lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050106173756.GA9434@box79162.elkhouse.de>
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-54-1] TIFF library tool vulnerability

===========================================================
Ubuntu Security Notice USN-54-1		   January 06, 2005
tiff vulnerability
CAN-2004-1183
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

libtiff-tools

The problem can be corrected by upgrading the affected package to
version 3.6.1-1.1ubuntu1.2.  In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

Dmitry V. Levin discovered a buffer overflow in the "tiffdump"
utility. If an attacker tricked a user into processing a malicious
TIFF image with tiffdump, they could cause a buffer overflow which at
least causes the program to crash. However, it is not entirely clear
whether this can be exploited to execute arbitrary code with the
privileges of the user opening the image.

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1-1.1ubuntu1.2.diff.gz
      Size/MD5:    22999 d884251e847a11301f8336b8d9f50e0f
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1-1.1ubuntu1.2.dsc
      Size/MD5:      646 7e0d3bb9141233f29e2b5999523882bd
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1.orig.tar.gz
      Size/MD5:   848760 bd252167a20ac7910ab3bd2b3ee9e955

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-tools_3.6.1-1.1ubuntu1.2_amd64.deb
      Size/MD5:   172900 15c92000db5d6efe06dc5be73a3471e2
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1-1.1ubuntu1.2_amd64.deb
      Size/MD5:   458416 8f3a4d1bcba9de0b9004f8a9c1103632
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-1.1ubuntu1.2_amd64.deb
      Size/MD5:   111440 df967606c94b419508c00b9e3194485d

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-tools_3.6.1-1.1ubuntu1.2_i386.deb
      Size/MD5:   157260 d416a9e23840613a706f8196879614b3
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1-1.1ubuntu1.2_i386.deb
      Size/MD5:   439598 87e32a85649ca58ebccf55b751297bb5
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-1.1ubuntu1.2_i386.deb
      Size/MD5:   102336 f2019f1620310fa2a5d5c59ccabab0fe

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-tools_3.6.1-1.1ubuntu1.2_powerpc.deb
      Size/MD5:   187884 1c1173ba8723d03239399175a7e41566
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1-1.1ubuntu1.2_powerpc.deb
      Size/MD5:   462478 0fe172d4ecc90f985df90f9a551faa52
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-1.1ubuntu1.2_powerpc.deb
      Size/MD5:   112518 80f528b39a9d230e20591337df3d556e
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050106/15b0a41b/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ