French Security Incident Response Team

FrSIRT   

      

   français French  anglais English

 
Vulnerability Notification Service
 FrSIRT Private Exploit & PoC Codes Service
 FrSIRT Partner Program
 14-Day Free Trial
Contact FrSIRT Sales Dept.
 

Security Advisories
Linux Security Advisories
Virus and Threats Advisories
Latest Security News
Latest Zero Day Threats
Security Vulnerabilities and Advisories Search Engine
 

Report a security incident
Report a new vulnerability
Security Mailinglist
 

Our Company
FrSIRT in the News
Advertise on FrSIRT.COM
Security Researchers and Exploit Writers Jobs
Contact Us

Mandriva Security Update Fixes LibTIFF Code Execution and DoS Vulnerabilities

Title : Mandriva Security Update Fixes LibTIFF Code Execution and DoS Vulnerabilities
Advisory ID : FrSIRT/ADV-2006-1663
CVE ID : CVE-2006-2024 - CVE-2006-2025 - CVE-2006-2026 - CVE-2006-2120
Rated as : High Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-05-04

Advisory Details
 
  Description
  Affected Products
  Solution
  References
Technical Description    Receive FrSIRT alerts in a Text format  Receive FrSIRT alerts in a PDF format  Receive FrSIRT alerts in an XML format  Receive FrSIRT notifications by SMS 

Mandriva has released updated packages to address multiple vulnerabilities identified in LibTIFF [...]

Solution

Upgrade the affected packages :

Mandriva Linux 10.2:
08aa5454f03ea0daaf88792f1b28492d 10.2/RPMS/libtiff3-3.6.1-11.3.102mdk.i586.rpm
edca378c1e3a3af275353828c8ba5746 10.2/RPMS/libtiff3-devel-3.6.1-11.3.102mdk.i586.rpm
de9380639ecb80528e12cdfcc9b1f506 10.2/RPMS/libtiff3-static-devel-3.6.1-11.3.102mdk.i586.rpm
6f3f3f8a152efa131e1fb1801452fc2c 10.2/RPMS/libtiff-progs-3.6.1-11.3.102mdk.i586.rpm
c8add100f4b65e0a836f4b224f75fa38 10.2/SRPMS/libtiff-3.6.1-11.3.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
70df79d86316f9935d974d8e13a87b9b x86_64/10.2/RPMS/lib64tiff3-3.6.1-11.3.102mdk.x86_64.rpm
7e514fbb60efb31fdb095a364dab688e x86_64/10.2/RPMS/lib64tiff3-devel-3.6.1-11.3.102mdk.x86_64.rpm
42a6f0ab6296f393c56425650dcb8001 x86_64/10.2/RPMS/lib64tiff3-static-devel-3.6.1-11.3.102mdk.x86_64.rpm
08aa5454f03ea0daaf88792f1b28492d x86_64/10.2/RPMS/libtiff3-3.6.1-11.3.102mdk.i586.rpm
edca378c1e3a3af275353828c8ba5746 x86_64/10.2/RPMS/libtiff3-devel-3.6.1-11.3.102mdk.i586.rpm
de9380639ecb80528e12cdfcc9b1f506 x86_64/10.2/RPMS/libtiff3-static-devel-3.6.1-11.3.102mdk.i586.rpm
cb843af331e738e4366d08c9aa10d254 x86_64/10.2/RPMS/libtiff-progs-3.6.1-11.3.102mdk.x86_64.rpm
c8add100f4b65e0a836f4b224f75fa38 x86_64/10.2/SRPMS/libtiff-3.6.1-11.3.102mdk.src.rpm

Mandriva Linux 2006.0:
b312c637a3f8eaadd3ffef2f16106c61 2006.0/RPMS/libtiff3-3.6.1-12.2.20060mdk.i586.rpm
0c78fe6412dd5d34e3be74f8e64bfcbe 2006.0/RPMS/libtiff3-devel-3.6.1-12.2.20060mdk.i586.rpm
7985656ea5af359dc92d27a8f683511c 2006.0/RPMS/libtiff3-static-devel-3.6.1-12.2.20060mdk.i586.rpm
6c9aad5364d6bbaafe838490c3de4149 2006.0/RPMS/libtiff-progs-3.6.1-12.2.20060mdk.i586.rpm
8ebe45e1b516c5422078bccdc540fb90 2006.0/SRPMS/libtiff-3.6.1-12.2.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
3741640beefd9ceb2741dd894c00c5e7 x86_64/2006.0/RPMS/lib64tiff3-3.6.1-12.2.20060mdk.x86_64.rpm
630cf4538bd6af1271128b0f842daf06 x86_64/2006.0/RPMS/lib64tiff3-devel-3.6.1-12.2.20060mdk.x86_64.rpm
cdbe7a7912cc50b3e956ed4788cdf340 x86_64/2006.0/RPMS/lib64tiff3-static-devel-3.6.1-12.2.20060mdk.x86_64.rpm
b312c637a3f8eaadd3ffef2f16106c61 x86_64/2006.0/RPMS/libtiff3-3.6.1-12.2.20060mdk.i586.rpm
0c78fe6412dd5d34e3be74f8e64bfcbe x86_64/2006.0/RPMS/libtiff3-devel-3.6.1-12.2.20060mdk.i586.rpm
7985656ea5af359dc92d27a8f683511c x86_64/2006.0/RPMS/libtiff3-static-devel-3.6.1-12.2.20060mdk.i586.rpm
c18a79a99fd471ced4b9915a3f9cd02e x86_64/2006.0/RPMS/libtiff-progs-3.6.1-12.2.20060mdk.x86_64.rpm
8ebe45e1b516c5422078bccdc540fb90 x86_64/2006.0/SRPMS/libtiff-3.6.1-12.2.20060mdk.src.rpm

Corporate 3.0:
5b1cab786292da88043f192f544711d4 corporate/3.0/RPMS/libtiff3-3.5.7-11.9.C30mdk.i586.rpm
07778376fbe909b72f11c72408802fce corporate/3.0/RPMS/libtiff3-devel-3.5.7-11.9.C30mdk.i586.rpm
2ce6f04f2ceb4e0c116b7f7a286b12e8 corporate/3.0/RPMS/libtiff3-static-devel-3.5.7-11.9.C30mdk.i586.rpm
d070d7982ab041207bb3cbed78cdfedf corporate/3.0/RPMS/libtiff-progs-3.5.7-11.9.C30mdk.i586.rpm
b1d24c6cf07a8af24f162554bc891678 corporate/3.0/SRPMS/libtiff-3.5.7-11.9.C30mdk.src.rpm

Corporate 3.0/X86_64:
28e50e45ffbd233c2613455e5e128bae x86_64/corporate/3.0/RPMS/lib64tiff3-3.5.7-11.9.C30mdk.x86_64.rpm
e43553c5fe9b72c12ba5538b4f5cae9a x86_64/corporate/3.0/RPMS/lib64tiff3-devel-3.5.7-11.9.C30mdk.x86_64.rpm
160b42be0ce2429fd6d14fca71d193a2 x86_64/corporate/3.0/RPMS/lib64tiff3-static-devel-3.5.7-11.9.C30mdk.x86_64.rpm
5b1cab786292da88043f192f544711d4 x86_64/corporate/3.0/RPMS/libtiff3-3.5.7-11.9.C30mdk.i586.rpm
2e301111d4c1920dfb9a83324492bec7 x86_64/corporate/3.0/RPMS/libtiff-progs-3.5.7-11.9.C30mdk.x86_64.rpm
b1d24c6cf07a8af24f162554bc891678 x86_64/corporate/3.0/SRPMS/libtiff-3.5.7-11.9.C30mdk.src.rpm

Multi Network Firewall 2.0:
7f6bd8706a7b6ffc36649aad2f4e199d mnf/2.0/RPMS/libtiff3-3.5.7-11.9.M20mdk.i586.rpm
320c31cfb0f44f1d3b43baf8f486e260 mnf/2.0/SRPMS/libtiff-3.5.7-11.9.M20mdk.src.rpm

ChangeLog

2006-05-04 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.
 
 

Search
      

Mailinglist
    
 

Mozilla Products Code Execution and Security Bypass Vulnerabilities

Mozilla Firefox Shortcut Handlingg Information Disclosure Vulnerability

Mozilla Products Code Execution and Security Bypass Vulnerabilities

Mozilla Firefox for Mac OS X GIF Rendering Code Execution Vulnerability

Mozilla Products Remote Code Execution and Security Bypass Issues

Mozilla Products Code Execution and Injection Vulnerabilities

Mozilla JavaScript Garbage Collector Code Execution Vulnerability

Sun Logical Domain Manager Local Privilege Escalation Vulnerability

Sun StarOffice/StarSuite EMF Handling Buffer Overflow Vulnerability

Sun Java Messaging Server Cross Site Scripting Vulnerability

Sun Solaris IP Filter NAT Service DNS Cache Poisoning Vulnerability

Sun Java System Identity Manager Security Bypass Vulnerabilities

Sun Solaris DHCP Buffer Overflow and Denial of Service

Sun Solstice X.25 "/dev/xty" Local Denial of Service Vulnerability

Cisco IOS/CatOS VLAN Trunking Protocol DoS Vulnerability

Cisco PIX and ASA Security Bypass and Denial of Service

Cisco Unity Security Bypass and Denial of Service

Cisco UCM SIP Remote Denial of Service

Cisco IOS Denial of Service and Security Bypass Vulnerabilities

Cisco PIX and ASA Information Disclosure and DoS Vulnerabilities

Cisco Secure ACS EAP Remote Denial Of Service Vulnerability

Copyright 2003-2008 © FrSIRT.COM - Privacy Policy