Please take our Survey
logo       
<prev   next>

Choosing A Webhost:
A web hosting service is a type of Internet hosting service that allows individuals and organizations to provide their own website accessible via the World Wide Web. Web hosts are companies that provide space on a server they own for use by their clients as well as providing Internet connectivity, typically in a data center. Web hosts can also provide data center space and connectivity to the Internet for servers they do not own to be located in their data center, called colocation. more...

[USN-54-1] TIFF library tool vulnerability: msg#00001

linux.ubuntu.security.announce

Subject: [USN-54-1] TIFF library tool vulnerability

===========================================================
Ubuntu Security Notice USN-54-1 January 06, 2005
tiff vulnerability
CAN-2004-1183
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

libtiff-tools

The problem can be corrected by upgrading the affected package to
version 3.6.1-1.1ubuntu1.2. In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

Dmitry V. Levin discovered a buffer overflow in the "tiffdump"
utility. If an attacker tricked a user into processing a malicious
TIFF image with tiffdump, they could cause a buffer overflow which at
least causes the program to crash. However, it is not entirely clear
whether this can be exploited to execute arbitrary code with the
privileges of the user opening the image.

Source archives:


http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1-1.1ubuntu1.2.diff.gz
Size/MD5: 22999 d884251e847a11301f8336b8d9f50e0f

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1-1.1ubuntu1.2.dsc
Size/MD5: 646 7e0d3bb9141233f29e2b5999523882bd
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1.orig.tar.gz
Size/MD5: 848760 bd252167a20ac7910ab3bd2b3ee9e955

amd64 architecture (Athlon64, Opteron, EM64T Xeon)


http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-tools_3.6.1-1.1ubuntu1.2_amd64.deb
Size/MD5: 172900 15c92000db5d6efe06dc5be73a3471e2

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1-1.1ubuntu1.2_amd64.deb
Size/MD5: 458416 8f3a4d1bcba9de0b9004f8a9c1103632

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-1.1ubuntu1.2_amd64.deb
Size/MD5: 111440 df967606c94b419508c00b9e3194485d

i386 architecture (x86 compatible Intel/AMD)


http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-tools_3.6.1-1.1ubuntu1.2_i386.deb
Size/MD5: 157260 d416a9e23840613a706f8196879614b3

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1-1.1ubuntu1.2_i386.deb
Size/MD5: 439598 87e32a85649ca58ebccf55b751297bb5

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-1.1ubuntu1.2_i386.deb
Size/MD5: 102336 f2019f1620310fa2a5d5c59ccabab0fe

powerpc architecture (Apple Macintosh G3/G4/G5)


http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-tools_3.6.1-1.1ubuntu1.2_powerpc.deb
Size/MD5: 187884 1c1173ba8723d03239399175a7e41566

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1-1.1ubuntu1.2_powerpc.deb
Size/MD5: 462478 0fe172d4ecc90f985df90f9a551faa52

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-1.1ubuntu1.2_powerpc.deb
Size/MD5: 112518 80f528b39a9d230e20591337df3d556e

Attachment: signature.asc
Description: Digital signature
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [USN-55-1] imlib2 vulnerabilities, Martin Pitt
Next by Date:  [USN-56-1] exim4 vulnerabilities, Martin Pitt
Previous by Thread:  [USN-55-1] imlib2 vulnerabilities, Martin Pitt
Next by Thread:  [USN-56-1] exim4 vulnerabilities, Martin Pitt
Indexes:  [Date] [Thread] [Top] [All Lists]

Google Custom Search
Recently Viewed:
version-control...    qnx.openqnx.dev...    redhat.rhn.user...    ietf.openpgp/20...    mail.mutt.user/...    web.microformat...    java.sync4j.use...    education.ezpro...    user-groups.blu...    solaris.manager...    org.fitug.debat...    technology.erps...    politics.activi...    linux.redhat.fe...    bug-tracking.ma...    xfce.user/2004-...    hams/2004-11/ms...    kde.users.pim/2...    culture.cooking...    freebsd.devel.x...    gnu.m4.adhoc/20...    ngpt.user/2002-...    apple.fink.deve...   
Home | advertise | OSDir is an inevitable website. super tiny logo

Free Magazines

Cisco News
Receive a free quarterly e-newsletter with exclusive articles on how Cisco IT uses its own products and solutions to enable the business.
subscribe

Systems Management News, the newspaper for IT systems administration and data center managers! Each issue of Systems Management News is chock-full of news and analysis to help you understand what's happening in your field.
subscribe

The Enterprise Newsweekly eWeek is the essential technology information source for builders of e-business.
subscribe

Oracle Magazine Oracle Magazine contains technology strategy articles, sample code, tips, Oracle and partner news, how to articles for developers and DBAs, and more. Oracle (NASDAQ: ORCL) is the world's largest enterprise software company.
subscribe

Total Telecom Total Telecom is "The Economist of the communications industry".
subscribe

Navigation