Mikulas Patocka <[email protected]> schrieb:
> Hi
>
> There is a security bug in Debian Squeeze libtiff 3.9.4-5+sq.
>
> When loading corrupted images and with ElectricFence memory debugging
> enabled, programs using libtiff crash.
>
> How to reproduce: Download corrupted images from here:
> http://artax.karlin.mff.cuni.cz/~mikulas/debian-libtiff-bug/
>
> These tiff images were created by running fsfuzzer
> (http://people.redhat.com/sgrubb/files/fsfuzzer-0.7.tar.gz) over normal
> valid tiff images.
>
> Install electric-fence package from Debian.
>
> Run programs that use libtiff with electric fence, for example:
>
> LD_PRELOAD=/usr/lib/libefence.so links2 -g tiff1.tif
>
> LD_PRELOAD=/usr/lib/libefence.so xloadimage tiff1.tif
>
> LD_PRELOAD=/usr/lib/libefence.so xpaint tiff1.tif
>
> All the programs crash in TIFFReadDirectory (I tested it on amd64) --- so
> it is a bug in libtiff.
>
>
> I reproduced this bug on upstream libtiff 3.9.4, but couldn't reproduce it
> on 3.9.5, 3.9.6 or 4.0.1 --- so the bug was fixed upstream and Debian
> didn't backport it.
>
>
> BTW. how does Debian security deal with the ia32-libs package? There is a
> 32-bit version of libtiff in the package ia32-libs in
> /usr/lib32/libtiff.so.4.3.3 and it seems that it isn't being updated it at
> all !
Please file a bug against the tiff package.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
Archive: http://lists.debian.org/[email protected]
