Ubuntu 1085-1: tiff vulnerabilities

==========================================================Ubuntu Security Notice USN-1085-1            March 07, 2011
tiff vulnerabilities
CVE-2010-2482, CVE-2010-2483, CVE-2010-2595, CVE-2010-2597,
CVE-2010-2598, CVE-2010-2630, CVE-2010-3087, CVE-2011-0191,
CVE-2011-0192
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 9.10
Ubuntu 10.04 LTS
Ubuntu 10.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libtiff4                        3.7.4-1ubuntu3.9

Ubuntu 8.04 LTS:
  libtiff4                        3.8.2-7ubuntu3.7

Ubuntu 9.10:
  libtiff4                        3.8.2-13ubuntu0.4

Ubuntu 10.04 LTS:
  libtiff4                        3.9.2-2ubuntu0.4

Ubuntu 10.10:
  libtiff4                        3.9.4-2ubuntu0.1

After a standard system update you need to restart your session to make
all the necessary changes.

Details follow:

Sauli Pahlman discovered that the TIFF library incorrectly handled invalid
td_stripbytecount fields. If a user or automated system were tricked into
opening a specially crafted TIFF image, a remote attacker could crash the
application, leading to a denial of service. This issue only affected
Ubuntu 10.04 LTS and 10.10. (CVE-2010-2482)

Sauli Pahlman discovered that the TIFF library incorrectly handled TIFF
files with an invalid combination of SamplesPerPixel and Photometric
values. If a user or automated system were tricked into opening a specially
crafted TIFF image, a remote attacker could crash the application, leading
to a denial of service. This issue only affected Ubuntu 10.10.
(CVE-2010-2482)

Nicolae Ghimbovschi discovered that the TIFF library incorrectly handled
invalid ReferenceBlackWhite values. If a user or automated system were
tricked into opening a specially crafted TIFF image, a remote attacker
could crash the application, leading to a denial of service.
(CVE-2010-2595)

Sauli Pahlman discovered that the TIFF library incorrectly handled certain
default fields. If a user or automated system were tricked into opening a
specially crafted TIFF image, a remote attacker could crash the
application, leading to a denial of service. (CVE-2010-2597, CVE-2010-2598)

It was discovered that the TIFF library incorrectly validated certain
data types. If a user or automated system were tricked into opening a
specially crafted TIFF image, a remote attacker could crash the
application, leading to a denial of service. (CVE-2010-2630)

It was discovered that the TIFF library incorrectly handled downsampled
JPEG data. If a user or automated system were tricked into opening a
specially crafted TIFF image, a remote attacker could execute arbitrary
code with user privileges, or crash the application, leading to a denial of
service. This issue only affected Ubuntu 10.04 LTS and 10.10.
(CVE-2010-3087)

It was discovered that the TIFF library incorrectly handled certain JPEG
data. If a user or automated system were tricked into opening a specially
crafted TIFF image, a remote attacker could execute arbitrary code with
user privileges, or crash the application, leading to a denial of service.
This issue only affected Ubuntu 6.06 LTS, 8.04 LTS and 9.10.
(CVE-2011-0191)

It was discovered that the TIFF library incorrectly handled certain TIFF
FAX images. If a user or automated system were tricked into opening a
specially crafted TIFF FAX image, a remote attacker could execute arbitrary
code with user privileges, or crash the application, leading to a denial of
service. (CVE-2011-0191)


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

          Size/MD5:    24369 3cf3842eea7eb46f37c7ad2b6f700184
          Size/MD5:     1405 cecd72b7ff2bcb007ca1113dd983f0a2
          Size/MD5:  1280113 02cf5c3820bda83b35bb35b45ae27005

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   220684 01f02b2c8af7bee67db144cffdacb0d2
          Size/MD5:   283142 e68e570fc1a4c723297e25797f5fe371
          Size/MD5:   488588 953b77a33fd0846bab68fa5936da4299
          Size/MD5:    45124 0e04c24276e3641af5f21b823ac73f1d
          Size/MD5:    50282 24df2ee651395d196f4f76b998113447

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   206298 6af0bfb0b9958823b213410479ffd1a8
          Size/MD5:   259966 1492f62bf2e0caae0879a7ab1380a3d5
          Size/MD5:   462700 960480269acf7f725fcf6ce1b2afc66d
          Size/MD5:    45038 c0d2826bde4d4e226b8f026697cb86e6
          Size/MD5:    49578 397c32b6c7f35ebd13bfc3179eaf98b3

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   240264 3272eeb53d8e0dad0c0f201947734231
          Size/MD5:   289158 c2ba25d8d82ea7aee1309bde0b2ca7e5
          Size/MD5:   477044 51ff05c2d00958643f752c83308390e2
          Size/MD5:    47268 40a947ffc9212ac2b98ed173e4f58518
          Size/MD5:    51912 85b6276a4656bd4863c92a951369d411

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   209224 97498f435552f301b00768c9c678fd83
          Size/MD5:   271112 97ae77988f0b7da452cdb50f4b97e604
          Size/MD5:   467748 3f4070793ceb027828567ca3b556ef68
          Size/MD5:    44976 9c9ef98c3e65e46a6f737851e8b7a02f
          Size/MD5:    50114 95b26b7db5b73095f45e467e06115d04

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

          Size/MD5:    22862 cfa51946eb7af68c524774b91f3e63e9
          Size/MD5:     1496 ce0425a4ed096e73f598543c20c8892a
          Size/MD5:  1333780 e6ec4ab957ef49d5aabc38b7a376910b

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   186064 654a88602d406d1019a4529bc02c6b55
          Size/MD5:   583514 27ba24f70ba76beddda3666a6a0ba8a2
          Size/MD5:   131900 8034e40a24c7f51bb4f1ddff0c5de9d6
          Size/MD5:     5066 dfb865d2920418ce5fc790149100047d
          Size/MD5:    10492 31f973bc497f3b94031d824a4921df50

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   175302 452d6baaa540b58a9037843dabeede66
          Size/MD5:   552804 be16a0c44afaa44a2676d08b85a04d88
          Size/MD5:   123332 efc23b81286d50b31270ddfcc2d1ea0c
          Size/MD5:     5040 5c69db1d902fbb1e2b14563829220108
          Size/MD5:     9940 4254de91aa69a10cc6a02f2ca14c2ae2

  lpia architecture (Low Power Intel Architecture):

          Size/MD5:   177030 65f6d2d13782cd0670fbb866bad2f6e0
          Size/MD5:   555272 301d754f452129b6f2217c0026266ca6
          Size/MD5:   124468 e475402ebad13f563c544d207a776694
          Size/MD5:     4906 94f536761e90c08a0ce600435ddd0894
          Size/MD5:     9968 4178e1898bcb29f57804918d536053e4

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   223490 528857d2e93b1105dc9644ff6f401d68
          Size/MD5:   577464 27b9a5598244a73c1dcffe80758cfe43
          Size/MD5:   135064 34c3168b347acdeda443acf61bf55ff7
          Size/MD5:     7510 41a228448dedc5c175106ffe1d22055a
          Size/MD5:    13290 2382d98c3cbd59ccce2cbf6314d39cf6

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   178852 6c6484bcc770d2b85a0c85d7ec98f07d
          Size/MD5:   558802 7cb9e881db52a22ae75e270bc0aed7f2
          Size/MD5:   123136 83da73d5f147be9cc6729ba1f1b213bf
          Size/MD5:     4812 98a400c1f6abcc1bc85042b6b8f274ff
          Size/MD5:    10700 3a08b17c545104ed3ba36b8cfef54cb2

Updated packages for Ubuntu 9.10:

  Source archives:

          Size/MD5:    42777 cc2e665d2bd883b94440b317611f54ec
          Size/MD5:     1940 8a581866d181276aff6a4008b8f3cedd
          Size/MD5:  1333780 e6ec4ab957ef49d5aabc38b7a376910b

  Architecture independent packages:

          Size/MD5:   335004 e0f2144b1e0857ece01636d42fc72a59

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   193154 c0a5d277306c0e713c615c47793288f4
          Size/MD5:   251632 834efbbf77dd7f9ca7b0dba2866409b7
          Size/MD5:   135730 1da76e3f968021a12d4813a5f7fcec8a
          Size/MD5:     6332 93a83eed56d77642919b79d01103294a
          Size/MD5:    12002 350c9c58aa08edabdc5756b171e4a0a9

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   175842 1ff99c2790e850fb6d3d5dd7f55fc4d4
          Size/MD5:   232030 f321ad9e87f39bec6c9c93434e93e3a0
          Size/MD5:   124786 a5076bbab80ace3e9bd6fd3cef33a735
          Size/MD5:     6444 c599bbc8c097b9968fe048a731e11f7a
          Size/MD5:    11290 92442dd23a17beda7ebc3ab5996757ac

  armel architecture (ARM Architecture):

          Size/MD5:   181884 be5ecd741866138f1a6f71e97e2370d2
          Size/MD5:   233692 d3e7cbee6b4bf1be99140ef0e3ac449c
          Size/MD5:   124936 2598949cdf08a4265ff4cbd5f3e16fc2
          Size/MD5:     5966 2890a4766182e628f6f5f6f8452cd255
          Size/MD5:    11146 c07682cc0f3cb97d38d71d0e3e6321a8

  lpia architecture (Low Power Intel Architecture):

          Size/MD5:   177054 97f017b77c4a3aca84406a2bf284858f
          Size/MD5:   234468 62657e96d5eac8091ee7aebc8146dc6e
          Size/MD5:   126474 ba4ff09bdb3c1e3798ebc640b346c22d
          Size/MD5:     6322 3f9dca921b4c461877c49571d94a25dc
          Size/MD5:    11348 c395e036dd46c68730e226cf4e922c2e

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   191474 9cb42fa251bae2ea3abb4297646855ef
          Size/MD5:   256548 50c0302fef0c39679e7000ed627ec7be
          Size/MD5:   137288 4828d6ce0549769520a9392ad95b6169
          Size/MD5:     6726 8192aba8d2fd89b36a56f828a99a2848
          Size/MD5:    12092 725b85a51b83f36367928266ba3f9701

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   184286 5fb07a236e897ceb09bde9cdb6bc017a
          Size/MD5:   237066 2521673ac7a169c5d8499b955ef26701
          Size/MD5:   124900 0f4f2c9729e57142eae3f6bbee679174
          Size/MD5:     6100 5fb799a1bb313edeb908a8499ab58c5a
          Size/MD5:    12034 23b02216af7b46b3157c0384c6169eed

Updated packages for Ubuntu 10.04 LTS:

  Source archives:

          Size/MD5:    20063 ad8a0d1f9dfdd079921a554a091f4977
          Size/MD5:     1936 47c1d116c4f792f5423dc8f1d3eb54db
          Size/MD5:  1419742 93e56e421679c591de7552db13384cb8

  Architecture independent packages:

          Size/MD5:   359040 8d92868779cb0d9b403c36a77b09faa7

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   250494 b210c36332918269f8ecc81a7e38d6c0
          Size/MD5:   269864 64237e10969e54c1e3bf13bbd303d1f9
          Size/MD5:   149100 6eaa8573997e5d99fe1d2e798843e87a
          Size/MD5:     6386 805a6a6acab23c48dc4dd464d9e12970
          Size/MD5:    12030 7ff21b422b867bac0841ce3ab01646d0

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   234118 ed8dbd315a5d92d8affbe8f096be7685
          Size/MD5:   246928 72b5b5aeda6ba0839ea0644229c673d1
          Size/MD5:   136666 356b75f85a1743297341d4774022f5aa
          Size/MD5:     6484 e223a695ab0de3dcdd2a711813b18a82
          Size/MD5:    11280 fdece45fe24ca7a04a7368d0d0c19226

  armel architecture (ARM Architecture):

          Size/MD5:   236454 2116a8815d5f9a5a7c79d6c53a077357
          Size/MD5:   238276 ff099bc2d2c56de5e250aea6be89d923
          Size/MD5:   129550 0a7f79121e5615984714543f9f737fcd
          Size/MD5:     5986 4133e90cc7bb973447ae1d6dbed36d4d
          Size/MD5:    11312 e0d8c7901674b890fb128c765ad86ae4

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   253530 18dee02d646fafce272e47648e952afc
          Size/MD5:   275220 093c4c71be38783061400df2f1e40f1c
          Size/MD5:   150666 46fc4e40434d9898524c5ae6f9efc342
          Size/MD5:     6768 3ea6afe6c2898d86b5b2d7eb11a3521b
          Size/MD5:    12094 176dceb356c288c6a103f0f640b66137

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   248768 dc8a0807a0a83e10360fc5c6f1ab6919
          Size/MD5:   257238 1e268d3f76f1324f11d40813d53011d7
          Size/MD5:   143340 04fb698ca00d8d3be0277c7298d35cab
          Size/MD5:     6224 a164a4e670850716b56cf6471576d092
          Size/MD5:    11922 d2e4c7b9d20a7eeeef1c54a0d936cda2

Updated packages for Ubuntu 10.10:

  Source archives:

          Size/MD5:    17639 28c2b693c038106798331aa44bc4b89f
          Size/MD5:     1953 6d3a942101adb85434c0bbb53deb71c8
          Size/MD5:  1436968 2006c1bdd12644dbf02956955175afd6

  Architecture independent packages:

          Size/MD5:   359138 daa7c6e058b948f2fb6b641a6def03d4

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   248248 7d46fdf2d06df4ec6206035df43d6ca1
          Size/MD5:   270720 a7b1b034c573fb2580023abdc6aabeef
          Size/MD5:   149348 f8779a89c9027a1d738801f638b2ca6e
          Size/MD5:     6310 690dc48ebe2368ab406718099ea37726
          Size/MD5:    11820 0f275a6580ca8d56b8c26c13c24922cf

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   232342 e98df3b143c026ef332a735fcd54a4e2
          Size/MD5:   247360 3f7ae48cee4385cead8df65e35d77e1f
          Size/MD5:   136542 f99e88934f4080a12554edba39e3823c
          Size/MD5:     6428 6cd321d561ffc13aad942824238538b4
          Size/MD5:    11142 7da01102372d33a4d7dd6027a6f807e4

  armel architecture (ARM Architecture):

          Size/MD5:   256624 aeda3d12c8ad68f6b6771b1ee6160c9f
          Size/MD5:   271064 73f419eb889773b58ba132f0b7feb2e2
          Size/MD5:   151772 14abdbd2d87a6cfb382f22d24f0bf02b
          Size/MD5:     5862 9c0ca7c98cebf151df075063885ecec5
          Size/MD5:    11236 3c6adce13c900b5ff36cc0201df2a91d

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   250340 89104d647dc9dab06f955772854cb981
          Size/MD5:   275856 582627f282df50f2c26b331e4210fbf7
          Size/MD5:   150592 879dc84ba2d096d4f80a6a35fb987323
          Size/MD5:     6704 12a8ae40e91f2826af3ce6e85e5bbb10
          Size/MD5:    11964 0ebadcd76edbe1df1c0cfaae4531736e
Ubuntu 1085-1: tiff vulnerabilities

Summary

Update Instructions

References

Package Information

Related News

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

About Us

Powered By
