FrSIRT - Fedora Security Update Fixes libTIFF Multiple Command Execution and DoS Vulnerabilities / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Fedora Security Update Fixes libTIFF Multiple Command Execution and DoS Vulnerabilities

Title : Fedora Security Update Fixes libTIFF Multiple Command Execution and DoS Vulnerabilities
Advisory ID : FrSIRT/ADV-2006-3122
CVE ID : CVE-2006-3459 - CVE-2006-3460 - CVE-2006-3461 - CVE-2006-3462 - CVE-2006-3463 - CVE-2006-3464 - CVE-2006-3465
Rated as : High Risk

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-08-02

Advisory Details

Description

Affected Products

Solution

References

Technical Description

Fedora has released updated packages to address multiple vulnerabilities identified in libTIFF [...]

Solution

Upgrade the affected packages :

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

e25a0090188f4a25e04b23d9dabf8618dcd5560a SRPMS/libtiff-3.7.1-6.fc4.3.src.rpm
e25a0090188f4a25e04b23d9dabf8618dcd5560a noarch/libtiff-3.7.1-6.fc4.3.src.rpm
0d920d3854947dd1b5ea6035f6462763e252d6c4 ppc/libtiff-3.7.1-6.fc4.3.ppc.rpm
f39962656b7efcc8e657427ed2ef51df590aa216 ppc/libtiff-devel-3.7.1-6.fc4.3.ppc.rpm
5f7f56f8e3c0f504a2dc5960cb5d884e54f9c349 ppc/debug/libtiff-debuginfo-3.7.1-6.fc4.3.ppc.rpm
6e45b6be8f666e508e3de4b9c30aab09b57378a2 x86_64/libtiff-3.7.1-6.fc4.3.x86_64.rpm
cee15750ace41bfa7e5a3b22d3883010a837febd x86_64/libtiff-devel-3.7.1-6.fc4.3.x86_64.rpm
9d9f9b1ceb5db2ac47667644eb5bd43944d69ea7 x86_64/debug/libtiff-debuginfo-3.7.1-6.fc4.3.x86_64.rpm
12dcfb0c2a959d9da7f581b4c1b93aca0861567d i386/libtiff-3.7.1-6.fc4.3.i386.rpm
ad5847f0d6196a9782fc72e80a1b14fabfbffa93 i386/libtiff-devel-3.7.1-6.fc4.3.i386.rpm
6d158f79ae88e9e9fe44e776064bd108532b07f9 i386/debug/libtiff-debuginfo-3.7.1-6.fc4.3.i386.rpm

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

08e4a9a8f1d7e2eaf8dbe3ffcce73e34e3192205 SRPMS/libtiff-3.7.4-8.src.rpm
08e4a9a8f1d7e2eaf8dbe3ffcce73e34e3192205 noarch/libtiff-3.7.4-8.src.rpm
60f1c0c5b77d3ddd84c89db1a8043e17e260a951 ppc/libtiff-devel-3.7.4-8.ppc.rpm
c2ccb1082dd9a15b1967a0e98958fa1a33d6b09e ppc/debug/libtiff-debuginfo-3.7.4-8.ppc.rpm
76eac08c94eec6695b5c92977dd504f77cf33002 ppc/libtiff-3.7.4-8.ppc.rpm
a5c9b6ac949b5b3726d9644dbcdc53ed83d4d0e5 x86_64/libtiff-devel-3.7.4-8.x86_64.rpm
6e27e7836a2bf1461c75a3090b449e918a76a639 x86_64/libtiff-3.7.4-8.x86_64.rpm
6a59ff695e3ed94accdd4ad03499798c28ec593e x86_64/debug/libtiff-debuginfo-3.7.4-8.x86_64.rpm
80cfbbf532055db6817364af7f6692a404441a9e i386/libtiff-devel-3.7.4-8.i386.rpm
0603b7d203d07e534d0b6796a78d22a8fa95c5a6 i386/libtiff-3.7.4-8.i386.rpm
dd1ba7e95e0d90a103c7adffabe224dc006bf01d i386/debug/libtiff-debuginfo-3.7.4-8.i386.rpm

ChangeLog

2006-08-02 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	Oracle and BEA Products Multiple Code Execution Vulnerabilities
	Oracle Products Multiple Code Execution and Security Bypass Issues
	Oracle Products Command Execution and SQL Injection Vulnerabilities
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle Database "PITRIG_DROPMETADATA" Buffer Overflow Vulnerability
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle JInitiator ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities

	Microsoft XML Core Services Multiple Remote Vulnerabilities (MS08-069)
	Microsoft Windows SMB Credential Reflection Vulnerability (MS08-068)
	Microsoft Windows Server Service Vulnerability (MS08-067)
	Microsoft Windows "afd.sys" Privilege Escalation Vulnerability (MS08-066)
	Microsoft Windows MSMQ Code Execution Vulnerability (MS08-065)
	Microsoft Windows VADs Privilege Escalation Vulnerability (MS08-064)
	Microsoft Windows SMB Code Execution Vulnerability (MS08-063)

	Mozilla Products Code Execution and Security Bypass Vulnerabilities
	Mozilla Firefox Shortcut Handlingg Information Disclosure Vulnerability
	Mozilla Products Code Execution and Security Bypass Vulnerabilities
	Mozilla Firefox for Mac OS X GIF Rendering Code Execution Vulnerability
	Mozilla Products Remote Code Execution and Security Bypass Issues
	Mozilla Products Code Execution and Injection Vulnerabilities
	Mozilla JavaScript Garbage Collector Code Execution Vulnerability