[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060503152027.GB5671@piware.de>
Date: Wed, 3 May 2006 17:20:27 +0200
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-277-1] TIFF library vulnerabilities
===========================================================
Ubuntu Security Notice USN-277-1 May 03, 2006
tiff vulnerabilities
CVE-2006-2024, CVE-2006-2025, CVE-2006-2026, CVE-2006-2120
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)
The following packages are affected:
libtiff4
The problem can be corrected by upgrading the affected package to
version 3.6.1-5ubuntu0.3 (for Ubuntu 5.04), or 3.7.3-1ubuntu1.1 (for
Ubuntu 5.10). After a standard system upgrade you need to reboot your
computer to effect the necessary changes, since this library is used
by many client and server applications.
Details follow:
Tavis Ormandy and Andrey Kiselev discovered that libtiff did not
sufficiently verify the validity of TIFF files. By tricking an user
into opening a specially crafted TIFF file with any application that
uses libtiff, an attacker could exploit this to crash the application
or even execute arbitrary code with the application's privileges.
Updated packages for Ubuntu 5.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1-5ubuntu0.3.diff.gz
Size/MD5: 25844 bf3bb894195ad17e5c860daf0b52e1ce
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1-5ubuntu0.3.dsc
Size/MD5: 681 7ca48c0c729b1ed1eaf448c8f25f3fd9
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1.orig.tar.gz
Size/MD5: 848760 bd252167a20ac7910ab3bd2b3ee9e955
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.6.1-5ubuntu0.3_amd64.deb
Size/MD5: 172968 2ffca24fa53dc7bfb5c5901e193a104c
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1-5ubuntu0.3_amd64.deb
Size/MD5: 459186 3bb686188917d73793abc5f812d388b9
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-5ubuntu0.3_amd64.deb
Size/MD5: 112794 309519051cbeac5ee4970c17c95f873f
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.6.1-5ubuntu0.3_i386.deb
Size/MD5: 155950 dd997be32c7b3379260bf9f9ff9576c8
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1-5ubuntu0.3_i386.deb
Size/MD5: 440500 16622a398c014cf6035494e0ff29d660
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-5ubuntu0.3_i386.deb
Size/MD5: 103712 fe939d6535627e0fc713fb43fefa399e
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.6.1-5ubuntu0.3_powerpc.deb
Size/MD5: 188176 88838f14d7d5da36f1f403f4c0a39b66
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1-5ubuntu0.3_powerpc.deb
Size/MD5: 463658 3aa8bf134de05702211eafa321b06503
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-5ubuntu0.3_powerpc.deb
Size/MD5: 114124 de1c205214d625b875ae75c18c18078a
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.3-1ubuntu1.1.diff.gz
Size/MD5: 10710 2bd5f0ece5925350446d84ee8189e071
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.3-1ubuntu1.1.dsc
Size/MD5: 756 6189550944c0b45fc86c910ed0dbcf26
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.3.orig.tar.gz
Size/MD5: 1268182 48fbef3d76a6253699f28f49c8f25a8b
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.3-1ubuntu1.1_amd64.deb
Size/MD5: 47954 af59fddd16097f942f3e0e30191d28d0
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.3-1ubuntu1.1_amd64.deb
Size/MD5: 219564 3ed70fe840906f3f2a1c3911a7361e29
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.3-1ubuntu1.1_amd64.deb
Size/MD5: 281560 1e221cf189548ff8d6e5d1493800c05d
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.3-1ubuntu1.1_amd64.deb
Size/MD5: 471914 5736f410bb8db26c4249a4921491be9a
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.3-1ubuntu1.1_amd64.deb
Size/MD5: 42792 139dc849797a3d1075afb782d6bd6c70
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.3-1ubuntu1.1_i386.deb
Size/MD5: 47346 5eddb50954c66c612b7f3512782dda0f
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.3-1ubuntu1.1_i386.deb
Size/MD5: 204506 18fdd790464fad763946019e3eacf08d
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.3-1ubuntu1.1_i386.deb
Size/MD5: 258138 7034f05b5208a7e12d08f0f0f617c267
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.3-1ubuntu1.1_i386.deb
Size/MD5: 457970 6ff93fae3665cc4d755e00193bc3878d
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.3-1ubuntu1.1_i386.deb
Size/MD5: 42792 b8171ab19a074a0bb824bbf9b7e6878c
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.3-1ubuntu1.1_powerpc.deb
Size/MD5: 49658 ce5d543ec0f79778d91c35621a21cfb2
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.3-1ubuntu1.1_powerpc.deb
Size/MD5: 238916 80c0907f7bcc9ce449ab7c290f4de184
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.3-1ubuntu1.1_powerpc.deb
Size/MD5: 286772 43624f7226b1b4f7805b6824afabce4d
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.3-1ubuntu1.1_powerpc.deb
Size/MD5: 472118 0bbe31b13584e60800c85e9a1e2fd462
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.3-1ubuntu1.1_powerpc.deb
Size/MD5: 44986 11c16855448a486adbdd3520006845dd
Download attachment "signature.asc" of type "application/pgp-signature" (192 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists