Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Advisory Watch: February 27th, 2015
Linux Security Week: February 23rd, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Ubuntu: 1102-1: tiff vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Martin Barbella discovered that the thunder (aka ThunderScan) decoder inthe TIFF library incorrectly handled an unexpected BitsPerSample value. Ifa user or automated system were tricked into opening a specially craftedTIFF image, a remote attacker could execute arbitrary code with userprivileges, or crash the application, leading to a denial of service. [More...]
Ubuntu Security Notice USN-1102-1            April 04, 2011
tiff vulnerability

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 9.10
Ubuntu 10.04 LTS
Ubuntu 10.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libtiff4                        3.7.4-1ubuntu3.11

Ubuntu 8.04 LTS:
  libtiff4                        3.8.2-7ubuntu3.9

Ubuntu 9.10:
  libtiff4                        3.8.2-13ubuntu0.6

Ubuntu 10.04 LTS:
  libtiff4                        3.9.2-2ubuntu0.6

Ubuntu 10.10:
  libtiff4                        3.9.4-2ubuntu0.3

After a standard system update you need to restart your session to make
all the necessary changes.

Details follow:

Martin Barbella discovered that the thunder (aka ThunderScan) decoder in
the TIFF library incorrectly handled an unexpected BitsPerSample value. If
a user or automated system were tricked into opening a specially crafted
TIFF image, a remote attacker could execute arbitrary code with user
privileges, or crash the application, leading to a denial of service.

Updated packages for Ubuntu 6.06 LTS:

  Source archives:
      Size/MD5:    25828 5a188132e4b15d2799285c1c48941cb3
      Size/MD5:     1407 9a6dfe139833d6bfb8b2fbc67716220c
      Size/MD5:  1280113 02cf5c3820bda83b35bb35b45ae27005

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   220868 f772d70fb80981e7d857b0bd6cdb5909
      Size/MD5:   283508 ca7dd2b76511e939c697b452e9a12c5f
      Size/MD5:   488788 cb5e42ca0a90a2d2e86928f916e68b8b
      Size/MD5:    45298 d83fbdf3c0ca45a86c470abce13bf2a7
      Size/MD5:    50454 256d3d1027da40488b8ec64d81c33b4e

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:   206376 035721df202c94adceaf544033ad9437
      Size/MD5:   260196 0faa5b5ed21a8e3eb4f0ada49118e0de
      Size/MD5:   476650 5a756b57c85d6f6a55256b7f871d5c67
      Size/MD5:    45146 0f9ae54fed528ebd588df3716377e6ed
      Size/MD5:    49464 71d625b0994b5aaba0fba48b8c7bc61e

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:   240468 f8a0354ea00b9016c658aae61077a36f
      Size/MD5:   289572 88bfef83f983ad53d2e4eec8c25a86b4
      Size/MD5:   477328 9d818bb8f5815a4b19034956f2d08412
      Size/MD5:    47454 1d16be8ef438678216c0786f6b4234d7
      Size/MD5:    52094 652e25f8d88c9d4c41c3ed09316e06a3

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:   209412 8df244d9ad1149285eef9821eee28b14
      Size/MD5:   271510 110f8ef14ecf342177345d57769c72b9
      Size/MD5:   468062 7828c57d2b0fdf7e8e625a70c6f3c4a2
      Size/MD5:    45158 5eeab51e360c270ee187300fb838a1dd
      Size/MD5:    50286 c25009f5881bfff5a0f2bf6b6bac9d2c

Updated packages for Ubuntu 8.04 LTS:

  Source archives:
      Size/MD5:    23855 db922d51e915cd965a858a74d1dcc993
      Size/MD5:     1496 196649e1d621d085902ef59673ca9d36
      Size/MD5:  1333780 e6ec4ab957ef49d5aabc38b7a376910b

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   186472 bd907ec83daa0399435a5a81321e35a4
      Size/MD5:   571770 fe7f7d811ccfc12c5e881339a6466c48
      Size/MD5:   132244 a2f5a1a5dcebaaeb6f76e3ffc7221609
      Size/MD5:     5078 3e7b9f8a0026f611ebaf2183396c5fe9
      Size/MD5:    10496 6d59e89519d8fbe14ad0e1b45ae69f0b

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:   175320 d78e9ff31d20c42404a158d0fde63e38
      Size/MD5:   552958 433de0345c4504e7c054b4864e85fe91
      Size/MD5:   123698 b663b2c97cae791d28038b45d1254b9b
      Size/MD5:     5036 89129e4fa6a4c87b90bfd31e5ade4489
      Size/MD5:     9936 a7be9a037f8aebab240d9529bdbd2fde

  lpia architecture (Low Power Intel Architecture):
      Size/MD5:   177040 406d4586cde6236e9d06918c0c3ea45e
      Size/MD5:   555434 53054d15417e63dce1d825458dae8d1a
      Size/MD5:   124808 bced901a51e55378f456f95b007b018f
      Size/MD5:     4908 14f1d7a37b633d3dba0284280aa3073d
      Size/MD5:     9982 0f686d9ecb6e03bbce076a9bf0cb72d9

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:   223484 d13669f7e29c1ce374260cda4ceae7cf
      Size/MD5:   577658 7b1de5ee93bc896a9f5612a9457a2dbe
      Size/MD5:   135386 7230b6764938f7711b4567d6c677e53f
      Size/MD5:     7504 2c0d55b2b70bea18118654b4fe90ba9e
      Size/MD5:    13296 54a90446eb331b60aa436a1a9f7a857a

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:   178848 f23931d32847cea2ddbc8638ad8d9135
      Size/MD5:   559030 cba20aacaec440324d56be2787b9e3dd
      Size/MD5:   123504 54149e43569444b215d9b99393a4f161
      Size/MD5:     4800 29b5375a027b2da933e173e467252c01
      Size/MD5:    10696 e82d0147f5c86939e9ca516655ec7acc

Updated packages for Ubuntu 9.10:

  Source archives:
      Size/MD5:    44136 bbbfbcdfcafd8b87559ca592fe195330
      Size/MD5:     1940 db9fef1e5db0ec75b45767087ecaa0a2
      Size/MD5:  1333780 e6ec4ab957ef49d5aabc38b7a376910b

  Architecture independent packages:
      Size/MD5:   335178 072694c036e8b45765b132a9551fd2b2

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   191406 1a545187725f33c544cfabb003bf8239
      Size/MD5:   252600 e9fb9661413c8c78fc4c1337af36cb8f
      Size/MD5:   136072 951b215095a186d2445ed4669e2f7d73
      Size/MD5:     6330 4b8118d847ba55b9a203b694d52f01ad
      Size/MD5:    12000 500d2d84cbc32b88c2f75dcb9efc3dab

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:   175844 f41df67558906d8b843dd187b2b0a9c9
      Size/MD5:   232172 3ee5d616a946aa4a36f8632c00376f3d
      Size/MD5:   125248 77594faa5a171f0e89e0f71f961c946d
      Size/MD5:     6444 24f64d0f5ec93a64b3757da9265c1bcb
      Size/MD5:    11296 c50624dc8c61369afd8fc57e65d07732

  armel architecture (ARM Architecture):
      Size/MD5:   181870 bf2964b26a92b79375afa03fd085104f
      Size/MD5:   233912 73719491abd148f09dc891ca29c6bb08
      Size/MD5:   125226 d3ad38028a85f6759a923c2a927b653b
      Size/MD5:     5964 2d85b7a3f22953aefb769c8b78bc65e5
      Size/MD5:    11150 fb22b956435fe39784177dcccdda6843

  lpia architecture (Low Power Intel Architecture):
      Size/MD5:   177046 7017282d7a02d94fae39c802544963ae
      Size/MD5:   234588 32d04bdca549312e0e813c55d2ebdd96
      Size/MD5:   126854 aa7d0078dc9720f51c0c3391111351cd
      Size/MD5:     6312 ae017ee40d2db5da06a8f940a5a6c0ae
      Size/MD5:    11342 bbc85ea0048d87566448297bcbd5672c

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:   191486 2228fa4f7c4380e1307d65dcd6cbcb15
      Size/MD5:   256694 1a7ddb548794fcd48e7b8f2efbb53782
      Size/MD5:   137578 92e7729efde21afc770a2dc207790de7
      Size/MD5:     6730 c10f1b0f5e8111890ed80f90958ca7c9
      Size/MD5:    12088 b1d250d58fd795c6601bae493c90c523

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:   184298 b44a8c44ec78ac9849fdcd94b4dccaea
      Size/MD5:   237336 3acf1e338396df28b8b05646732a5656
      Size/MD5:   125306 cfe20cc0b3d0642c4dda7d2d5d514359
      Size/MD5:     6098 ecba17c3e159225e49858a7589b0ef54
      Size/MD5:    12030 ea526a25285c456a76ceb5bd91fa4172

Updated packages for Ubuntu 10.04 LTS:

  Source archives:
      Size/MD5:    20823 204dd7cc1cf0ba27ec36a461fa11cb0e
      Size/MD5:     1936 34fa3e9a9ff1508dd054357a60c9e208
      Size/MD5:  1419742 93e56e421679c591de7552db13384cb8

  Architecture independent packages:
      Size/MD5:   359248 164274954419eb59ab6333c4d43bb4a3

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   252330 2e98b72988052ac6e043ebc6def781a2
      Size/MD5:   269792 6d7c8d72b00be7189ba54339472ff8bf
      Size/MD5:   149396 d1a1bede2fd037566b543b02cd500f31
      Size/MD5:     6390 ab61c8db9d6c1b7e9d25167e119e92aa
      Size/MD5:    12032 5984fe6d7270329f5e584c63a7c7a3e3

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:   234114 e0821e8376e591e8b64ffb6e85b7be95
      Size/MD5:   247104 2066f97c996a73bef33c9d0b445a5923
      Size/MD5:   137054 7bd193fd2e9c8782a009957321da7523
      Size/MD5:     6486 8fa5adfc37fe2cac0b3209e1fbebecc5
      Size/MD5:    11284 934a74fa037ba8b398bdf6ab51c65aac

  armel architecture (ARM Architecture):
      Size/MD5:   236360 ebb38946e17e8e8aa070978e7d3fefb6
      Size/MD5:   239024 b3e8ee626ee30dafa0f3ecb676c33c3b
      Size/MD5:   129854 e007b9bda015302475b3e7fed74c80c2
      Size/MD5:     5984 504c5b2bf1ffc3be8242cb79e533dc4e
      Size/MD5:    11304 5d9c78a1bb39f037d9dc4406c90f2b50

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:   253520 9be0acf437b18134d02cf9017ea3107e
      Size/MD5:   275368 6a4e364921eb74767e4b04002e50f15a
      Size/MD5:   150886 52591411f6e1a50b259f29108dc82b2a
      Size/MD5:     6768 80491884a96917252352e86007b46a19
      Size/MD5:    12088 9e9f07f2447081dbe7c8602c8da377c4

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:   248782 490c88ed79f35b032d0d77f4e0415195
      Size/MD5:   257528 eea8147766a6ff6191dfcfb1683048b8
      Size/MD5:   143682 b3b8fda006b11c287755bad52f7c3df1
      Size/MD5:     6228 a8060becc8909e3266211459f2e2fe33
      Size/MD5:    11922 f7bd7d491af5961415ebeb5e93fa8664

Updated packages for Ubuntu 10.10:

  Source archives:
      Size/MD5:    18825 40b1e8dc874c06de81215437731f1555
      Size/MD5:     1953 61a0f7859f16b5b544089aa7f6fe1cbf
      Size/MD5:  1436968 2006c1bdd12644dbf02956955175afd6

  Architecture independent packages:
      Size/MD5:   343012 bd0de33b4b9e417d214221dc79a0f1e2

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   250536 679ca11fd132a2ee2a082dafdde2673a
      Size/MD5:   270622 740a2ed5653163abbce854732f75af65
      Size/MD5:   149596 715844d50e58b4771ee08b115d639011
      Size/MD5:     6320 fe63a0807bb04d5cfd489e7e7ddacae3
      Size/MD5:    11822 d170a65cb29625395158a26b89edc406

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:   230152 039a308a0820f6b54f8d023f6729394a
      Size/MD5:   247270 4dc10ff022f91af50607ee39acb76d63
      Size/MD5:   136954 8c6979ebd60ec83d93a68bbd2379d30c
      Size/MD5:     6426 a3ce063a372076fcff94046b164ad629
      Size/MD5:    11144 4de2308de48ef3226f4e77e1b0f952dc

  armel architecture (ARM Architecture):
      Size/MD5:   259194 0b826ab65984562e4bcf73e8afd795fa
      Size/MD5:   271580 e20391fb5468423e0076050d9d4ccbf2
      Size/MD5:   151896 9c714087910c7b19d019b051ace0e708
      Size/MD5:     5860 d208d6d0fc4c958ebe8c289954c03a4c
      Size/MD5:    11234 4752e67dd1298cda282488aa7536a8bc

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:   250354 16d49a559be0f64b7dd1f3c1e65966f6
      Size/MD5:   276008 2c599186323b325cfce0e5d47f3399c0
      Size/MD5:   150824 18b86da32c7a3404e3bae2c6f9ed7091
      Size/MD5:     6702 635a3756efd0ae1efa040e326dfb68f4
      Size/MD5:    11964 8a43a6d125ff42a755f1a79295b692fe

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
CSI: Cyber: We Watched So You Didnít Have To
PATCH FREAK NOW: Cloud providers faulted for slow response
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.