[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060802194842.GK5392@piware.de>
Date: Wed, 2 Aug 2006 21:48:42 +0200
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-330-1] tiff vulnerabilities
===========================================================
Ubuntu Security Notice USN-330-1 August 02, 2006
tiff vulnerabilities
CVE-2006-3459, CVE-2006-3460, CVE-2006-3461, CVE-2006-3462,
CVE-2006-3463, CVE-2006-3464, CVE-2006-3465
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 5.04:
libtiff4 3.6.1-5ubuntu0.6
Ubuntu 5.10:
libtiff4 3.7.3-1ubuntu1.5
Ubuntu 6.06 LTS:
libtiff4 3.7.4-1ubuntu3.2
After a standard system upgrade you need to reboot your computer to
effect the necessary changes.
Details follow:
Tavis Ormandy discovered that the TIFF library did not sufficiently
check handled images for validity. By tricking an user or an automated
system into processing a specially crafted TIFF image, an attacker
could exploit these weaknesses to execute arbitrary code with the
target application's privileges.
This library is used in many client and server applications, thus you
should reboot your computer after the upgrade to ensure that all
running programs use the new version of the library.
Updated packages for Ubuntu 5.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1-5ubuntu0.6.diff.gz
Size/MD5: 30691 49722c5266cd7abd26af4e2930806b9c
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1-5ubuntu0.6.dsc
Size/MD5: 681 7ad4b09fd3ae17ac3469befee5a0bdbe
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1.orig.tar.gz
Size/MD5: 848760 bd252167a20ac7910ab3bd2b3ee9e955
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.6.1-5ubuntu0.6_amd64.deb
Size/MD5: 172866 61bd186e530802e933781ec95ecc75a9
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1-5ubuntu0.6_amd64.deb
Size/MD5: 459690 585475d89d429435077cf76a1ea26137
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-5ubuntu0.6_amd64.deb
Size/MD5: 113776 4780d38316de3537a1b55ba45f2fe735
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.6.1-5ubuntu0.6_i386.deb
Size/MD5: 155968 389e7151c6cea9cee5c4a5f95a13b77d
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1-5ubuntu0.6_i386.deb
Size/MD5: 441462 cb6274340b13def24594a42a90b68251
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-5ubuntu0.6_i386.deb
Size/MD5: 104694 16b136cb563918fd5cbea35772af378a
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.6.1-5ubuntu0.6_powerpc.deb
Size/MD5: 188188 6749e48524a1dae0a6ff5d7e3a2de413
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1-5ubuntu0.6_powerpc.deb
Size/MD5: 464676 6074afb200b1b839eb612e195a9cdfa7
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-5ubuntu0.6_powerpc.deb
Size/MD5: 115188 956c9014eb02b96505808da786ad5a76
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.3-1ubuntu1.5.diff.gz
Size/MD5: 17432 462f974440018758467c211ae4287a38
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.3-1ubuntu1.5.dsc
Size/MD5: 756 588e4e00764c879078155ea33e75ff09
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.3.orig.tar.gz
Size/MD5: 1268182 48fbef3d76a6253699f28f49c8f25a8b
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.3-1ubuntu1.5_amd64.deb
Size/MD5: 48612 4963d3463e3dc627d7587bddaa49141c
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.3-1ubuntu1.5_amd64.deb
Size/MD5: 220048 34fbca2f7003642e99a2441ef83aabf7
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.3-1ubuntu1.5_amd64.deb
Size/MD5: 282498 2b30fa42f5e443215af23faead443c9f
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.3-1ubuntu1.5_amd64.deb
Size/MD5: 472892 1b3f3aa4f34d2afc75ecece36ff5af09
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.3-1ubuntu1.5_amd64.deb
Size/MD5: 43448 e60c1e20c08710c65445587d7735a231
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.3-1ubuntu1.5_i386.deb
Size/MD5: 48018 96eaa5eb44709bedeb613b9f1a22931a
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.3-1ubuntu1.5_i386.deb
Size/MD5: 205062 5ed40e3a33a7d58775625f5da2971c32
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.3-1ubuntu1.5_i386.deb
Size/MD5: 258994 4b0faa18540b8850ac5994dae4d814c3
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.3-1ubuntu1.5_i386.deb
Size/MD5: 458804 347087a64d991f3379d826db0fac0599
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.3-1ubuntu1.5_i386.deb
Size/MD5: 43464 8331d867bf64e79ee2ab8a639f30fc9d
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.3-1ubuntu1.5_powerpc.deb
Size/MD5: 50334 0b0325a1c212e27821d0141c59ddc1fb
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.3-1ubuntu1.5_powerpc.deb
Size/MD5: 239530 2478436b1ed5ddfdf18d077d5ec0212a
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.3-1ubuntu1.5_powerpc.deb
Size/MD5: 287894 a0f95176643fb7126a967a61f106da73
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.3-1ubuntu1.5_powerpc.deb
Size/MD5: 473162 8be329a8ad8961071e712404b659b42c
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.3-1ubuntu1.5_powerpc.deb
Size/MD5: 45670 f0e946707c7eb7bb3ce56730e27ae76a
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.3-1ubuntu1.5_sparc.deb
Size/MD5: 48610 64c7435b7ce23b66b3a90e15f575845a
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.3-1ubuntu1.5_sparc.deb
Size/MD5: 210412 98e14a7b26a3d23a6416fa2b211ef1fe
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.3-1ubuntu1.5_sparc.deb
Size/MD5: 271428 3ef34fd17abbc5d261f998b4808f9cf3
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.3-1ubuntu1.5_sparc.deb
Size/MD5: 464560 9d13ba6ded259ff29456328901bb00a6
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.3-1ubuntu1.5_sparc.deb
Size/MD5: 43362 56ee90c0206249bd10c8b10f2948747f
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4-1ubuntu3.2.diff.gz
Size/MD5: 19124 a1e98bba276f935aebd6ab7d2f757cf7
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4-1ubuntu3.2.dsc
Size/MD5: 758 be3125f609008aeef14df7c3cd35a349
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4.orig.tar.gz
Size/MD5: 1280113 02cf5c3820bda83b35bb35b45ae27005
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.2_amd64.deb
Size/MD5: 49640 036260cccaf5422219611f29e541b9a8
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.2_amd64.deb
Size/MD5: 220568 b370e81168090a997cdeec22ba2772ca
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.2_amd64.deb
Size/MD5: 282000 b1e1df69d96431d857f01e6efdf74b47
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.2_amd64.deb
Size/MD5: 475234 01679bc8144b2cfc39f7e30817ebe895
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.2_amd64.deb
Size/MD5: 44464 443d29a19341a9a3d8e8406543a0f879
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.2_i386.deb
Size/MD5: 48972 1487f93c4ae0b7d89a2ec20fc1cf7751
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.2_i386.deb
Size/MD5: 205728 a1c62563ff4f15720fe41dad46aa47c1
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.2_i386.deb
Size/MD5: 258772 a01fc13c7120e0470deb17bb4416b9df
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.2_i386.deb
Size/MD5: 461560 66f17cac2fa69165f799e57c12ee53cb
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.2_i386.deb
Size/MD5: 44438 25fcb41c5c348031eae48bd5ff837c22
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.2_powerpc.deb
Size/MD5: 51312 3fb7912024ac85a7c16f68d7f4064f27
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.2_powerpc.deb
Size/MD5: 239548 e5f378e86f46be643fd358926e61fd1f
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.2_powerpc.deb
Size/MD5: 287558 8d93e194d4ba4e63bdbe8d5e0242cfe3
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.2_powerpc.deb
Size/MD5: 475648 7800d2741705bc25397094a5c8ee3148
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.2_powerpc.deb
Size/MD5: 46672 bb4698013afd1f6c86785e8cc28e4a6f
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.2_sparc.deb
Size/MD5: 49520 e13fa9d1515fe5bc78ffface31611484
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.2_sparc.deb
Size/MD5: 208396 d925feff7ff15ed4411708266cb53d2b
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.2_sparc.deb
Size/MD5: 269778 e08346a2f3bae86f419753f10350e617
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.2_sparc.deb
Size/MD5: 466472 d3398c5e98ac9991550f3f3d0148025b
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.2_sparc.deb
Size/MD5: 44386 47bf6769b8cb9a87372cd5f25fd88338
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists