LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Ubuntu alert USN-1416-1 (tiff)



From:
    	      Marc Deslauriers <marc.deslauriers@canonical.com> 


To:
    	      ubuntu-security-announce@lists.ubuntu.com 


Subject:
    	      [USN-1416-1] tiff vulnerabilities 


Date:
    	      Wed, 04 Apr 2012 17:21:47 -0400


Message-ID:
    	      <1333574507.22169.47.camel@mdlinux>


Archive-link:
    	      Article, Thread
              


==========================================================================
Ubuntu Security Notice USN-1416-1
April 04, 2012

tiff vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS

Summary:

The TIFF library could be made to crash or run programs as your login if it
opened a specially crafted file.

Software Description:
- tiff: Tag Image File Format (TIFF) library

Details:

Alexander Gavrun discovered that the TIFF library incorrectly allocated
space for a tile. If a user or automated system were tricked into opening a
specially crafted TIFF image, a remote attacker could execute arbitrary
code with user privileges, or crash the application, leading to a denial of
service. (CVE-2012-1173)

It was discovered that the tiffdump utility incorrectly handled directory
data structures with many directory entries. If a user or automated system
were tricked into opening a specially crafted TIFF image, a remote attacker
could crash the application, leading to a denial of service, or possibly
execute arbitrary code with user privileges. This issue only applied to
Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04.
(CVE-2010-4665)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.10:
  libtiff4                        3.9.5-1ubuntu1.1

Ubuntu 11.04:
  libtiff4                        3.9.4-5ubuntu6.1

Ubuntu 10.10:
  libtiff4                        3.9.4-2ubuntu0.5

Ubuntu 10.04 LTS:
  libtiff4                        3.9.2-2ubuntu0.8

Ubuntu 8.04 LTS:
  libtiff4                        3.8.2-7ubuntu3.10

In general, a standard system update will make all the necessary changes.

References:
  http://www.ubuntu.com/usn/usn-1416-1
  CVE-2010-4665, CVE-2012-1173

Package Information:
  https://launchpad.net/ubuntu/+source/tiff/3.9.5-1ubuntu1.1
  https://launchpad.net/ubuntu/+source/tiff/3.9.4-5ubuntu6.1
  https://launchpad.net/ubuntu/+source/tiff/3.9.4-2ubuntu0.5
  https://launchpad.net/ubuntu/+source/tiff/3.9.2-2ubuntu0.8
  https://launchpad.net/ubuntu/+source/tiff/3.8.2-7ubuntu3.10


-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security...
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds