "PITRIG_DROPMETADATA" Buffer Overflow Vulnerability
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle JInitiator ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities