Re: A security bug in Debian Squeeze libtiff (+ non-updated ia32-libs??)
Mikulas Patocka <mikulas@artax.karlin.mff.cuni.cz> schrieb:
> Hi
>
> There is a security bug in Debian Squeeze libtiff 3.9.4-5+sq.
>
> When loading corrupted images and with ElectricFence memory debugging
> enabled, programs using libtiff crash.
>
> How to reproduce: Download corrupted images from here:
> http://artax.karlin.mff.cuni.cz/~mikulas/debian-libtiff-bug/
>
> These tiff images were created by running fsfuzzer
> (http://people.redhat.com/sgrubb/files/fsfuzzer-0.7.tar.gz) over normal
> valid tiff images.
>
> Install electric-fence package from Debian.
>
> Run programs that use libtiff with electric fence, for example:
>
> LD_PRELOAD=/usr/lib/libefence.so links2 -g tiff1.tif
>
> LD_PRELOAD=/usr/lib/libefence.so xloadimage tiff1.tif
>
> LD_PRELOAD=/usr/lib/libefence.so xpaint tiff1.tif
>
> All the programs crash in TIFFReadDirectory (I tested it on amd64) --- so
> it is a bug in libtiff.
>
>
> I reproduced this bug on upstream libtiff 3.9.4, but couldn't reproduce it
> on 3.9.5, 3.9.6 or 4.0.1 --- so the bug was fixed upstream and Debian
> didn't backport it.
>
>
> BTW. how does Debian security deal with the ia32-libs package? There is a
> 32-bit version of libtiff in the package ia32-libs in
> /usr/lib32/libtiff.so.4.3.3 and it seems that it isn't being updated it at
> all !
Please file a bug against the tiff package.
Cheers,
Moritz
Reply to: