=========================================================== Ubuntu Security Notice USN-639-1 September 02, 2008 tiff vulnerability CVE-2008-2327 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libtiff4 3.7.4-1ubuntu3.3 Ubuntu 7.04: libtiff4 3.8.2-6ubuntu1 Ubuntu 7.10: libtiff4 3.8.2-7ubuntu2.1 Ubuntu 8.04 LTS: libtiff4 3.8.2-7ubuntu3.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Drew Yao discovered that the TIFF library did not correctly validate LZW compressed TIFF images. If a user or automated system were tricked into processing a malicious image, a remote attacker could execute arbitrary code or cause an application linked against libtiff to crash, leading to a denial of service. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4-1ubuntu3.3.diff.gz Size/MD5: 19356 56610d9fbd62d610f7004b3d30099c8e http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4-1ubuntu3.3.dsc Size/MD5: 802 426326dc802835cf100d63d6842b9939 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.4.orig.tar.gz Size/MD5: 1280113 02cf5c3820bda83b35bb35b45ae27005 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.3_amd64.deb Size/MD5: 220614 ff6387e7888bdf3b1d3515d0eede40c1 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.3_amd64.deb Size/MD5: 282146 75b17acb52792737598afba03b1cb835 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.3_amd64.deb Size/MD5: 475444 624f548a9b16339c5214b87a8587e0af http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.3_amd64.deb Size/MD5: 44520 1522729abef4145d8ae4fb125892e03b http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.3_amd64.deb Size/MD5: 49702 32735e413d785c456f8e340dbb3e974f i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.3_i386.deb Size/MD5: 205772 330fd846b4c42cfea4a86db7cd578032 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.3_i386.deb Size/MD5: 258868 4248ca40bb9516d3f15af5ea0b7d82e3 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.3_i386.deb Size/MD5: 461668 8e64e0f252f0cf1805a95503763a7ee7 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.3_i386.deb Size/MD5: 44496 38356372e09eacc21c85147a64730863 http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.3_i386.deb Size/MD5: 49028 0f209680ec3fe2d63b8f2ee1eb82d671 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.3_powerpc.deb Size/MD5: 239612 85752da1b75412f455964b6e330d9b9c http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.3_powerpc.deb Size/MD5: 287816 7dbabece275f8672edb8a23d55a7a473 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.3_powerpc.deb Size/MD5: 475776 4aa903c0a0ff484a56c5fe1704a4e727 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.3_powerpc.deb Size/MD5: 46734 bb81db39da467e2625c0d042d3a8cd28 http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.3_powerpc.deb Size/MD5: 51374 a98d703c16b08432c5faba227b49a11c sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.4-1ubuntu3.3_sparc.deb Size/MD5: 208422 3403ad880d5a4928093e37077325b249 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.4-1ubuntu3.3_sparc.deb Size/MD5: 269832 9e31723f565218781859094e02157832 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.4-1ubuntu3.3_sparc.deb Size/MD5: 466524 60370fd4a11ed2ab9405d1d34ec89613 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.4-1ubuntu3.3_sparc.deb Size/MD5: 44444 d55f667802302d260a0e9fa818a84062 http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.4-1ubuntu3.3_sparc.deb Size/MD5: 49580 8e9cf307f440d06e4fac7f8a0e72b575 Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-6ubuntu1.diff.gz Size/MD5: 17421 c27407897402d8784aaa78872df66084 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-6ubuntu1.dsc Size/MD5: 894 7f473766d9506c9cf8c9dc9fc301899a http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2.orig.tar.gz Size/MD5: 1333780 e6ec4ab957ef49d5aabc38b7a376910b amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-6ubuntu1_amd64.deb Size/MD5: 185580 b0e5244445e5b5842e15ede52b62a464 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-6ubuntu1_amd64.deb Size/MD5: 248558 f870334e57d6cf450c113b434ec7dc1f http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-6ubuntu1_amd64.deb Size/MD5: 491096 f082f77dec69c785f86c7da6a34e30bf http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-6ubuntu1_amd64.deb Size/MD5: 4948 2af2beb4111fec29a89f4fc5b345dd4d http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-6ubuntu1_amd64.deb Size/MD5: 10380 2ae539b37bfc0a4fdf0b4d1f79d71c01 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-6ubuntu1_i386.deb Size/MD5: 174706 06ddc26a9eb1f25e51a537f4d13d0cd7 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-6ubuntu1_i386.deb Size/MD5: 230880 1e263f73724556b229ce53da89f1bb6c http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-6ubuntu1_i386.deb Size/MD5: 483176 c204eee64ba32343630090710e886ce5 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-6ubuntu1_i386.deb Size/MD5: 4948 0583b395261bfc9e8971845183aa1370 http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-6ubuntu1_i386.deb Size/MD5: 9870 afb43b9979860ab71d5b18f667a94234 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-6ubuntu1_powerpc.deb Size/MD5: 221280 67928c23965f4aad6dc9bd0904a5de3c http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-6ubuntu1_powerpc.deb Size/MD5: 255168 1ee1410c16e8878c1363714c7def2039 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-6ubuntu1_powerpc.deb Size/MD5: 496328 0efa9338a0a0a74593785ad710bff29c http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-6ubuntu1_powerpc.deb Size/MD5: 7444 5b6cf616b9371fb54ba7cd4d74671539 http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-6ubuntu1_powerpc.deb Size/MD5: 13110 c3192321c2d2a212b4acb12a95958338 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-6ubuntu1_sparc.deb Size/MD5: 178680 5b6c97cd81cd4a6df4d4228ee48bb81e http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-6ubuntu1_sparc.deb Size/MD5: 236610 7e3286d3b39739a92c131d841fc6fa53 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-6ubuntu1_sparc.deb Size/MD5: 482248 8cf86b28cc0b967efaa635f28408e70e http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-6ubuntu1_sparc.deb Size/MD5: 4690 0d8ef4cc1149bc175e1b4cef56a533ac http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-6ubuntu1_sparc.deb Size/MD5: 10630 4fab06812752f458f00bbe408c4a5e51 Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-7ubuntu2.1.diff.gz Size/MD5: 17693 d8bfc71ab431317d9d7776e8904d41cb http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-7ubuntu2.1.dsc Size/MD5: 898 0e2bd83921a76666aaad9f0db1d2143f http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2.orig.tar.gz Size/MD5: 1333780 e6ec4ab957ef49d5aabc38b7a376910b amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu2.1_amd64.deb Size/MD5: 186046 5eca7cf38e7a627ac9ff35e05341c6a3 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu2.1_amd64.deb Size/MD5: 572732 6d8a9c1762acb37ac98637f5838677bd http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu2.1_amd64.deb Size/MD5: 167514 7c316c12186064ce36fa302eeb1a9d35 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu2.1_amd64.deb Size/MD5: 5030 36e2e41d1c74cba5f6226adcdb9635d4 http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu2.1_amd64.deb Size/MD5: 10482 398ee14c1a54bf682843ab5b4d5a1ef2 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu2.1_i386.deb Size/MD5: 175032 35f9d040cf7bb70a3e0cdcaed891e8ea http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu2.1_i386.deb Size/MD5: 555062 b95d128052ee5deddde5512404116d93 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu2.1_i386.deb Size/MD5: 159682 6fecbcf423292c8afb087b717bc39733 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu2.1_i386.deb Size/MD5: 5036 58dea786bf7ab7b9f124864076f98bc7 http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu2.1_i386.deb Size/MD5: 9950 4530d1926d2776a808b92451d241b40a lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu2.1_lpia.deb Size/MD5: 176688 c34dd42b7fb2c866a337cf0a831500dd http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu2.1_lpia.deb Size/MD5: 554916 5c89af650f71fa329f9b27c964e159b5 http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu2.1_lpia.deb Size/MD5: 159016 0e4f184a9264ecd2669df232f031f5bc http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu2.1_lpia.deb Size/MD5: 4886 c365fc0610f673b5b514190f52c9b2cd http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu2.1_lpia.deb Size/MD5: 9950 eedb7a284fd8ccfde7373719c5aa8e09 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu2.1_powerpc.deb Size/MD5: 221632 d54b58c8832e981a496517aee739e96d http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu2.1_powerpc.deb Size/MD5: 579494 ab32f5a3bdb94d98cfd5cec17fdbdb8b http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu2.1_powerpc.deb Size/MD5: 172920 6221864857865170ebc103e8e9ca2f1d http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu2.1_powerpc.deb Size/MD5: 7524 cce4cd11ab76e2a20fb23231128013d3 http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu2.1_powerpc.deb Size/MD5: 13184 4417c793e3b787fb4925052e5628a487 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu2.1_sparc.deb Size/MD5: 179138 e056aaaf8281aeeec8e93bb4c646b11e http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu2.1_sparc.deb Size/MD5: 560334 28115f9f96039c2ea6a861be5418d2e4 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu2.1_sparc.deb Size/MD5: 159258 951e1ad2ff233ccf9a2357d6fd7c9d5a http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu2.1_sparc.deb Size/MD5: 4794 4da0d6d8b2c59f8d834f26893d056a77 http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu2.1_sparc.deb Size/MD5: 10734 2430febfadfa3afef94890422229333a Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-7ubuntu3.1.diff.gz Size/MD5: 17739 3df53cb9be4eac8018114eca54eeddd0 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2-7ubuntu3.1.dsc Size/MD5: 898 63c01af90b1a28f341cda765cb388af5 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.8.2.orig.tar.gz Size/MD5: 1333780 e6ec4ab957ef49d5aabc38b7a376910b amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.1_amd64.deb Size/MD5: 186212 cb1aa7ea448c64d8a071db1e7103abde http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.1_amd64.deb Size/MD5: 570784 d42a106beb13b5fada52bb49b23348e0 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.1_amd64.deb Size/MD5: 130572 d92ef8e00a2c11a92ef2258c9ee34509 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.1_amd64.deb Size/MD5: 5076 505cb2e12de00a198f6043cfa5826f99 http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.1_amd64.deb Size/MD5: 10500 3f4885e033e8b49ac0ace8a25033bd70 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.1_i386.deb Size/MD5: 175046 e1968da8535ff6051d1fd16fa515e77f http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.1_i386.deb Size/MD5: 552288 b22a3ffa9d2bd620aa7dcb5897ecb65d http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.1_i386.deb Size/MD5: 122264 c7e7c7b3d1f51471a67495a82c8c318c http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.1_i386.deb Size/MD5: 5038 c15e0e405b52dac9ae0ba43bf0bf2929 http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.1_i386.deb Size/MD5: 9936 d295285a90e2f40f4c6be563f4feecf8 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.1_lpia.deb Size/MD5: 177130 feec0c26db46f966db003e73e04e42ca http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.1_lpia.deb Size/MD5: 554830 6833fbea686cd3780bd8e814aea90693 http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.1_lpia.deb Size/MD5: 123436 ba48f119c3690bafac6dc0914b080076 http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.1_lpia.deb Size/MD5: 4920 74d243746774e0ad29fc9a5c888f88fa http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.1_lpia.deb Size/MD5: 9976 79dd38d3c74419e2f3af36599c3c0ed0 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.1_powerpc.deb Size/MD5: 223256 dc107cbd87d9106985537d6c275a0544 http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.1_powerpc.deb Size/MD5: 576802 7b70d820ee684cdccda2abb2f0803578 http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.1_powerpc.deb Size/MD5: 133868 bdfb766eeab2dfc1ee4e30c64464a581 http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.1_powerpc.deb Size/MD5: 7508 47e95d771f3e56e8d0edb098a227699d http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.1_powerpc.deb Size/MD5: 13288 df5e73b79db7688fbb097123a8893886 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/t/tiff/libtiff-tools_3.8.2-7ubuntu3.1_sparc.deb Size/MD5: 178648 76db5473a395f84e57f74882d4276032 http://ports.ubuntu.com/pool/main/t/tiff/libtiff4-dev_3.8.2-7ubuntu3.1_sparc.deb Size/MD5: 558200 2fa5edc2be0a83f0d8b5a872ad2852cc http://ports.ubuntu.com/pool/main/t/tiff/libtiff4_3.8.2-7ubuntu3.1_sparc.deb Size/MD5: 122054 d54617bcf0f9ee0eb0593dc57f6cacaa http://ports.ubuntu.com/pool/main/t/tiff/libtiffxx0c2_3.8.2-7ubuntu3.1_sparc.deb Size/MD5: 4802 bdc15c3e7f4658e9747e6092e7c118a5 http://ports.ubuntu.com/pool/universe/t/tiff/libtiff-opengl_3.8.2-7ubuntu3.1_sparc.deb Size/MD5: 10696 0cbe55aa53a298214936bcd103370ad6
Attachment:
signature.asc
Description: Digital signature