首页 -> 安全研究

安全研究

安全漏洞
Libtiff图形库多个安全漏洞

发布日期:2006-08-02
更新日期:2006-08-04

受影响系统:
Apple Mac OS X 10.4.7
Apple Mac OS X 10.3.9
Apple MacOS X Server 10.4.7
Apple MacOS X Server 10.3.9
Debian Linux 3.1
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1
RedHat Enterprise Linux AS 4
RedHat Enterprise Linux AS 3
RedHat Enterprise Linux AS 2.1
LibTIFF LibTIFF <= 3.8.2
描述:
BUGTRAQ  ID: 19282,19283,19284,19286,19287,19288,19290
CVE(CAN) ID: CVE-2006-3459,CVE-2006-3460,CVE-2006-3461,CVE-2006-3462,CVE-2006-3463,CVE-2006-3464,CVE-2006-3465

LibTiff是负责对TIFF图象格式进行编码/解码的应用库。

TIFF库中存在多个安全漏洞,具体如下:

CVE-2006-3459

多个栈溢出漏洞可能允许执行任意代码。

CVE-2006-3460

JPEG解码器中存在堆溢出漏洞。

CVE-2006-3461

PixarLog解码器中存在堆溢出漏洞。

CVE-2006-3462

NeXT RLE解码器中存在堆溢出漏洞。

CVE-2006-3463

循环中16位的无符短型用于迭代32位的无符值,因此循环不会终止,导致死循环。

CVE-2006-3464

libtiff中存在多个未经检查的算术操作,包括用于确保TIFF目录中所指定偏移合法性的各种操作。

CVE-2006-3465

libtiff自定义标签支持中的漏洞可能导致异常、崩溃或执行任意代码。

<*来源:Tavis Ormandy (taviso@gentoo.org
  
  链接:http://docs.info.apple.com/article.html?artnum=304063
        http://lwn.net/Alerts/194067
        http://www.debian.org/security/2006/dsa-1137
*>

建议:
厂商补丁:

Apple
-----
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

* Apple SecUpdSrvr2006-004Pan.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=11231&cat=1&platform=osx&method=sa/SecUpdSrvr2006-004Pan.dmg

* Apple SecUpd2006-004Pan.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=11230&cat=1&platform=osx&method=sa/SecUpd2006-004Pan.dmg
    
* Apple SecUpd2006-004Intel.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=11232&cat=1&platform=osx&method=sa/SecUpd2006-004Intel.dmg

Debian
------
Debian已经为此发布了一个安全公告(DSA-1137-1)以及相应补丁:
DSA-1137-1:New tiff packages fix several vulnerabilities
链接:http://www.debian.org/security/2005/dsa-1137

补丁下载:

Source archives:

http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2-7.dsc
Size/MD5 checksum:      736 ce0ffb8cdd1130153deaefa8b59abe81
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2-7.diff.gz
Size/MD5 checksum:    17174 ff485016221ededfc8ce649538322211
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2.orig.tar.gz
Size/MD5 checksum:  1252995 221679f6d5c15670b3c242cbfff79a00

Alpha architecture:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_alpha.deb
Size/MD5 checksum:    47112 a4f7feea087ba03a84f745ee79a7ff56
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_alpha.deb
Size/MD5 checksum:   243840 f7abb618f36082be959f6e3c9a99cf8f
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_alpha.deb
Size/MD5 checksum:   479064 c137c6857ed320928f182115fbd94b21
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_alpha.deb
Size/MD5 checksum:   311206 c202ef6404c23ea7dc999c03e586c07f
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_alpha.deb
Size/MD5 checksum:    41228 53c5979e8c2556e5a19607c19e862368

AMD64 architecture:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_amd64.deb
Size/MD5 checksum:    46036 bc6d0c7db57a1dcae4b8dd65b4640243
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_amd64.deb
Size/MD5 checksum:   218060 d09ef1de8b31f074d2f05c7522858cf1
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_amd64.deb
Size/MD5 checksum:   459964 8be097d74ac788d87a8358b8f9e68d79
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_amd64.deb
Size/MD5 checksum:   267872 cc0a4241cd53de29b561286fcd91cf2c
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_amd64.deb
Size/MD5 checksum:    40804 136bc49ad0c85dc6fa9f61242cf97c05

ARM architecture:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_arm.deb
Size/MD5 checksum:    45536 0253b94c6f94a33c9942568f9093fedd
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_arm.deb
Size/MD5 checksum:   208630 45e2ef6af43bfbddb4aee00b659d287a
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_arm.deb
Size/MD5 checksum:   454194 354e1b4560b4a407c4b4faf5d2555b20
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_arm.deb
Size/MD5 checksum:   266148 f535b441d81a7786815d954c843b9c81
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_arm.deb
Size/MD5 checksum:    40304 fcd0980c8fc2dedaa8a6380e0d4736bd

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_i386.deb
Size/MD5 checksum:    45400 e51d8f157a2ef94cbc4e893f756be29a
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_i386.deb
Size/MD5 checksum:   206412 69a3c66b2c9733653e6e7f667ab260b3
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_i386.deb
Size/MD5 checksum:   453078 267f8f361f0dc87f40c8bc37d4785f57
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_i386.deb
Size/MD5 checksum:   252412 5720af1515d6c9ce04f0e7abea045955
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_i386.deb
Size/MD5 checksum:    40850 18710ba8ae073bd5a6e7b3c299cbae23

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_ia64.deb
Size/MD5 checksum:    48512 c57280d747f62859c4477a0f1dcbcfef
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_ia64.deb
Size/MD5 checksum:   269156 277ad4a79cd2148991134c6ed8c029fe
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_ia64.deb
Size/MD5 checksum:   511782 4b64fd28c917e7e2e158c7244cfc892d
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_ia64.deb
Size/MD5 checksum:   331790 614a46318d671800caab21e26df9c1bf
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_ia64.deb
Size/MD5 checksum:    42450 af80a3234e174d9f15bbb4e68d2b558f

HP Precision architecture:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_hppa.deb
Size/MD5 checksum:    46846 e863b11db8f25a221776ea306eeb1539
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_hppa.deb
Size/MD5 checksum:   230316 9ccb777cf49096a2dabf144de609b83c
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_hppa.deb
Size/MD5 checksum:   473764 6938692095c40fba1f5feca1efd243a8
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_hppa.deb
Size/MD5 checksum:   282648 68ffb8ebaac2404aa1f9a709e83abfc6
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_hppa.deb
Size/MD5 checksum:    41476 4327a6e2887ab7d5bb69d0476186d69e

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_m68k.deb
Size/MD5 checksum:    45408 e33d428b54a5776181803c28475e2a30
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_m68k.deb
Size/MD5 checksum:   193578 d7f3db57205002a50354df9cc1e74767
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_m68k.deb
Size/MD5 checksum:   443280 2e982f2b17745777ff6e249f627b1b4c
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_m68k.deb
Size/MD5 checksum:   235056 c362aaa8589f44a3dc533143c37fd16b
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_m68k.deb
Size/MD5 checksum:    40450 279a59887fd7a90b9d92415a07fe87f1

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_mips.deb
Size/MD5 checksum:    46300 c26b165f7098aa083170b90c8002406e
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_mips.deb
Size/MD5 checksum:   252404 77b6d4382ee49bab1d3b94ea69d3bd88
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_mips.deb
Size/MD5 checksum:   459088 34e8d02f8bac8bc4b059bc36109dda66
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_mips.deb
Size/MD5 checksum:   281156 c2bf726c93de2c1ce1cb289d65fec892
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_mips.deb
Size/MD5 checksum:    41086 85b8389df1df050f12fd87488ab46c02

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_mipsel.deb
Size/MD5 checksum:    46256 8a1cc8fbd9e7679f2ec722f46a300fe1
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_mipsel.deb
Size/MD5 checksum:   252820 876a24a6b4b49d19eb2d425f7271528e
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_mipsel.deb
Size/MD5 checksum:   459392 f1d09bb13a31f8ec73922f50d538b073
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_mipsel.deb
Size/MD5 checksum:   280986 eff50ab58f511148d9d56ecbbc02c162
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_mipsel.deb
Size/MD5 checksum:    41066 7490a101b2de00f6f458359f64b05daa

PowerPC architecture:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_powerpc.deb
Size/MD5 checksum:    47462 3eaaac85e15b48dd1add1fb314de9b74
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_powerpc.deb
Size/MD5 checksum:   235624 2d13e7c1769aab6d8a051817009d10ca
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_powerpc.deb
Size/MD5 checksum:   461300 94dddf225b2130da2daca1ec54b2c0b0
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_powerpc.deb
Size/MD5 checksum:   272868 0517f72923504549f4acf0fab1e1924f
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_powerpc.deb
Size/MD5 checksum:    42658 9dd0f68f37713263bc9a729d7216b35f

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_s390.deb
Size/MD5 checksum:    46422 039bfe0dde0063b276a57c1414a6d9ca
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_s390.deb
Size/MD5 checksum:   214056 b87d71aa653f45726d3b4ecd60b226b3
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_s390.deb
Size/MD5 checksum:   466474 6b6e2dd8152760e65d2af459deac62fc
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_s390.deb
Size/MD5 checksum:   267648 fc8d5662348991874f47953f20102b38
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_s390.deb
Size/MD5 checksum:    41078 090b4edea314fadf183bb31fd891be34

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_sparc.deb
Size/MD5 checksum:    45706 955588f87bf3796b962c6f18ad5ecbb3
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_sparc.deb
Size/MD5 checksum:   205502 710eb39e993e988dcc1abc5cefd2f559
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_sparc.deb
Size/MD5 checksum:   455492 76e4acd2000175c52d60f6b6f53aaa25
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_sparc.deb
Size/MD5 checksum:   258764 c33aacda7a8162ff5ba7fd9399e347a6
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_sparc.deb
Size/MD5 checksum:    40806 cefaef4ab3ed03fdeeec97a40081721f

补丁安装方法:

1. 手工安装补丁包:

  首先,使用下面的命令来下载补丁软件:
  # wget url  (url是补丁下载链接地址)

  然后,使用下面的命令来安装补丁:  
  # dpkg -i file.deb (file是相应的补丁名)

2. 使用apt-get自动安装补丁包:

   首先,使用下面的命令更新内部数据库:
   # apt-get update
  
   然后,使用下面的命令安装更新软件包:
   # apt-get upgrade

RedHat
------
http://www.debian.org/security/2006/dsa-1137

浏览次数:3333
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障
关于我们
公司介绍
公司荣誉
公司新闻
联系我们
公司总部
分支机构
海外机构
快速链接
绿盟云
绿盟威胁情报中心NTI
技术博客