Apple Computer Inc.

Notified:  January 21, 2005 Updated: May 05, 2005

Status

  Vulnerable

Vendor Statement

This is addressed in Security Update 2005-005. Further information is available at: http://docs.info.apple.com/article.html?artnum=301528.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Conectiva

Notified:  January 21, 2005 Updated: January 24, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Cray Inc.

Notified:  January 21, 2005 Updated: January 24, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Debian

Notified:  January 21, 2005 Updated: January 24, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

EMC Corporation

Notified:  January 21, 2005 Updated: January 24, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Engarde

Notified:  January 21, 2005 Updated: January 24, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

F5 Networks

Notified:  January 21, 2005 Updated: January 24, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

FreeBSD

Notified:  January 21, 2005 Updated: January 24, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Fujitsu

Notified:  January 21, 2005 Updated: January 24, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Hewlett-Packard Company

Notified:  January 21, 2005 Updated: January 24, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Hitachi

Notified:  January 21, 2005 Updated: January 24, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

IBM

Notified:  January 21, 2005 Updated: January 24, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

IBM eServer

Notified:  January 21, 2005 Updated: February 02, 2005

Status

  Unknown

Vendor Statement

For information related to this and other published CERT Advisories that may relate to the IBM eServer Platforms (xSeries, iSeries, pSeries, and zSeries) please go to https://app-06.www.ibm.com/servers/resourcelink/lib03020.nsf/pages/securityalerts?OpenDocument&pathID= In order to access this information you will require a Resource Link ID.To subscribe to Resource Link go to http://app-06.www.ibm.com/servers/resourcelink and follow the steps for registration.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

IBM-zSeries

Notified:  January 21, 2005 Updated: January 24, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Immunix

Notified:  January 21, 2005 Updated: January 24, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Ingrian Networks

Notified:  January 21, 2005 Updated: January 24, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Juniper Networks

Notified:  January 21, 2005 Updated: January 24, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

MandrakeSoft

Notified:  January 21, 2005 Updated: January 24, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Microsoft Corporation

Notified:  January 21, 2005 Updated: January 24, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

MontaVista Software

Notified:  January 21, 2005 Updated: January 24, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

NEC Corporation

Notified:  January 21, 2005 Updated: January 24, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

NetBSD

Notified:  January 21, 2005 Updated: January 24, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Nokia

Notified:  January 21, 2005 Updated: January 24, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Novell

Notified:  January 21, 2005 Updated: January 24, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

OpenBSD

Notified:  January 21, 2005 Updated: January 24, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Openwall GNU/*/Linux

Notified:  January 21, 2005 Updated: January 24, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Red Hat Inc.

Notified:  January 21, 2005 Updated: August 23, 2005

Status

  Vulnerable

Vendor Statement

This flaw was fixed as part of the update for CVE name CAN-2004-0886. Updates are available for Red Hat Enterprise Linux 3 and 2.1 to correct this issue. New libtiff packages along with our advisory are available at the URL below and by using the Red Hat Network 'up2date' tool. http://rhn.redhat.com/errata/RHSA-2004-577.html

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

SCO Linux

Notified:  January 21, 2005 Updated: January 24, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

SCO Unix

Notified:  January 21, 2005 Updated: January 24, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Sequent

Notified:  January 21, 2005 Updated: January 24, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

SGI

Notified:  January 21, 2005 Updated: January 24, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Sony Corporation

Notified:  January 21, 2005 Updated: January 24, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Sun Microsystems Inc.

Notified:  January 21, 2005 Updated: February 02, 2005

Status

  Vulnerable

Vendor Statement

Sun is affected by this libtiff vulnerability (CERT VU#539110) which corresponds to CVE CAN-2004-1307 and is also affected by the following libtiff vulnerabilities: CAN-2004-1308 (CERT VU#125598), CAN-2004-0803, CAN-2004-0804, and CAN-2004-0886. The following libraries in Solaris are affected: Solaris 7, 8, 9 - OpenWindows /usr/openwin/lib/libtiff.so.3 Solaris 9 - Sun Freeware /usr/sfw/lib/libtiff.so.3 The libtiff.so library in the Sun Java Desktop System (JDS) is affected by this issue in JDS release 2003 and JDS release 2. Sun is generating patches to update libtiff to v3.7.1 for the above affected libraries and will be publishing Sun Alerts for these libtiff vulnerabilities shortly.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

SuSE Inc.

Notified:  January 21, 2005 Updated: January 24, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

TurboLinux

Notified:  January 21, 2005 Updated: January 24, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Unisys

Notified:  January 21, 2005 Updated: January 24, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Wind River Systems Inc.

Notified:  January 21, 2005 Updated: January 24, 2005

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

View all 37 vendors View less vendors