| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20041222132002.GA17143@box79162.elkhouse.de>
Date: Wed, 22 Dec 2004 14:20:02 +0100
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com
Subject: [USN-46-1] TIFF library vulnerability
===========================================================
Ubuntu Security Notice USN-46-1 December 22, 2004
tiff vulnerability
CAN-2004-1308
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
libtiff4
The problem can be corrected by upgrading the affected package to
version 3.6.1-1.1ubuntu1.1. In general, a standard system upgrade is
sufficient to effect the necessary changes.
Details follow:
A buffer overflow was discovered in the TIFF library. A TIFF file
includes a value indicating the number of "directory entry" header
fields contained in the file. If this value is -1, an invalid memory
allocation was performed. A malicious image could be constructed
which, when decoded, would have resulted in execution of arbitrary
code with the privileges of the process using the library.
Since this library is used in many applications like "ghostscript" and
the "CUPS" printing system, this vulnerability may lead to remotely
induced privilege escalation.
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1-1.1ubuntu1.1.diff.gz
Size/MD5: 22770 6763905425507303c628d773cee68cd1
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1-1.1ubuntu1.1.dsc
Size/MD5: 646 9382dd270ae226e5f2a404006d78db47
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1.orig.tar.gz
Size/MD5: 848760 bd252167a20ac7910ab3bd2b3ee9e955
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-tools_3.6.1-1.1ubuntu1.1_amd64.deb
Size/MD5: 172868 dc56a896377bdb6cc10ff8038aaf33da
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1-1.1ubuntu1.1_amd64.deb
Size/MD5: 458450 7f607e3b97fb5bcdd5da37f4f44d9ae2
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-1.1ubuntu1.1_amd64.deb
Size/MD5: 111346 62e90ecdbf07bf0c571728890fa26e23
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-tools_3.6.1-1.1ubuntu1.1_i386.deb
Size/MD5: 157252 940f8a1884509bc892eca7b26ea67d6c
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1-1.1ubuntu1.1_i386.deb
Size/MD5: 439610 3881385ae3ba4d84837a6912bd38f946
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-1.1ubuntu1.1_i386.deb
Size/MD5: 102238 d3b3a7afde8e221b801ba619139ce09e
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-tools_3.6.1-1.1ubuntu1.1_powerpc.deb
Size/MD5: 187880 7373d1bbd48331f917a8b6132368bb6d
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1-1.1ubuntu1.1_powerpc.deb
Size/MD5: 462496 6e7a942d020ffba8c3abef047e550fea
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-1.1ubuntu1.1_powerpc.deb
Size/MD5: 112420 6424b25afbd913496f49c7eb4f96ca77
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
Powered by blists - more mailing lists