Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Linux :: Ubuntu :: b06-2827.htm

Tiff vulnerabilities

tiff vulnerabilities
tiff vulnerabilities

Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Ubuntu Security Notice USN-289-1              June 08, 2006
tiff vulnerabilities
CVE-2006-2193, CVE-2006-2656
A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
  libtiff-tools                  3.6.1-5ubuntu0.5

Ubuntu 5.10:
  libtiff-tools                  3.7.3-1ubuntu1.4

Ubuntu 6.06 LTS:
  libtiff-tools                  3.7.4-1ubuntu3.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

A buffer overflow has been found in the tiff2pdf utility. By tricking
an user into processing a specially crafted TIF file with tiff2pdf,
this could potentially be exploited to execute arbitrary code with the
privileges of the user. (CVE-2006-2193)

A. Alejandro Hern=E1ndez discovered a buffer overflow in the tiffsplit
utility. By calling tiffsplit with specially crafted long arguments,
an user can execute arbitrary code.  If tiffsplit is used in e. g.  a
web-based frontend or similar automated system, this could lead to
remote arbitary code execution with the privileges of that system. (In
normal interactive command line usage this is not a vulnerability.)

Updated packages for Ubuntu 5.04:

  Source archives: 
      Size/MD5:    26319 e6f75f611b9c77ce07cb2cf513f654ad 
      Size/MD5:      681 57c2c112da454d86f49d8bf2e8e16d9b 
      Size/MD5:   848760 bd252167a20ac7910ab3bd2b3ee9e955

  amd64 architecture (Athlon64, Opteron, EM64T Xeon) 
      Size/MD5:   172880 e890e7578915c4613cd7a74b184445bd 
      Size/MD5:   459208 8817f18ad3ae963b4a74c716cf7bf0b8 
      Size/MD5:   112968 5646656fd78c0ff663866e74977bf78e

  i386 architecture (x86 compatible Intel/AMD) 
      Size/MD5:   155968 27e009d03b6a5d9a93eabde478dc9b1c 
      Size/MD5:   440508 f484f7e00cb7240a9c6f860ec5de9ade 
      Size/MD5:   103886 0388682d81cc301ef2b83a4f4438a05c

  powerpc architecture (Apple Macintosh G3/G4/G5) 
      Size/MD5:   188188 6316125bd4d1a540957aa0cc9c60fa8d 
      Size/MD5:   463674 8f080f57ffc4cb3a0f116ce7c353c381 
      Size/MD5:   114370 971a6be7879aaf5d92b55951b7cdd141

Updated packages for Ubuntu 5.10:

  Source archives: 
      Size/MD5:    11378 17db8270668b8b0eefceb0d27e14bd11 
      Size/MD5:      756 218a54ab0966c1b6204b27343b916093 
      Size/MD5:  1268182 48fbef3d76a6253699f28f49c8f25a8b

  amd64 architecture (Athlon64, Opteron, EM64T Xeon) 
      Size/MD5:    48184 eed2ddb6187b1717db2de95dbc590ec6 
      Size/MD5:   219688 79d9cf71f16a3a95c54b481bca648eab 
      Size/MD5:   281702 b5b1b261be7c047c3be3eeb2f8398b8a 
      Size/MD5:   472142 9cac886846d30589b05802fcc6e01f67 
      Size/MD5:    43014 1b71df913359a6b0bdd8d6ebb3e33d7a

  i386 architecture (x86 compatible Intel/AMD) 
      Size/MD5:    47562 0e08f054ec20d4e82d3d3f67cd384e69 
      Size/MD5:   204690 278bc83c4fcc7701a7a25719b96a0a8d 
      Size/MD5:   258346 46cff7452dbef76566b49220634f5d49 
      Size/MD5:   458214 e0920dc944d05da1b010137cf0e4ed2f 
      Size/MD5:    43012 749bfc0eeccb0b2b610751163b3cda3d

  powerpc architecture (Apple Macintosh G3/G4/G5) 
      Size/MD5:    49880 6697a3b6fd7a52042a85b527951c2b1a 
      Size/MD5:   239116 8dd87fa3c6922a4e3a3fb5bf8317af09 
      Size/MD5:   286920 4531728171c4d58b730d84cd2999ddba 
      Size/MD5:   472346 b9bbe1b684162fada01c1487876da1ba 
      Size/MD5:    45220 17c2240ce41c10b277c19e01772890c4

Updated packages for Ubuntu 6.06 LTS:

  Source archives: 
      Size/MD5:    12974 fc61d9c72ecb96537be551c94930d3af 
      Size/MD5:      758 5c352bc41e1f36e30a94796f3b7e5275 
      Size/MD5:  1280113 02cf5c3820bda83b35bb35b45ae27005

  amd64 architecture (Athlon64, Opteron, EM64T Xeon) 
      Size/MD5:    49204 f890a4aee050bd6c6f2269a2a10c4d2b 
      Size/MD5:   220242 67ffe0fd5e4177ae4311e104aa4289f6 
      Size/MD5:   281250 531b751daf7c8de4a36348cd5d31470e 
      Size/MD5:   474526 2178dafc48f6b0c1ba6a5f3e90b9cf18 
      Size/MD5:    44028 57b10b963a838167afe05560e5e9383c

  i386 architecture (x86 compatible Intel/AMD) 
      Size/MD5:    48540 5fd2f13e2a14134972184510f3a950dc 
      Size/MD5:   205404 5cfc943a4a57e4cb0153ed48473b9df4 
      Size/MD5:   258232 72693e8e7380f6695e87d018fdae226f 
      Size/MD5:   461020 ede882cb7fb44f1cdd9687a04848a84c 
      Size/MD5:    44004 58311b623d1ea6b310000d9d7fbe21e5

  powerpc architecture (Apple Macintosh G3/G4/G5) 
      Size/MD5:    50872 17e2bb09736146f292e96c19ab060318 
      Size/MD5:   239234 041cf71b96800bb76911a2d95368bfaa 
      Size/MD5:   286828 de92f288acdd45cc520e03d81c400258 
      Size/MD5:   474980 1227b281cff931e95fd712ad4ce7a308 
      Size/MD5:    46232 a2c442bed73a4008acd5d4bd3db9858a

Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

Version: GnuPG v1.4.2.2 (GNU/Linux)



TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH