On September 14, October 25, the Linux manufacturer was attacked by two new security viruses. A series of graphics decoders and Gaim instant messaging clients were all affected.
According to RedHat, the biggest Linux developer, hackers have begun to use spoofed emails to target the company's users. The spoofing method is roughly the same as that used to attack Windows.
The attacked Gaim and libtiff are used by multiple Linux graphics programs to decode tiff images. Last week, a series of serious viruses also occurred, affecting Linux libpng, Xpdf, and Cups.
Researchers Chris Evans disclosed a series of boundary errors that affect libtiff's RLE decoding parts and generate a large number of buffer overflow. Malicious hackers can exploit these vulnerabilities to attack other users.
Evans said that the vulnerabilities he disclosed may be only the tip of the iceberg, but there may be many other vulnerabilities that have not been disclosed. Unfortunately, due to the large scale of libtiff, only limited scanning of vulnerabilities is possible. These vulnerabilities may represent other viruses.
Novell's Suse Linux and RedHat both proposed libtiff over the weekend and released related patches.