Re: [SECURITY] [DSA 626-1] New tiff packages fix denial of service

[Martin Schürrer <martin@schuerrer.org>]

Gut, ich erlaube dir herumzuspielen, allerdings mache ja ein Backup vorher  
(hängt auch deine Domain dran, und 2 Backups sind besser als 1)

bei phpmyadmin Username schosting Passwort asdqwe
FTP-Account: bpikl@sc-hosting.de Passwort asdqwe

Code ist von mir, allerdings schon sehr alt, und so schnell wie möglich  
programmiert. Erwarte alles schreckliche.
Es fehlt eine Funktion Subdomains zu verwalten, das Script gibts schon  
lange, nur das Webfrontend fehlt sein immer (Tabelle  
schosting.main.subdomains), also wenn du Lust hast

Bei Fragen entweder mich per ICQ oder E-Mail kontaktieren, beantworte  
alles gerne
Falls du alles neuschreiben willst, die Subdomains members2 existiert dazu.

Am Thu, 6 Jan 2005 15:16:53 +0100 (CET) schrieb Martin Schulze  
<joey@infodrom.org>:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> -  
> --------------------------------------------------------------------------
> Debian Security Advisory DSA 626-1                      
> security@debian.org
> http://www.debian.org/security/                             Martin  
> Schulze
> January 6th, 2005                        
> http://www.debian.org/security/faq
> -  
> --------------------------------------------------------------------------
>
> Package        : tiff
> Vulnerability  : unsanitised input
> Problem-Type   : remote
> Debian-specific: no
> CVE ID         : CAN-2004-1183
>
> Dmitry V. Levin discovered a buffer overflow in libtiff, the Tag Image
> File Format library for processing TIFF graphics files.  Upon reading
> a TIFF file it is possible to crash the application, and maybe also to
> execute arbitrary code.
>
> For the stable distribution (woody) this problem has been fixed in
> version 3.5.5-6.woody5.
>
> For the unstable distribution (sid) this problem has been fixed in
> version 3.6.1-5.
>
> We recommend that you upgrade your libtiff package.
>
>
> Upgrade Instructions
> - --------------------
>
> wget url
>         will fetch the file for you
> dpkg -i file.deb
>         will install the referenced file.
>
> If you are using the apt-get package manager, use the line for
> sources.list as given below:
>
> apt-get update
>         will update the internal database
> apt-get upgrade
>         will install corrected packages
>
> You may use an automated update by adding the resources from the
> footer to the proper configuration.
>
>
> Debian GNU/Linux 3.0 alias woody
> - --------------------------------
>
>   Source archives:
>
>     http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5-6.woody5.dsc
>       Size/MD5 checksum:      637 30abd553c21fae8aa009f64c7d5c5fb7
>     http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5-6.woody5.diff.gz
>       Size/MD5 checksum:    37066 4b47449e5c15f5981121d2bb29212fc8
>     http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5.orig.tar.gz
>       Size/MD5 checksum:   693641 3b7199ba793dec6ca88f38bb0c8cc4d8
>
>   Alpha architecture:
>
>     http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody5_alpha.deb
>       Size/MD5 checksum:   141472 2e1246f3ef1525394c8c27b4cf5809f8
>     http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody5_alpha.deb
>       Size/MD5 checksum:   105420 40ae38e633c220b2d578cc2d21791c11
>     http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody5_alpha.deb
>       Size/MD5 checksum:   423234 df5bcc13ca6f61c363a452f6752e3e34
>
>   ARM architecture:
>
>     http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody5_arm.deb
>       Size/MD5 checksum:   117008 f89f5d1545fa5823fdb465cedce10d14
>     http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody5_arm.deb
>       Size/MD5 checksum:    90708 8d3b23cb9262f295a3c58963ffe33c93
>     http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody5_arm.deb
>       Size/MD5 checksum:   404256 9af23d64ad58077d4872661bbec90778
>
>   Intel IA-32 architecture:
>
>     http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody5_i386.deb
>       Size/MD5 checksum:   112096 7c6752fbe95e11b7c67e2bb950b04fa1
>     http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody5_i386.deb
>       Size/MD5 checksum:    81286 c2e334518bcb0bfcf43b50490704b70c
>     http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody5_i386.deb
>       Size/MD5 checksum:   386974 75532bb3d037538763707553c306cdbe
>
>   Intel IA-64 architecture:
>
>     http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody5_ia64.deb
>       Size/MD5 checksum:   158802 7aba7243abdddfc1f1ecf59c60487fa2
>     http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody5_ia64.deb
>       Size/MD5 checksum:   135648 fac88e6eb25d46a81270d4e1865d5db6
>     http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody5_ia64.deb
>       Size/MD5 checksum:   446518 c73d407fc0ba4afa22cf31fbe61639a7
>
>   HP Precision architecture:
>
>     http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody5_hppa.deb
>       Size/MD5 checksum:   128304 d2ee674c359384f1b53ddf9a198863f4
>     http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody5_hppa.deb
>       Size/MD5 checksum:   107050 9ddc7d795cd6aaf87ab44d4adff17d00
>     http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody5_hppa.deb
>       Size/MD5 checksum:   420374 4c2afddeb88d91f66672b9419b14e69e
>
>   Motorola 680x0 architecture:
>
>     http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody5_m68k.deb
>       Size/MD5 checksum:   107306 4d9c44ec8da6315698acc948423380ee
>     http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody5_m68k.deb
>       Size/MD5 checksum:    80036 9eaa32eb605078c0772deebd35f02b2e
>     http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody5_m68k.deb
>       Size/MD5 checksum:   380154 9b66e37ff70d402ae699d98d4fcefc39
>
>   Big endian MIPS architecture:
>
>     http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody5_mips.deb
>       Size/MD5 checksum:   124080 f058c706cd24c58aaf26c8a607b5970c
>     http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody5_mips.deb
>       Size/MD5 checksum:    88076 3c84f8da76f29eb167ce233d579a7d46
>     http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody5_mips.deb
>       Size/MD5 checksum:   410788 d17ac2c5788fff8dbcf07bcde307a394
>
>   Little endian MIPS architecture:
>
>     http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody5_mipsel.deb
>       Size/MD5 checksum:   123676 0824a0dbca1c6e3d164d0f6f6895ca91
>     http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody5_mipsel.deb
>       Size/MD5 checksum:    88440 107db6c5e16141137a3f4ca68583050e
>     http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody5_mipsel.deb
>       Size/MD5 checksum:   411380 0c4ecfc18395d97d1043a10e35f28bcb
>
>   PowerPC architecture:
>
>     http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody5_powerpc.deb
>       Size/MD5 checksum:   116074 b217403c7eb35fc693803eb435597977
>     http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody5_powerpc.deb
>       Size/MD5 checksum:    89692 e8cb99fb55ede4b7d74f0f2d43efa1f7
>     http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody5_powerpc.deb
>       Size/MD5 checksum:   402422 7bc2f2471f7c1bb6c7b259cda3844359
>
>   IBM S/390 architecture:
>
>     http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody5_s390.deb
>       Size/MD5 checksum:   116944 654854ff01018ec39fbb459c2264dee2
>     http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody5_s390.deb
>       Size/MD5 checksum:    92028 e3737813924d9c647e9b8ff9239dfdce
>     http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody5_s390.deb
>       Size/MD5 checksum:   395354 54a156b1986175fc95e747fd95e281aa
>
>   Sun Sparc architecture:
>
>     http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody5_sparc.deb
>       Size/MD5 checksum:   132914 677d66df3e0190f1a08e09093d136f66
>     http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody5_sparc.deb
>       Size/MD5 checksum:    88834 24e946dce29d51cc920cb7237749e195
>     http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody5_sparc.deb
>       Size/MD5 checksum:   397052 367b1261c62cd443cbfa5114b05ad593
>
>
>   These files will probably be moved into the stable distribution on
>   its next update.
>
> -  
> ---------------------------------------------------------------------------------
> For apt-get: deb http://security.debian.org/ stable/updates main
> For dpkg-ftp: ftp://security.debian.org/debian-security  
> dists/stable/updates/main
> Mailing list: debian-security-announce@lists.debian.org
> Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.5 (GNU/Linux)
>
> iD8DBQFB3UhVW5ql+IAeqTIRAq4dAKCyrNZg85FFGDuRPItELT/rqfeuogCePtjC
> fX34XkVe2J5lRCpNBBKTHA0=
> =EC1N
> -----END PGP SIGNATURE-----