lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060802194842.GK5392@piware.de>
Date: Wed, 2 Aug 2006 21:48:42 +0200
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-330-1] tiff vulnerabilities

=========================================================== 
Ubuntu Security Notice USN-330-1            August 02, 2006
tiff vulnerabilities
CVE-2006-3459, CVE-2006-3460, CVE-2006-3461, CVE-2006-3462,
CVE-2006-3463, CVE-2006-3464, CVE-2006-3465
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
  libtiff4                                 3.6.1-5ubuntu0.6

Ubuntu 5.10:
  libtiff4                                 3.7.3-1ubuntu1.5

Ubuntu 6.06 LTS:
  libtiff4                                 3.7.4-1ubuntu3.2

After a standard system upgrade you need to reboot your computer to
effect the necessary changes.

Details follow:

Tavis Ormandy discovered that the TIFF library did not sufficiently
check handled images for validity. By tricking an user or an automated
system into processing a specially crafted TIFF image, an attacker
could exploit these weaknesses to execute arbitrary code with the
target application's privileges.

This library is used in many client and server applications, thus you
should reboot your computer after the upgrade to ensure that all
running programs use the new version of the library.


Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1-5ubuntu0.6.diff.gz
      Size/MD5:    30691 49722c5266cd7abd26af4e2930806b9c
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1-5ubuntu0.6.dsc
      Size/MD5:      681 7ad4b09fd3ae17ac3469befee5a0bdbe
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1.orig.tar.gz
      Size/MD5:   848760 bd252167a20ac7910ab3bd2b3ee9e955

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.6.1-5ubuntu0.6_amd64.deb
      Size/MD5:   172866 61bd186e530802e933781ec95ecc75a9
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1-5ubuntu0.6_amd64.deb
      Size/MD5:   459690 585475d89d429435077cf76a1ea26137
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-5ubuntu0.6_amd64.deb
      Size/MD5:   113776 4780d38316de3537a1b55ba45f2fe735

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.6.1-5ubuntu0.6_i386.deb
      Size/MD5:   155968 389e7151c6cea9cee5c4a5f95a13b77d
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1-5ubuntu0.6_i386.deb
      Size/MD5:   441462 cb6274340b13def24594a42a90b68251
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-5ubuntu0.6_i386.deb
      Size/MD5:   104694 16b136cb563918fd5cbea35772af378a

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.6.1-5ubuntu0.6_powerpc.deb
      Size/MD5:   188188 6749e48524a1dae0a6ff5d7e3a2de413
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1-5ubuntu0.6_powerpc.deb
      Size/MD5:   464676 6074afb200b1b839eb612e195a9cdfa7
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-5ubuntu0.6_powerpc.deb
      Size/MD5:   115188 956c9014eb02b96505808da786ad5a76

Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.3-1ubuntu1.5.diff.gz
      Size/MD5:    17432 462f974440018758467c211ae4287a38
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.3-1ubuntu1.5.dsc
      Size/MD5:      756 588e4e00764c879078155ea33e75ff09
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.3.orig.tar.gz
      Size/MD5:  1268182 48fbef3d76a6253699f28f49c8f25a8b

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.3-1ubuntu1.5_amd64.deb
      Size/MD5:    48612 4963d3463e3dc627d7587bddaa49141c
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.3-1ubuntu1.5_amd64.deb
      Size/MD5:   220048 34fbca2f7003642e99a2441ef83aabf7
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.3-1ubuntu1.5_amd64.deb
      Size/MD5:   282498 2b30fa42f5e443215af23faead443c9f
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.3-1ubuntu1.5_amd64.deb
      Size/MD5:   472892 1b3f3aa4f34d2afc75ecece36ff5af09
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.3-1ubuntu1.5_amd64.deb
      Size/MD5:    43448 e60c1e20c08710c65445587d7735a231

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.3-1ubuntu1.5_i386.deb
      Size/MD5:    48018 96eaa5eb44709bedeb613b9f1a22931a
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.3-1ubuntu1.5_i386.deb
      Size/MD5:   205062 5ed40e3a33a7d58775625f5da2971c32
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.3-1ubuntu1.5_i386.deb
      Size/MD5:   258994 4b0faa18540b8850ac5994dae4d814c3
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.3-1ubuntu1.5_i386.deb
      Size/MD5:   458804 347087a64d991f3379d826db0fac0599
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.3-1ubuntu1.5_i386.deb
      Size/MD5:    43464 8331d867bf64e79ee2ab8a639f30fc9d

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.3-1ubuntu1.5_powerpc.deb
      Size/MD5:    50334 0b0325a1c212e27821d0141c59ddc1fb
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.3-1ubuntu1.5_powerpc.deb
      Size/MD5:   239530 2478436b1ed5ddfdf18d077d5ec0212a
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.3-1ubuntu1.5_powerpc.deb
      Size/MD5:   287894 a0f95176643fb7126a967a61f106da73
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.3-1ubuntu1.5_powerpc.deb
      Size/MD5:   473162 8be329a8ad8961071e712404b659b42c
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.3-1ubuntu1.5_powerpc.deb
      Size/MD5:    45670 f0e946707c7eb7bb3ce56730e27ae76a

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.3-1ubuntu1.5_sparc.deb
      Size/MD5:    48610 64c7435b7ce23b66b3a90e15f575845a
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.3-1ubuntu1.5_sparc.deb
      Size/MD5:   210412 98e14a7b26a3d23a6416fa2b211ef1fe
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.3-1ubuntu1.5_sparc.deb
      Size/MD5:   271428 3ef34fd17abbc5d261f998b4808f9cf3
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.3-1ubuntu1.5_sparc.deb
      Size/MD5:   464560 9d13ba6ded259ff29456328901bb00a6
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.3-1ubuntu1.5_sparc.deb
      Size/MD5:    43362 56ee90c0206249bd10c8b10f2948747f

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4-1ubuntu3.2.diff.gz
      Size/MD5:    19124 a1e98bba276f935aebd6ab7d2f757cf7
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4-1ubuntu3.2.dsc
      Size/MD5:      758 be3125f609008aeef14df7c3cd35a349
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4.orig.tar.gz
      Size/MD5:  1280113 02cf5c3820bda83b35bb35b45ae27005

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.2_amd64.deb
      Size/MD5:    49640 036260cccaf5422219611f29e541b9a8
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.2_amd64.deb
      Size/MD5:   220568 b370e81168090a997cdeec22ba2772ca
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.2_amd64.deb
      Size/MD5:   282000 b1e1df69d96431d857f01e6efdf74b47
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.2_amd64.deb
      Size/MD5:   475234 01679bc8144b2cfc39f7e30817ebe895
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.2_amd64.deb
      Size/MD5:    44464 443d29a19341a9a3d8e8406543a0f879

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.2_i386.deb
      Size/MD5:    48972 1487f93c4ae0b7d89a2ec20fc1cf7751
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.2_i386.deb
      Size/MD5:   205728 a1c62563ff4f15720fe41dad46aa47c1
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.2_i386.deb
      Size/MD5:   258772 a01fc13c7120e0470deb17bb4416b9df
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.2_i386.deb
      Size/MD5:   461560 66f17cac2fa69165f799e57c12ee53cb
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.2_i386.deb
      Size/MD5:    44438 25fcb41c5c348031eae48bd5ff837c22

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.2_powerpc.deb
      Size/MD5:    51312 3fb7912024ac85a7c16f68d7f4064f27
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.2_powerpc.deb
      Size/MD5:   239548 e5f378e86f46be643fd358926e61fd1f
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.2_powerpc.deb
      Size/MD5:   287558 8d93e194d4ba4e63bdbe8d5e0242cfe3
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.2_powerpc.deb
      Size/MD5:   475648 7800d2741705bc25397094a5c8ee3148
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.2_powerpc.deb
      Size/MD5:    46672 bb4698013afd1f6c86785e8cc28e4a6f

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.2_sparc.deb
      Size/MD5:    49520 e13fa9d1515fe5bc78ffface31611484
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.2_sparc.deb
      Size/MD5:   208396 d925feff7ff15ed4411708266cb53d2b
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.2_sparc.deb
      Size/MD5:   269778 e08346a2f3bae86f419753f10350e617
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.2_sparc.deb
      Size/MD5:   466472 d3398c5e98ac9991550f3f3d0148025b
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.2_sparc.deb
      Size/MD5:    44386 47bf6769b8cb9a87372cd5f25fd88338


Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ