TUCoPS :: Linux :: Ubuntu :: b06-1989.htm

Tiff library vulnerabilities
TIFF library vulnerabilities
TIFF library vulnerabilities




--pf9I7BMVVzbSWLtt
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================Ubuntu Security Notice USN-277-1	       May 03, 2006
tiff vulnerabilities
CVE-2006-2024, CVE-2006-2025, CVE-2006-2026, CVE-2006-2120
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

libtiff4

The problem can be corrected by upgrading the affected package to
version 3.6.1-5ubuntu0.3 (for Ubuntu 5.04), or 3.7.3-1ubuntu1.1 (for
Ubuntu 5.10). After a standard system upgrade you need to reboot your
computer to effect the necessary changes, since this library is used
by many client and server applications.

Details follow:

Tavis Ormandy and Andrey Kiselev discovered that libtiff did not
sufficiently verify the validity of TIFF files. By tricking an user
into opening a specially crafted TIFF file with any application that
uses libtiff, an attacker could exploit this to crash the application
or even execute arbitrary code with the application's privileges.


Updated packages for Ubuntu 5.04:

  Source archives:

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1-5ubuntu0.3.diff.gz 
      Size/MD5:    25844 bf3bb894195ad17e5c860daf0b52e1ce
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1-5ubuntu0.3.dsc 
      Size/MD5:      681 7ca48c0c729b1ed1eaf448c8f25f3fd9
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1.orig.tar.gz 
      Size/MD5:   848760 bd252167a20ac7910ab3bd2b3ee9e955

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.6.1-5ubuntu0.3_amd64.deb 
      Size/MD5:   172968 2ffca24fa53dc7bfb5c5901e193a104c
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1-5ubuntu0.3_amd64.deb 
      Size/MD5:   459186 3bb686188917d73793abc5f812d388b9
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-5ubuntu0.3_amd64.deb 
      Size/MD5:   112794 309519051cbeac5ee4970c17c95f873f

  i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.6.1-5ubuntu0.3_i386.deb 
      Size/MD5:   155950 dd997be32c7b3379260bf9f9ff9576c8
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1-5ubuntu0.3_i386.deb 
      Size/MD5:   440500 16622a398c014cf6035494e0ff29d660
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-5ubuntu0.3_i386.deb 
      Size/MD5:   103712 fe939d6535627e0fc713fb43fefa399e

  powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.6.1-5ubuntu0.3_powerpc.deb 
      Size/MD5:   188176 88838f14d7d5da36f1f403f4c0a39b66
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1-5ubuntu0.3_powerpc.deb 
      Size/MD5:   463658 3aa8bf134de05702211eafa321b06503
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-5ubuntu0.3_powerpc.deb 
      Size/MD5:   114124 de1c205214d625b875ae75c18c18078a

Updated packages for Ubuntu 5.10:

  Source archives:

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.3-1ubuntu1.1.diff.gz 
      Size/MD5:    10710 2bd5f0ece5925350446d84ee8189e071
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.3-1ubuntu1.1.dsc 
      Size/MD5:      756 6189550944c0b45fc86c910ed0dbcf26
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.3.orig.tar.gz 
      Size/MD5:  1268182 48fbef3d76a6253699f28f49c8f25a8b

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.3-1ubuntu1.1_amd64.deb 
      Size/MD5:    47954 af59fddd16097f942f3e0e30191d28d0
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.3-1ubuntu1.1_amd64.deb 
      Size/MD5:   219564 3ed70fe840906f3f2a1c3911a7361e29
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.3-1ubuntu1.1_amd64.deb 
      Size/MD5:   281560 1e221cf189548ff8d6e5d1493800c05d
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.3-1ubuntu1.1_amd64.deb 
      Size/MD5:   471914 5736f410bb8db26c4249a4921491be9a
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.3-1ubuntu1.1_amd64.deb 
      Size/MD5:    42792 139dc849797a3d1075afb782d6bd6c70

  i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.3-1ubuntu1.1_i386.deb 
      Size/MD5:    47346 5eddb50954c66c612b7f3512782dda0f
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.3-1ubuntu1.1_i386.deb 
      Size/MD5:   204506 18fdd790464fad763946019e3eacf08d
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.3-1ubuntu1.1_i386.deb 
      Size/MD5:   258138 7034f05b5208a7e12d08f0f0f617c267
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.3-1ubuntu1.1_i386.deb 
      Size/MD5:   457970 6ff93fae3665cc4d755e00193bc3878d
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.3-1ubuntu1.1_i386.deb 
      Size/MD5:    42792 b8171ab19a074a0bb824bbf9b7e6878c

  powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.3-1ubuntu1.1_powerpc.deb 
      Size/MD5:    49658 ce5d543ec0f79778d91c35621a21cfb2
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.3-1ubuntu1.1_powerpc.deb 
      Size/MD5:   238916 80c0907f7bcc9ce449ab7c290f4de184
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.3-1ubuntu1.1_powerpc.deb 
      Size/MD5:   286772 43624f7226b1b4f7805b6824afabce4d
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.3-1ubuntu1.1_powerpc.deb 
      Size/MD5:   472118 0bbe31b13584e60800c85e9a1e2fd462
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.3-1ubuntu1.1_powerpc.deb 
      Size/MD5:    44986 11c16855448a486adbdd3520006845dd

--pf9I7BMVVzbSWLtt
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEWMo7DecnbV4Fd/IRAhDmAKCNhNauuI+MDqv+sP/lmNzVfNhHMgCffObn
vv4bGgX1fhysRugxwZbhcFY=lQfG
-----END PGP SIGNATURE-----

--pf9I7BMVVzbSWLtt--

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH