Note: This is an archival copy of Security Sun Alert 201331 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001005.1.
Solaris 8 Operating System
Solaris 9 Operating System
Solaris 10 Operating System
Date of Workaround Release
Date of Resolved Release
Multiple security vulnerabilities exist in the Tag Image File format library (libtiff(3)):
Multiple security vulnerabilities exist in the Tag Image File format library (libtiff(3)) which may affect applications making use of this library. Depending on the individual application, these vulnerabilities may allow a local or remote unprivileged user to cause a Denial of Service (DoS) to the application, or to execute arbitrary code with the privileges of the application.
These issues are described in the following documents:
Sun acknowledges with thanks, Travis Ormandy from the Google Security Team for bringing these issues to our attention.Contributing Factors
These issues can occur in the following releases:
If the described issues have been exploited to cause a Denial of Service (DoS), the affected application will crash, potentially leaving a core file depending on the system configuration.
There are no predictable symptoms that would indicate that these issues have been exploited to execute arbitrary code.Workaround
To work around the described issues, only load images from trusted sources.Resolution
This issue is addressed in the following release:
Copyright 2000-2008 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
02-Sept-2008: Updated Contributing Factors and Resolution sections. Resolved
This solution has no attachment