=========================================================== Ubuntu Security Notice USN-289-1 June 08, 2006 tiff vulnerabilities CVE-2006-2193, CVE-2006-2656 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 Ubuntu 5.10 Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.04: libtiff-tools 3.6.1-5ubuntu0.5 Ubuntu 5.10: libtiff-tools 3.7.3-1ubuntu1.4 Ubuntu 6.06 LTS: libtiff-tools 3.7.4-1ubuntu3.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: A buffer overflow has been found in the tiff2pdf utility. By tricking an user into processing a specially crafted TIF file with tiff2pdf, this could potentially be exploited to execute arbitrary code with the privileges of the user. (CVE-2006-2193) A. Alejandro Hernández discovered a buffer overflow in the tiffsplit utility. By calling tiffsplit with specially crafted long arguments, an user can execute arbitrary code. If tiffsplit is used in e. g. a web-based frontend or similar automated system, this could lead to remote arbitary code execution with the privileges of that system. (In normal interactive command line usage this is not a vulnerability.) (CVE-2006-2656) Updated packages for Ubuntu 5.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1-5ubuntu0.5.diff.gz Size/MD5: 26319 e6f75f611b9c77ce07cb2cf513f654ad http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1-5ubuntu0.5.dsc Size/MD5: 681 57c2c112da454d86f49d8bf2e8e16d9b http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1.orig.tar.gz Size/MD5: 848760 bd252167a20ac7910ab3bd2b3ee9e955 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.6.1-5ubuntu0.5_amd64.deb Size/MD5: 172880 e890e7578915c4613cd7a74b184445bd http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1-5ubuntu0.5_amd64.deb Size/MD5: 459208 8817f18ad3ae963b4a74c716cf7bf0b8 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-5ubuntu0.5_amd64.deb Size/MD5: 112968 5646656fd78c0ff663866e74977bf78e i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.6.1-5ubuntu0.5_i386.deb Size/MD5: 155968 27e009d03b6a5d9a93eabde478dc9b1c http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1-5ubuntu0.5_i386.deb Size/MD5: 440508 f484f7e00cb7240a9c6f860ec5de9ade http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-5ubuntu0.5_i386.deb Size/MD5: 103886 0388682d81cc301ef2b83a4f4438a05c powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.6.1-5ubuntu0.5_powerpc.deb Size/MD5: 188188 6316125bd4d1a540957aa0cc9c60fa8d http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1-5ubuntu0.5_powerpc.deb Size/MD5: 463674 8f080f57ffc4cb3a0f116ce7c353c381 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-5ubuntu0.5_powerpc.deb Size/MD5: 114370 971a6be7879aaf5d92b55951b7cdd141 Updated packages for Ubuntu 5.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.3-1ubuntu1.4.diff.gz Size/MD5: 11378 17db8270668b8b0eefceb0d27e14bd11 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.3-1ubuntu1.4.dsc Size/MD5: 756 218a54ab0966c1b6204b27343b916093 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.3.orig.tar.gz Size/MD5: 1268182 48fbef3d76a6253699f28f49c8f25a8b amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.3-1ubuntu1.4_amd64.deb Size/MD5: 48184 eed2ddb6187b1717db2de95dbc590ec6 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.3-1ubuntu1.4_amd64.deb Size/MD5: 219688 79d9cf71f16a3a95c54b481bca648eab http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.3-1ubuntu1.4_amd64.deb Size/MD5: 281702 b5b1b261be7c047c3be3eeb2f8398b8a http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.3-1ubuntu1.4_amd64.deb Size/MD5: 472142 9cac886846d30589b05802fcc6e01f67 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.3-1ubuntu1.4_amd64.deb Size/MD5: 43014 1b71df913359a6b0bdd8d6ebb3e33d7a i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.3-1ubuntu1.4_i386.deb Size/MD5: 47562 0e08f054ec20d4e82d3d3f67cd384e69 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.3-1ubuntu1.4_i386.deb Size/MD5: 204690 278bc83c4fcc7701a7a25719b96a0a8d http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.3-1ubuntu1.4_i386.deb Size/MD5: 258346 46cff7452dbef76566b49220634f5d49 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.3-1ubuntu1.4_i386.deb Size/MD5: 458214 e0920dc944d05da1b010137cf0e4ed2f http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.3-1ubuntu1.4_i386.deb Size/MD5: 43012 749bfc0eeccb0b2b610751163b3cda3d powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.3-1ubuntu1.4_powerpc.deb Size/MD5: 49880 6697a3b6fd7a52042a85b527951c2b1a http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.3-1ubuntu1.4_powerpc.deb Size/MD5: 239116 8dd87fa3c6922a4e3a3fb5bf8317af09 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.3-1ubuntu1.4_powerpc.deb Size/MD5: 286920 4531728171c4d58b730d84cd2999ddba http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.3-1ubuntu1.4_powerpc.deb Size/MD5: 472346 b9bbe1b684162fada01c1487876da1ba http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.3-1ubuntu1.4_powerpc.deb Size/MD5: 45220 17c2240ce41c10b277c19e01772890c4 Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4-1ubuntu3.1.diff.gz Size/MD5: 12974 fc61d9c72ecb96537be551c94930d3af http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4-1ubuntu3.1.dsc Size/MD5: 758 5c352bc41e1f36e30a94796f3b7e5275 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4.orig.tar.gz Size/MD5: 1280113 02cf5c3820bda83b35bb35b45ae27005 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.1_amd64.deb Size/MD5: 49204 f890a4aee050bd6c6f2269a2a10c4d2b http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.1_amd64.deb Size/MD5: 220242 67ffe0fd5e4177ae4311e104aa4289f6 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.1_amd64.deb Size/MD5: 281250 531b751daf7c8de4a36348cd5d31470e http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.1_amd64.deb Size/MD5: 474526 2178dafc48f6b0c1ba6a5f3e90b9cf18 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.1_amd64.deb Size/MD5: 44028 57b10b963a838167afe05560e5e9383c i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.1_i386.deb Size/MD5: 48540 5fd2f13e2a14134972184510f3a950dc http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.1_i386.deb Size/MD5: 205404 5cfc943a4a57e4cb0153ed48473b9df4 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.1_i386.deb Size/MD5: 258232 72693e8e7380f6695e87d018fdae226f http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.1_i386.deb Size/MD5: 461020 ede882cb7fb44f1cdd9687a04848a84c http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.1_i386.deb Size/MD5: 44004 58311b623d1ea6b310000d9d7fbe21e5 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.1_powerpc.deb Size/MD5: 50872 17e2bb09736146f292e96c19ab060318 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.1_powerpc.deb Size/MD5: 239234 041cf71b96800bb76911a2d95368bfaa http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.1_powerpc.deb Size/MD5: 286828 de92f288acdd45cc520e03d81c400258 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.1_powerpc.deb Size/MD5: 474980 1227b281cff931e95fd712ad4ce7a308 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.1_powerpc.deb Size/MD5: 46232 a2c442bed73a4008acd5d4bd3db9858a
Attachment:
signature.asc
Description: Digital signature