lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060503152027.GB5671@piware.de>
Date: Wed May  3 16:20:29 2006
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-277-1] TIFF library vulnerabilities

===========================================================
Ubuntu Security Notice USN-277-1	       May 03, 2006
tiff vulnerabilities
CVE-2006-2024, CVE-2006-2025, CVE-2006-2026, CVE-2006-2120
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

libtiff4

The problem can be corrected by upgrading the affected package to
version 3.6.1-5ubuntu0.3 (for Ubuntu 5.04), or 3.7.3-1ubuntu1.1 (for
Ubuntu 5.10). After a standard system upgrade you need to reboot your
computer to effect the necessary changes, since this library is used
by many client and server applications.

Details follow:

Tavis Ormandy and Andrey Kiselev discovered that libtiff did not
sufficiently verify the validity of TIFF files. By tricking an user
into opening a specially crafted TIFF file with any application that
uses libtiff, an attacker could exploit this to crash the application
or even execute arbitrary code with the application's privileges.


Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1-5ubuntu0.3.diff.gz
      Size/MD5:    25844 bf3bb894195ad17e5c860daf0b52e1ce
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1-5ubuntu0.3.dsc
      Size/MD5:      681 7ca48c0c729b1ed1eaf448c8f25f3fd9
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1.orig.tar.gz
      Size/MD5:   848760 bd252167a20ac7910ab3bd2b3ee9e955

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.6.1-5ubuntu0.3_amd64.deb
      Size/MD5:   172968 2ffca24fa53dc7bfb5c5901e193a104c
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1-5ubuntu0.3_amd64.deb
      Size/MD5:   459186 3bb686188917d73793abc5f812d388b9
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-5ubuntu0.3_amd64.deb
      Size/MD5:   112794 309519051cbeac5ee4970c17c95f873f

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.6.1-5ubuntu0.3_i386.deb
      Size/MD5:   155950 dd997be32c7b3379260bf9f9ff9576c8
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1-5ubuntu0.3_i386.deb
      Size/MD5:   440500 16622a398c014cf6035494e0ff29d660
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-5ubuntu0.3_i386.deb
      Size/MD5:   103712 fe939d6535627e0fc713fb43fefa399e

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.6.1-5ubuntu0.3_powerpc.deb
      Size/MD5:   188176 88838f14d7d5da36f1f403f4c0a39b66
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1-5ubuntu0.3_powerpc.deb
      Size/MD5:   463658 3aa8bf134de05702211eafa321b06503
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-5ubuntu0.3_powerpc.deb
      Size/MD5:   114124 de1c205214d625b875ae75c18c18078a

Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.3-1ubuntu1.1.diff.gz
      Size/MD5:    10710 2bd5f0ece5925350446d84ee8189e071
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.3-1ubuntu1.1.dsc
      Size/MD5:      756 6189550944c0b45fc86c910ed0dbcf26
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.3.orig.tar.gz
      Size/MD5:  1268182 48fbef3d76a6253699f28f49c8f25a8b

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.3-1ubuntu1.1_amd64.deb
      Size/MD5:    47954 af59fddd16097f942f3e0e30191d28d0
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.3-1ubuntu1.1_amd64.deb
      Size/MD5:   219564 3ed70fe840906f3f2a1c3911a7361e29
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.3-1ubuntu1.1_amd64.deb
      Size/MD5:   281560 1e221cf189548ff8d6e5d1493800c05d
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.3-1ubuntu1.1_amd64.deb
      Size/MD5:   471914 5736f410bb8db26c4249a4921491be9a
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.3-1ubuntu1.1_amd64.deb
      Size/MD5:    42792 139dc849797a3d1075afb782d6bd6c70

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.3-1ubuntu1.1_i386.deb
      Size/MD5:    47346 5eddb50954c66c612b7f3512782dda0f
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.3-1ubuntu1.1_i386.deb
      Size/MD5:   204506 18fdd790464fad763946019e3eacf08d
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.3-1ubuntu1.1_i386.deb
      Size/MD5:   258138 7034f05b5208a7e12d08f0f0f617c267
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.3-1ubuntu1.1_i386.deb
      Size/MD5:   457970 6ff93fae3665cc4d755e00193bc3878d
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.3-1ubuntu1.1_i386.deb
      Size/MD5:    42792 b8171ab19a074a0bb824bbf9b7e6878c

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.3-1ubuntu1.1_powerpc.deb
      Size/MD5:    49658 ce5d543ec0f79778d91c35621a21cfb2
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.3-1ubuntu1.1_powerpc.deb
      Size/MD5:   238916 80c0907f7bcc9ce449ab7c290f4de184
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.3-1ubuntu1.1_powerpc.deb
      Size/MD5:   286772 43624f7226b1b4f7805b6824afabce4d
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.3-1ubuntu1.1_powerpc.deb
      Size/MD5:   472118 0bbe31b13584e60800c85e9a1e2fd462
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.3-1ubuntu1.1_powerpc.deb
      Size/MD5:    44986 11c16855448a486adbdd3520006845dd
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060503/b59a30ea/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ