Hi There is a security bug in Debian Squeeze libtiff 3.9.4-5+sq.
When loading corrupted images and with ElectricFence memory debugging enabled, programs using libtiff crash. How to reproduce: Download corrupted images from here: http://artax.karlin.mff.cuni.cz/~mikulas/debian-libtiff-bug/ These tiff images were created by running fsfuzzer (http://people.redhat.com/sgrubb/files/fsfuzzer-0.7.tar.gz) over normal valid tiff images. Install electric-fence package from Debian. Run programs that use libtiff with electric fence, for example: LD_PRELOAD=/usr/lib/libefence.so links2 -g tiff1.tif LD_PRELOAD=/usr/lib/libefence.so xloadimage tiff1.tif LD_PRELOAD=/usr/lib/libefence.so xpaint tiff1.tif All the programs crash in TIFFReadDirectory (I tested it on amd64) --- so it is a bug in libtiff. I reproduced this bug on upstream libtiff 3.9.4, but couldn't reproduce it on 3.9.5, 3.9.6 or 4.0.1 --- so the bug was fixed upstream and Debian didn't backport it. BTW. how does Debian security deal with the ia32-libs package? There is a 32-bit version of libtiff in the package ia32-libs in /usr/lib32/libtiff.so.4.3.3 and it seems that it isn't being updated it at all ! Mikulas -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
