[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060608115645.GE5127@piware.de>
Date: Thu, 8 Jun 2006 13:56:45 +0200
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-289-1] tiff vulnerabilities
===========================================================
Ubuntu Security Notice USN-289-1 June 08, 2006
tiff vulnerabilities
CVE-2006-2193, CVE-2006-2656
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 5.04:
libtiff-tools 3.6.1-5ubuntu0.5
Ubuntu 5.10:
libtiff-tools 3.7.3-1ubuntu1.4
Ubuntu 6.06 LTS:
libtiff-tools 3.7.4-1ubuntu3.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
A buffer overflow has been found in the tiff2pdf utility. By tricking
an user into processing a specially crafted TIF file with tiff2pdf,
this could potentially be exploited to execute arbitrary code with the
privileges of the user. (CVE-2006-2193)
A. Alejandro Hernández discovered a buffer overflow in the tiffsplit
utility. By calling tiffsplit with specially crafted long arguments,
an user can execute arbitrary code. If tiffsplit is used in e. g. a
web-based frontend or similar automated system, this could lead to
remote arbitary code execution with the privileges of that system. (In
normal interactive command line usage this is not a vulnerability.)
(CVE-2006-2656)
Updated packages for Ubuntu 5.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1-5ubuntu0.5.diff.gz
Size/MD5: 26319 e6f75f611b9c77ce07cb2cf513f654ad
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1-5ubuntu0.5.dsc
Size/MD5: 681 57c2c112da454d86f49d8bf2e8e16d9b
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1.orig.tar.gz
Size/MD5: 848760 bd252167a20ac7910ab3bd2b3ee9e955
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.6.1-5ubuntu0.5_amd64.deb
Size/MD5: 172880 e890e7578915c4613cd7a74b184445bd
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1-5ubuntu0.5_amd64.deb
Size/MD5: 459208 8817f18ad3ae963b4a74c716cf7bf0b8
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-5ubuntu0.5_amd64.deb
Size/MD5: 112968 5646656fd78c0ff663866e74977bf78e
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.6.1-5ubuntu0.5_i386.deb
Size/MD5: 155968 27e009d03b6a5d9a93eabde478dc9b1c
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1-5ubuntu0.5_i386.deb
Size/MD5: 440508 f484f7e00cb7240a9c6f860ec5de9ade
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-5ubuntu0.5_i386.deb
Size/MD5: 103886 0388682d81cc301ef2b83a4f4438a05c
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.6.1-5ubuntu0.5_powerpc.deb
Size/MD5: 188188 6316125bd4d1a540957aa0cc9c60fa8d
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1-5ubuntu0.5_powerpc.deb
Size/MD5: 463674 8f080f57ffc4cb3a0f116ce7c353c381
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-5ubuntu0.5_powerpc.deb
Size/MD5: 114370 971a6be7879aaf5d92b55951b7cdd141
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.3-1ubuntu1.4.diff.gz
Size/MD5: 11378 17db8270668b8b0eefceb0d27e14bd11
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.3-1ubuntu1.4.dsc
Size/MD5: 756 218a54ab0966c1b6204b27343b916093
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.3.orig.tar.gz
Size/MD5: 1268182 48fbef3d76a6253699f28f49c8f25a8b
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.3-1ubuntu1.4_amd64.deb
Size/MD5: 48184 eed2ddb6187b1717db2de95dbc590ec6
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.3-1ubuntu1.4_amd64.deb
Size/MD5: 219688 79d9cf71f16a3a95c54b481bca648eab
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.3-1ubuntu1.4_amd64.deb
Size/MD5: 281702 b5b1b261be7c047c3be3eeb2f8398b8a
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.3-1ubuntu1.4_amd64.deb
Size/MD5: 472142 9cac886846d30589b05802fcc6e01f67
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.3-1ubuntu1.4_amd64.deb
Size/MD5: 43014 1b71df913359a6b0bdd8d6ebb3e33d7a
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.3-1ubuntu1.4_i386.deb
Size/MD5: 47562 0e08f054ec20d4e82d3d3f67cd384e69
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.3-1ubuntu1.4_i386.deb
Size/MD5: 204690 278bc83c4fcc7701a7a25719b96a0a8d
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.3-1ubuntu1.4_i386.deb
Size/MD5: 258346 46cff7452dbef76566b49220634f5d49
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.3-1ubuntu1.4_i386.deb
Size/MD5: 458214 e0920dc944d05da1b010137cf0e4ed2f
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.3-1ubuntu1.4_i386.deb
Size/MD5: 43012 749bfc0eeccb0b2b610751163b3cda3d
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.3-1ubuntu1.4_powerpc.deb
Size/MD5: 49880 6697a3b6fd7a52042a85b527951c2b1a
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.3-1ubuntu1.4_powerpc.deb
Size/MD5: 239116 8dd87fa3c6922a4e3a3fb5bf8317af09
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.3-1ubuntu1.4_powerpc.deb
Size/MD5: 286920 4531728171c4d58b730d84cd2999ddba
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.3-1ubuntu1.4_powerpc.deb
Size/MD5: 472346 b9bbe1b684162fada01c1487876da1ba
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.3-1ubuntu1.4_powerpc.deb
Size/MD5: 45220 17c2240ce41c10b277c19e01772890c4
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4-1ubuntu3.1.diff.gz
Size/MD5: 12974 fc61d9c72ecb96537be551c94930d3af
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4-1ubuntu3.1.dsc
Size/MD5: 758 5c352bc41e1f36e30a94796f3b7e5275
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4.orig.tar.gz
Size/MD5: 1280113 02cf5c3820bda83b35bb35b45ae27005
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.1_amd64.deb
Size/MD5: 49204 f890a4aee050bd6c6f2269a2a10c4d2b
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.1_amd64.deb
Size/MD5: 220242 67ffe0fd5e4177ae4311e104aa4289f6
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.1_amd64.deb
Size/MD5: 281250 531b751daf7c8de4a36348cd5d31470e
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.1_amd64.deb
Size/MD5: 474526 2178dafc48f6b0c1ba6a5f3e90b9cf18
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.1_amd64.deb
Size/MD5: 44028 57b10b963a838167afe05560e5e9383c
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.1_i386.deb
Size/MD5: 48540 5fd2f13e2a14134972184510f3a950dc
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.1_i386.deb
Size/MD5: 205404 5cfc943a4a57e4cb0153ed48473b9df4
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.1_i386.deb
Size/MD5: 258232 72693e8e7380f6695e87d018fdae226f
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.1_i386.deb
Size/MD5: 461020 ede882cb7fb44f1cdd9687a04848a84c
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.1_i386.deb
Size/MD5: 44004 58311b623d1ea6b310000d9d7fbe21e5
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.1_powerpc.deb
Size/MD5: 50872 17e2bb09736146f292e96c19ab060318
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.1_powerpc.deb
Size/MD5: 239234 041cf71b96800bb76911a2d95368bfaa
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.1_powerpc.deb
Size/MD5: 286828 de92f288acdd45cc520e03d81c400258
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.1_powerpc.deb
Size/MD5: 474980 1227b281cff931e95fd712ad4ce7a308
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.1_powerpc.deb
Size/MD5: 46232 a2c442bed73a4008acd5d4bd3db9858a
Download attachment "signature.asc" of type "application/pgp-signature" (192 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists