Linux vendors are issuing patches for several serious bugs affecting an imaging component, a pdf viewer, two widely used media players and the Shoutcast audio server.
The bugs could leave Linux users vulnerable to attack when they view tiff images or pdf files, view remote media content or when the Shoutcast server accepts maliciously-crafted requests.
The LibTiff library, which supports tiff images in various Linux applications, is affected by two separate integer overflows, researchers said, in the "tiffFetchStripThing()" and "CheckMalloc()" functions. Both could allow an attacker to execute malicious code when a specially crafted tiff image is viewed in an application that uses the library.
The first vulnerability was confirmed in LibTiff version 3.6.1, and the second in versions 3.5.7 and 3.7.0, but other versions may also be affected. Version 3.7.1, available here, fixes the bugs. Both were originally reported by iDefense just before Christmas, and a number of Linux vendors have issued customised patches for the affected software. Independent security firm Secunia gave the bugs a "highly critical" rating.
At the same time, iDefense reported a vulnerability in xpdf, an application used for viewing pdf files in Linux. In xpdf version 3.00, a boundary error could be exploited via a specially crafted pdf file to execute malicious code on a user's system, iDefense said. Patches are available from various Linux vendors. Secunia gave the vulnerability a "highly critical" rating.
The mplayer media player has five separate bugs, any of which could be used to compromise a system via specially crafted files or parameters, according to an advisory from Secunia. The bugs are fixed in version 1.0pre5try2, available from the mplayer website and from Linux vendors.
Two similar bugs were discovered in xine, a cross-platform media player, as reported by iDefense. Both can allow an attacker to execute malicious code on a desktop by luring a user to a malicious server using the PNM streaming media protocol. Secunia gave the bugs a "highly critical" rating.
Shoutcast warned of a bug in its media server when processing requested filenames. An attacker could execute malicious code on a Linux server by sending a specially crafted HTTP request to the Shoutcast software. The bug affects the version 1.9.4 of the Linux server, and possibly earlier versions; it is fixed in version 1.9.5, available here and from several Linux vendors. Secunia's advisory ranked the bugs as "highly critical".