=========================================================== Ubuntu Security Notice USN-130-1 May 19, 2005 tiff vulnerability CAN-2005-1544 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) The following packages are affected: libtiff4 The problem can be corrected by upgrading the affected package to version 3.6.1-1.1ubuntu1.3 (for Ubuntu 4.10), or 3.6.1-5ubuntu0.1 (for Ubuntu 5.04). After a standard system upgrade you need to restart your CUPS server with sudo /etc/init.d/cupsys restart to effect the necessary changes. Details follow: Tavis Ormandy discovered a buffer overflow in the TIFF library. A malicious image with an invalid "bits per sample" number could be constructed which, when decoded, would have resulted in execution of arbitrary code with the privileges of the process using the library. Since this library is used in many applications like "ghostscript" and the "CUPS" printing system, this vulnerability may lead to remotely induced privilege escalation. Updated packages for Ubuntu 4.10 (Warty Warthog): Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1-1.1ubuntu1.3.diff.gz Size/MD5: 23204 9ac3ca3fba6f2dfee338a6ead67dd861 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1-1.1ubuntu1.3.dsc Size/MD5: 646 dd500c399e6e27e8fccc0a2217b81e24 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1.orig.tar.gz Size/MD5: 848760 bd252167a20ac7910ab3bd2b3ee9e955 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-tools_3.6.1-1.1ubuntu1.3_amd64.deb Size/MD5: 172882 44812e9c564e534afaf120298a05649d http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1-1.1ubuntu1.3_amd64.deb Size/MD5: 458464 45c8e715cfd6d0d10a8f7755d444e8b2 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-1.1ubuntu1.3_amd64.deb Size/MD5: 111528 c3e7f1e32d02fb2f43dcd7eba004f410 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-tools_3.6.1-1.1ubuntu1.3_i386.deb Size/MD5: 157242 89a8e234340550fbb7b51b0665f57b07 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1-1.1ubuntu1.3_i386.deb Size/MD5: 439630 bc310ca8d58fd2edff9becf96618016a http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-1.1ubuntu1.3_i386.deb Size/MD5: 102426 b57bcb6731278bd7b9efac661b1d5b29 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-tools_3.6.1-1.1ubuntu1.3_powerpc.deb Size/MD5: 187860 a90692f339814812b81b45bd42b020ad http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1-1.1ubuntu1.3_powerpc.deb Size/MD5: 462482 263381d0e365ef440423e5a39fce2fd9 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-1.1ubuntu1.3_powerpc.deb Size/MD5: 112628 7e2d3f122c362d9afce7fdb1058e1628 Updated packages for Ubuntu 5.04 (Hoary Hedgehog): Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1-5ubuntu0.1.diff.gz Size/MD5: 23765 32eb02942dff40b39c1d15250c3c0859 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1-5ubuntu0.1.dsc Size/MD5: 681 2450a075bf97cc3f9e6824361985c8d4 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1.orig.tar.gz Size/MD5: 848760 bd252167a20ac7910ab3bd2b3ee9e955 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.6.1-5ubuntu0.1_amd64.deb Size/MD5: 172924 7231c0247df7c384675a9c6635daa4c3 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1-5ubuntu0.1_amd64.deb Size/MD5: 458530 0dc168ca75707a0ad7cae668ee8f8c94 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-5ubuntu0.1_amd64.deb Size/MD5: 111658 3f9045465c9ec449afa7ed5f407ef182 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.6.1-5ubuntu0.1_i386.deb Size/MD5: 155938 1a2182f4b9d338b6384a285aa4274193 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1-5ubuntu0.1_i386.deb Size/MD5: 439730 df6990250a7715682cadfdef6a6e8bb3 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-5ubuntu0.1_i386.deb Size/MD5: 102640 15d2802c1720a6597838adb38fd69b8f powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.6.1-5ubuntu0.1_powerpc.deb Size/MD5: 188166 0cdfe537f7838f94dad74e96e9d741b4 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1-5ubuntu0.1_powerpc.deb Size/MD5: 462522 673438e0b48b119901dfc70189a1af94 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-5ubuntu0.1_powerpc.deb Size/MD5: 112828 656a62054187e8a3c803fecc54f6fe09
Attachment:
signature.asc
Description: Digital signature