---

Home Security

Advisories, August 4, 2006

By

Debian GNU/Linux

Debian Security Advisory DSA 1135-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
August 2nd, 2006 http://www.debian.org/security/faq

Package : libtunepimp
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE ID : CVE-2006-3600
BugTraq ID : 18961
Debian Bug : 378091

Kevin Kofler discovered several stack-based buffer overflows in
the LookupTRM::lookup function in libtunepimp, a MusicBrainz
tagging library, which allows remote attacers to cause a denial of
service or execute arbitrary code.

For the stable distribution (sarge) these problems have been
fixed in version 0.3.0-3sarge2.

For the unstable distribution (sid) these problems have been
fixed in version 0.4.2-4.

We recommend that you upgrade your libtunepimp packages.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp_0.3.0-3sarge2.dsc

      Size/MD5 checksum: 1030
9a4920fa648987c785ca7a90389e26d2
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp_0.3.0-3sarge2.diff.gz

      Size/MD5 checksum: 6370
7398c09a7d071ae47a47d8cf439f98f4
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp_0.3.0.orig.tar.gz

      Size/MD5 checksum: 524889
f1f506914150c4917ec730f847ad4709

Alpha architecture:

    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_alpha.deb

      Size/MD5 checksum: 24890
2978735432d84c89ae7298388469f45b
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_alpha.deb

      Size/MD5 checksum: 69628
caebe7ed98abb9434b8271a6a60bbcf3
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_alpha.deb

      Size/MD5 checksum: 183756
59e0e4beba76a472ab2871ff560e43db
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_alpha.deb

      Size/MD5 checksum: 400968
14a5497f7e5a29c7428051f9ac1197db
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_alpha.deb

      Size/MD5 checksum: 7514
ed92833051c36f1834d4c2e8431a995b
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_alpha.deb

      Size/MD5 checksum: 36986
3f20bf702c8afd5c515caedb3577d7c4
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_alpha.deb

      Size/MD5 checksum: 37012
b397a318bf98a9b8a66e92d813ec1417

AMD64 architecture:

    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_amd64.deb

      Size/MD5 checksum: 22574
ab767e6a192e3435808cdc3c0f2eba10
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_amd64.deb

      Size/MD5 checksum: 64662
2b13c0f10121799469f5918b9457816c
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_amd64.deb

      Size/MD5 checksum: 167846
c8a9826ed526df5f0b3db91671e86ff8
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_amd64.deb

      Size/MD5 checksum: 309342
989a04b1b26449ccef4534d3b573da3f
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_amd64.deb

      Size/MD5 checksum: 7062
3f59546ad6171eb57027961425008dda
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_amd64.deb

      Size/MD5 checksum: 35350
85910d25472fd6cd765c5ec70eaec73a
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_amd64.deb

      Size/MD5 checksum: 35350
ac75587d5816b4b7f4a8c297960c58de

ARM architecture:

    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_arm.deb

      Size/MD5 checksum: 21328
f0edf637f04bc0569f7d817f7ac4c15f
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_arm.deb

      Size/MD5 checksum: 60078
11945b07935b831ebc12850951da1814
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_arm.deb

      Size/MD5 checksum: 252294
1dc8ce3cacbafd0e7724c25534e8c2ac
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_arm.deb

      Size/MD5 checksum: 429780
d4025de16da2eeba4daf3b8c373a1972
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_arm.deb

      Size/MD5 checksum: 7494
4bbe28e891a9bbcc4e45f7b0fcaf3a18
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_arm.deb

      Size/MD5 checksum: 30692
deec987c46ef0036daf8da7950250beb
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_arm.deb

      Size/MD5 checksum: 30704
e80752d9804d728e54cc21f213ebbc85

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_i386.deb

      Size/MD5 checksum: 21680
0a120ab21f78a77bb59cb99ca1eb1b8f
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_i386.deb

      Size/MD5 checksum: 64192
65733e6e2b007c958edddbaa2297ed8c
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_i386.deb

      Size/MD5 checksum: 172848
aae66182b0509ed6e9b9ef8fc1efe8e9
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_i386.deb

      Size/MD5 checksum: 295464
bfab73e38dd99e38b6ed3ebc7872521c
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_i386.deb

      Size/MD5 checksum: 7384
6b0279cb428e28f0c25936f90c171e7e
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_i386.deb

      Size/MD5 checksum: 32342
815c12dc0d0bda96bcc3e9e667acdfb1
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_i386.deb

      Size/MD5 checksum: 32346
ead31d0b6cd458c681bee2d4fc894df0

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_ia64.deb

      Size/MD5 checksum: 27032
4b4867843c38aec3e7d7cab211c50180
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_ia64.deb

      Size/MD5 checksum: 70892
51a6fc495685aa15bca597ba5d49481d
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_ia64.deb

      Size/MD5 checksum: 229114
30d7dd79ef08c59c3dccc707ed4c4149
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_ia64.deb

      Size/MD5 checksum: 404248
4417640aa53c74f2316f117788382668
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_ia64.deb

      Size/MD5 checksum: 7540
86e56a9b5ba5ebac8e1ce08415c81e5c
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_ia64.deb

      Size/MD5 checksum: 41274
5d65583580941d6267755c95bacd6041
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_ia64.deb

      Size/MD5 checksum: 41290
af3f7132986f4f4eea952b6bf48ab86b

HP Precision architecture:

    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_hppa.deb

      Size/MD5 checksum: 23038
70f7ff16fa268b83ec8112ea0943eef7
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_hppa.deb

      Size/MD5 checksum: 71002
d4b412a8e7367cbddde555e8bc12b5c4
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_hppa.deb

      Size/MD5 checksum: 202392
b45edc22062afbc716299c70bbde5e62
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_hppa.deb

      Size/MD5 checksum: 372742
113319297131816655e0b4e9884c0512
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_hppa.deb

      Size/MD5 checksum: 7388
90e1630a60eebc1316185ad3f17ecfc2
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_hppa.deb

      Size/MD5 checksum: 37312
9a1702305b151cc90c33fd037d211c40
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_hppa.deb

      Size/MD5 checksum: 37322
e664954cc2797cb6b982234f36a947fc

Motorola 680×0 architecture:

    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_m68k.deb

      Size/MD5 checksum: 21260
ad6086a9b25ca8d5fde4dbc23ce9c692
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_m68k.deb

      Size/MD5 checksum: 65180
ecaf5f32f118c3bea03ee72feb3a706a
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_m68k.deb

      Size/MD5 checksum: 173120
94856cac57d86e7a03e3809965f0e788
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_m68k.deb

      Size/MD5 checksum: 294810
7f8a76aabf519488b7e6f566a80cbac4
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_m68k.deb

      Size/MD5 checksum: 7362
b4328d4446b3ac504452637a6fe6bd08
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_m68k.deb

      Size/MD5 checksum: 33760
6fad71c1af6746f309fbe8ba2a6eebbe
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_m68k.deb

      Size/MD5 checksum: 33790
10d2cbfb58b42889a2c163851e99751b

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_mips.deb

      Size/MD5 checksum: 23990
dcda0902f1c1124f03e9120ebfde0bfd
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_mips.deb

      Size/MD5 checksum: 41350
f7f8f4a0b7c25c235c6b9d8dad1d9d9c
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_mips.deb

      Size/MD5 checksum: 161176
b7d6241896195d7f314a439b372b127e
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_mips.deb

      Size/MD5 checksum: 327600
eafb77ad18b8856fe45476197067b8e2
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_mips.deb

      Size/MD5 checksum: 7488
b93b17c16646f9d2c43d3b713f0e414e
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_mips.deb

      Size/MD5 checksum: 30832
51f3c2b19ec9e12feca6094bfc1c234c
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_mips.deb

      Size/MD5 checksum: 30830
075f88566e8bd20c7035ccb6bd5c75c1

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_mipsel.deb

      Size/MD5 checksum: 24010
948df50ac97f84a3e87915cf8e2e1227
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_mipsel.deb

      Size/MD5 checksum: 41174
58740675d89c0d3790ec8911e465e101
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_mipsel.deb

      Size/MD5 checksum: 159904
17004743326aa4116d39a51f71205d10
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_mipsel.deb

      Size/MD5 checksum: 327466
227c0388ec56c7d150d0155ae37c4e70
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_mipsel.deb

      Size/MD5 checksum: 7506
bee85b2381fb78193452dd0b59a6ecae
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_mipsel.deb

      Size/MD5 checksum: 30530
061f243e1eca9e6f26ef812964907a74
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_mipsel.deb

      Size/MD5 checksum: 30550
d3e03c3944ecc11589d63c9f9cfed9f2

PowerPC architecture:

    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_powerpc.deb

      Size/MD5 checksum: 24732
c9c38d154af36ad28637c763f8dcd117
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_powerpc.deb

      Size/MD5 checksum: 65578
99ab71a5594f3f69c3e375da379dc530
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_powerpc.deb

      Size/MD5 checksum: 163704
8f7a6aa6a353144c23a8eed9d364251e
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_powerpc.deb

      Size/MD5 checksum: 313058
e4b4d41dcea114933b79a2f0acf1e933
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_powerpc.deb

      Size/MD5 checksum: 7540
0a87f9037368c2326618c4fca8420823
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_powerpc.deb

      Size/MD5 checksum: 34964
2a29738183724ddf8088457795a57044
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_powerpc.deb

      Size/MD5 checksum: 34974
195aaf1a53f0419a6333e49e91b0b2cc

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_s390.deb

      Size/MD5 checksum: 22526
1193ac69323d7c312cd75793087c91b9
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_s390.deb

      Size/MD5 checksum: 47592
e072c4b460e330972eecc8056ffdf62e
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_s390.deb

      Size/MD5 checksum: 164408
bacc4965dccb7825f71a52bf61216168
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_s390.deb

      Size/MD5 checksum: 293254
68deddeeff41080b0e13a8cab173dad0
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_s390.deb

      Size/MD5 checksum: 7492
1d23ac5ea74763a38833f933141dd0fa
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_s390.deb

      Size/MD5 checksum: 37268
2cf940107c56c3864fa97013bd21598b
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_s390.deb

      Size/MD5 checksum: 37252
ac915f3997f66e4c6a94ecee7c6cca37

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_sparc.deb

      Size/MD5 checksum: 21478
93b66545509e935ce3a8be05e71a93c5
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_sparc.deb

      Size/MD5 checksum: 64890
2bfba94ca4422855510dfd2cbdc6ce02
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_sparc.deb

      Size/MD5 checksum: 163392
a65569a7c43e112ab422e0624a1e4bcb
    http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_sparc.deb

      Size/MD5 checksum: 299368
c2075aa76dac67ab7c82196ae30a63c4
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_sparc.deb

      Size/MD5 checksum: 7518
9d9f6ecf4323f7416adb06ccc22c5533
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_sparc.deb

      Size/MD5 checksum: 33272
a604ebd85536a7de80d1015114047451
    http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_sparc.deb

      Size/MD5 checksum: 33280
3d50a7091fb5ed0038956a81c0bfd828

These files will probably be moved into the stable distribution
on its next update.

Debian Security Advisory DSA 1136-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
August 2nd, 2006 http://www.debian.org/security/faq

Package : gpdf
Vulnerability : wrong input sanitising
Problem type : local (remote)
Debian-specific: no
CVE ID : CVE-2005-2097
BugTraq ID : 14529
Debian Bug : 334454

“infamous41md” and Chris Evans discovered several heap based
buffer overflows in xpdf, the Portable Document Format (PDF) suite,
which are also present in gpdf, the viewer with Gtk bindings, and
which can lead to a denial of service by crashing the application
or possibly to the execution of arbitrary code.

For the stable distribution (sarge) these problems have been
fixed in version 2.8.2-1.2sarge5.

For the unstable distribution (sid) these problems have been
fixed in version 2.10.0-4.

We recommend that you upgrade your gpdf package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge5.dsc

      Size/MD5 checksum: 1663
d7cd341afa44a55b1d6b6e177506df73
    http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge5.diff.gz

      Size/MD5 checksum: 37001
4c0f08229d68b89376f1dafbd2785602
    http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2.orig.tar.gz

      Size/MD5 checksum: 1245535
5ceb66aa95e51c4e1d6e10cb29560ff9

Alpha architecture:

    http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge5_alpha.deb

      Size/MD5 checksum: 868192
a1165a52e231ad0d7288956259f6dac1

AMD64 architecture:

    http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge5_amd64.deb

      Size/MD5 checksum: 795826
b77396935f929046e71688cf6c803718

ARM architecture:

    http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge5_arm.deb

      Size/MD5 checksum: 781744
4bd8fcb7aa0e8d8073f9c834f492273e

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge5_i386.deb

      Size/MD5 checksum: 782022
6e3c2f14a9f79a0fa8d6c7146329cf55

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge5_ia64.deb

      Size/MD5 checksum: 958464
f60ab132197b6451be37e95c7b0802f6

HP Precision architecture:

    http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge5_hppa.deb

      Size/MD5 checksum: 859960
52fc5ab1c1c7b0a337093196d08076af

Motorola 680×0 architecture:

    http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge5_m68k.deb

      Size/MD5 checksum: 746044
07af12e76e683943d028347673b325dc

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge5_mips.deb

      Size/MD5 checksum: 818708
789e70f91a8b43909790389833f5c2f9

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge5_mipsel.deb

      Size/MD5 checksum: 811194
6f27ce39b1d79d49992ae66e6fc45b13

PowerPC architecture:

    http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge5_powerpc.deb

      Size/MD5 checksum: 799932
f7f6e5df3d35a4e24ef714a02300bb89

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge5_s390.deb

      Size/MD5 checksum: 776202
0c511feed7677d69e5e9b901239c25e0

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge5_sparc.deb

      Size/MD5 checksum: 763980
90c9205b4bc9b61b46d8d46c09e74b83

These files will probably be moved into the stable distribution
on its next update.

Debian Security Advisory DSA 1137-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
August 2nd, 2006 http://www.debian.org/security/faq

Package : tiff
Vulnerability : several
Problem type : local (remote)
Debian-specific: no
CVE IDs : CVE-2006-3459 CVE-2006-3460 CVE-2006-3461 CVE-2006-3462
CVE-2006-3463 CVE-2006-3464 CVE-2006-3465

Tavis Ormandy of the Google Security Team discovered several
problems in the TIFF library. The Common Vulnerabilities and
Exposures project identifies the following issues:

CVE-2006-3459

Several stack-buffer overflows have been discovered.

CVE-2006-3460

A heap overflow vulnerability in the JPEG decoder may overrun a
buffer with more data than expected.

CVE-2006-3461

A heap overflow vulnerability in the PixarLog decoder may allow
an attacker to execute arbitrary code.

CVE-2006-3462

A heap overflow vulnerability has been discovered in the NeXT
RLE decoder.

CVE-2006-3463

An loop was discovered where a 16bit unsigned short was used to
iterate over a 32bit unsigned value so that the loop would never
terminate and continue forever.

CVE-2006-3464

Multiple unchecked arithmetic operations were uncovered,
including a number of the range checking operations designed to
ensure the offsets specified in TIFF directories are
legitimate.

CVE-2006-3465

A flaw was also uncovered in libtiffs custom tag support which
may result in abnormal behaviour, crashes, or potentially arbitrary
code execution.

For the stable distribution (sarge) these problems have been
fixed in version 3.7.2-7.

For the unstable distribution (sid) these problems have been
fixed in version 3.8.2-6.

We recommend that you upgrade your libtiff packages.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2-7.dsc

      Size/MD5 checksum: 736
ce0ffb8cdd1130153deaefa8b59abe81
    http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2-7.diff.gz

      Size/MD5 checksum: 17174
ff485016221ededfc8ce649538322211
    http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2.orig.tar.gz

      Size/MD5 checksum: 1252995
221679f6d5c15670b3c242cbfff79a00

Alpha architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_alpha.deb

      Size/MD5 checksum: 47112
a4f7feea087ba03a84f745ee79a7ff56
    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_alpha.deb

      Size/MD5 checksum: 243840
f7abb618f36082be959f6e3c9a99cf8f
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_alpha.deb

      Size/MD5 checksum: 479064
c137c6857ed320928f182115fbd94b21
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_alpha.deb

      Size/MD5 checksum: 311206
c202ef6404c23ea7dc999c03e586c07f
    http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_alpha.deb

      Size/MD5 checksum: 41228
53c5979e8c2556e5a19607c19e862368

AMD64 architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_amd64.deb

      Size/MD5 checksum: 46036
bc6d0c7db57a1dcae4b8dd65b4640243
    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_amd64.deb

      Size/MD5 checksum: 218060
d09ef1de8b31f074d2f05c7522858cf1
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_amd64.deb

      Size/MD5 checksum: 459964
8be097d74ac788d87a8358b8f9e68d79
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_amd64.deb

      Size/MD5 checksum: 267872
cc0a4241cd53de29b561286fcd91cf2c
    http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_amd64.deb

      Size/MD5 checksum: 40804
136bc49ad0c85dc6fa9f61242cf97c05

ARM architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_arm.deb

      Size/MD5 checksum: 45536
0253b94c6f94a33c9942568f9093fedd
    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_arm.deb

      Size/MD5 checksum: 208630
45e2ef6af43bfbddb4aee00b659d287a
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_arm.deb

      Size/MD5 checksum: 454194
354e1b4560b4a407c4b4faf5d2555b20
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_arm.deb

      Size/MD5 checksum: 266148
f535b441d81a7786815d954c843b9c81
    http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_arm.deb

      Size/MD5 checksum: 40304
fcd0980c8fc2dedaa8a6380e0d4736bd

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_i386.deb

      Size/MD5 checksum: 45400
e51d8f157a2ef94cbc4e893f756be29a
    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_i386.deb

      Size/MD5 checksum: 206412
69a3c66b2c9733653e6e7f667ab260b3
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_i386.deb

      Size/MD5 checksum: 453078
267f8f361f0dc87f40c8bc37d4785f57
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_i386.deb

      Size/MD5 checksum: 252412
5720af1515d6c9ce04f0e7abea045955
    http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_i386.deb

      Size/MD5 checksum: 40850
18710ba8ae073bd5a6e7b3c299cbae23

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_ia64.deb

      Size/MD5 checksum: 48512
c57280d747f62859c4477a0f1dcbcfef
    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_ia64.deb

      Size/MD5 checksum: 269156
277ad4a79cd2148991134c6ed8c029fe
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_ia64.deb

      Size/MD5 checksum: 511782
4b64fd28c917e7e2e158c7244cfc892d
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_ia64.deb

      Size/MD5 checksum: 331790
614a46318d671800caab21e26df9c1bf
    http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_ia64.deb

      Size/MD5 checksum: 42450
af80a3234e174d9f15bbb4e68d2b558f

HP Precision architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_hppa.deb

      Size/MD5 checksum: 46846
e863b11db8f25a221776ea306eeb1539
    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_hppa.deb

      Size/MD5 checksum: 230316
9ccb777cf49096a2dabf144de609b83c
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_hppa.deb

      Size/MD5 checksum: 473764
6938692095c40fba1f5feca1efd243a8
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_hppa.deb

      Size/MD5 checksum: 282648
68ffb8ebaac2404aa1f9a709e83abfc6
    http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_hppa.deb

      Size/MD5 checksum: 41476
4327a6e2887ab7d5bb69d0476186d69e

Motorola 680×0 architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_m68k.deb

      Size/MD5 checksum: 45408
e33d428b54a5776181803c28475e2a30
    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_m68k.deb

      Size/MD5 checksum: 193578
d7f3db57205002a50354df9cc1e74767
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_m68k.deb

      Size/MD5 checksum: 443280
2e982f2b17745777ff6e249f627b1b4c
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_m68k.deb

      Size/MD5 checksum: 235056
c362aaa8589f44a3dc533143c37fd16b
    http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_m68k.deb

      Size/MD5 checksum: 40450
279a59887fd7a90b9d92415a07fe87f1

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_mips.deb

      Size/MD5 checksum: 46300
c26b165f7098aa083170b90c8002406e
    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_mips.deb

      Size/MD5 checksum: 252404
77b6d4382ee49bab1d3b94ea69d3bd88
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_mips.deb

      Size/MD5 checksum: 459088
34e8d02f8bac8bc4b059bc36109dda66
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_mips.deb

      Size/MD5 checksum: 281156
c2bf726c93de2c1ce1cb289d65fec892
    http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_mips.deb

      Size/MD5 checksum: 41086
85b8389df1df050f12fd87488ab46c02

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_mipsel.deb

      Size/MD5 checksum: 46256
8a1cc8fbd9e7679f2ec722f46a300fe1
    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_mipsel.deb

      Size/MD5 checksum: 252820
876a24a6b4b49d19eb2d425f7271528e
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_mipsel.deb

      Size/MD5 checksum: 459392
f1d09bb13a31f8ec73922f50d538b073
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_mipsel.deb

      Size/MD5 checksum: 280986
eff50ab58f511148d9d56ecbbc02c162
    http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_mipsel.deb

      Size/MD5 checksum: 41066
7490a101b2de00f6f458359f64b05daa

PowerPC architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_powerpc.deb

      Size/MD5 checksum: 47462
3eaaac85e15b48dd1add1fb314de9b74
    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_powerpc.deb

      Size/MD5 checksum: 235624
2d13e7c1769aab6d8a051817009d10ca
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_powerpc.deb

      Size/MD5 checksum: 461300
94dddf225b2130da2daca1ec54b2c0b0
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_powerpc.deb

      Size/MD5 checksum: 272868
0517f72923504549f4acf0fab1e1924f
    http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_powerpc.deb

      Size/MD5 checksum: 42658
9dd0f68f37713263bc9a729d7216b35f

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_s390.deb

      Size/MD5 checksum: 46422
039bfe0dde0063b276a57c1414a6d9ca
    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_s390.deb

      Size/MD5 checksum: 214056
b87d71aa653f45726d3b4ecd60b226b3
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_s390.deb

      Size/MD5 checksum: 466474
6b6e2dd8152760e65d2af459deac62fc
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_s390.deb

      Size/MD5 checksum: 267648
fc8d5662348991874f47953f20102b38
    http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_s390.deb

      Size/MD5 checksum: 41078
090b4edea314fadf183bb31fd891be34

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_sparc.deb

      Size/MD5 checksum: 45706
955588f87bf3796b962c6f18ad5ecbb3
    http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_sparc.deb

      Size/MD5 checksum: 205502
710eb39e993e988dcc1abc5cefd2f559
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_sparc.deb

      Size/MD5 checksum: 455492
76e4acd2000175c52d60f6b6f53aaa25
    http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_sparc.deb

      Size/MD5 checksum: 258764
c33aacda7a8162ff5ba7fd9399e347a6
    http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_sparc.deb

      Size/MD5 checksum: 40806
cefaef4ab3ed03fdeeec97a40081721f

These files will probably be moved into the stable distribution
on

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.