Network Security Audits / Vulnerability Assessments by SecuritySpace

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

--------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2005-89
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
--------------------------------------------------------------------------

Original released date: 05 Sep 2005
Last revised: 05 Sep 2005

Package: libtiff

Summary: libtiff crash

More information:
    The libtiff package contains a library of functions for manipulating TIFF
    (Tagged Image File Format) image format files.
    The vulnerability in the manner in which libtiff handle a TIFF image header
    with a zero "YCbCr subsampling" value.

Impact:
    The libtiff allows remote attackers to cause a denial of service (application crash)
    via a TIFF image header with a zero "YCbCr subsampling" value.

Affected Products:
    - Turbolinux Appliance Server 1.0 Hosting Edition
    - Turbolinux Appliance Server 1.0 Workgroup Edition
    - Turbolinux 10 Server
    - Turbolinux Home
    - Turbolinux 10 F...
    - Turbolinux 10 Desktop
    - Turbolinux Multimedia
    - Turbolinux Personal
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation
    - Turbolinux 7 Server
    - Turbolinux 7 Workstation

Solution:
    Please use the turbopkg (zabom) tool to apply the update.
---------------------------------------------
[Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F...,
  Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal]
# turbopkg
or
# zabom -u libtiff libtiff-devel

[other]
# turbopkg
or
# zabom update libtiff libtiff-devel
---------------------------------------------

<Turbolinux Appliance Server 1.0 Hosting Edition>

   Source Packages
   Size: MD5

   libtiff-3.5.7-9.src.rpm
       974329 716c62f8ee32410826760de977702aed

   Binary Packages
   Size: MD5

   libtiff-3.5.7-9.i586.rpm
       316938 1cbbd8798b8862c891e8b56ba5dc74e9

<Turbolinux Appliance Server 1.0 Workgroup Edition>

   Source Packages
   Size: MD5

   libtiff-3.5.7-9.src.rpm
       974329 bc3c7fdbd294d3dd820754cbfa65a3e0

   Binary Packages
   Size: MD5

   libtiff-3.5.7-9.i586.rpm
       317083 f78bbe59828e07dda0b1a8045da33cf7
   libtiff-devel-3.5.7-9.i586.rpm
       596043 cee24e67ad70e28b9c94fed29785e1e0

<Turbolinux 10 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/libtiff-3.6.1-6.src.rpm
      1094911 2b1848890ef6d8001add75bfaf014699

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/libtiff-3.6.1-6.i586.rpm
       232954 e4d30e3fc3fd4eec4132356f2661542c
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/libtiff-debug-3.6.1-6.i586.rpm
       256635 1f99ed0e81ad961077b3eb3872bd721b
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/libtiff-devel-3.6.1-6.i586.rpm
       509801 517a91468797534b98f9e5b7ae98a87c

<Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/libtiff-3.5.7-9.src.rpm
       974329 1af536ee9d0704eef8c61c151c5c5aeb

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/libtiff-3.5.7-9.i586.rpm
       223065 41300932e1b8a51835a487a911a7f601
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/libtiff-devel-3.5.7-9.i586.rpm
       470626 5bbeeb31a7c7c1aa58ae36dc3856810b

<Turbolinux 8 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/libtiff-3.5.7-9.src.rpm
       974329 54747c18e16c67aca67442eb35251e2a

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/libtiff-3.5.7-9.i586.rpm
       317146 39aab2b70951487cbffa51053bc4a03e
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/libtiff-devel-3.5.7-9.i586.rpm
       595871 9acd20b145a134d2b09df3b1d88a638a

<Turbolinux 8 Workstation>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/libtiff-3.5.5-9.src.rpm
       920201 59a9d7ea3c10898bd0e87f5d9b926904

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/libtiff-3.5.5-9.i586.rpm
       739440 3242324bed80771cfcd4b78bb3db500b
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/libtiff-devel-3.5.5-9.i586.rpm
       632716 e3d3d0b9c2dbea2de612ac13f4eb5fd7

<Turbolinux 7 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/libtiff-3.5.5-9.src.rpm
       920201 e23f38c9efbde538305abd2f6ac9574b

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/libtiff-3.5.5-9.i586.rpm
       704071 7e46bee4a6d6387621c1a2a3e60966e0
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/libtiff-devel-3.5.5-9.i586.rpm
       622416 680c24ba4c5f8b1aed78109e2bea19b6

<Turbolinux 7 Workstation>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/libtiff-3.5.5-9.src.rpm
       920201 0d5ff757a07d7ce515232c428b7910fc

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/libtiff-3.5.5-9.i586.rpm
       704169 4f6c73d033f797fa25869ce8789faa22
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/libtiff-devel-3.5.5-9.i586.rpm
       622233 86e6cd0fe01634d683c8f54899c3884a

References:

CVE
   [CAN-2005-2452]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2452

--------------------------------------------------------------------------
Revision History
    05 Sep 2005 Initial release
--------------------------------------------------------------------------

Copyright(C) 2005 Turbolinux, Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDHB9jK0LzjOqIJMwRAiaEAKCEqzzshNhw9WLOHKkW3qg7C0b0UACeJkro
SUQ2uAxYxQHYMyM6RZWu43k=
=TSXG
-----END PGP SIGNATURE-----