Login
Newsletter
Werbung

Sicherheit: Pufferüberlauf in libtiff
Aktuelle Meldungen Distributionen
Name: Pufferüberlauf in libtiff
ID: USN-130-1
Distribution: Ubuntu
Plattformen: Ubuntu 4.10, Ubuntu 5.04
Datum: Fr, 20. Mai 2005, 13:00
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1544
Applikationen: libtiff

Originalnachricht

===========================================================
Ubuntu Security Notice USN-130-1 May 19, 2005
tiff vulnerability
CAN-2005-1544
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

libtiff4

The problem can be corrected by upgrading the affected package to
version 3.6.1-1.1ubuntu1.3 (for Ubuntu 4.10), or 3.6.1-5ubuntu0.1 (for
Ubuntu 5.04). After a standard system upgrade you need to restart
your CUPS server with

sudo /etc/init.d/cupsys restart

to effect the necessary changes.

Details follow:

Tavis Ormandy discovered a buffer overflow in the TIFF library. A
malicious image with an invalid "bits per sample" number could be
constructed which, when decoded, would have resulted in execution of
arbitrary code with the privileges of the process using the library.

Since this library is used in many applications like "ghostscript" and
the "CUPS" printing system, this vulnerability may lead to remotely
induced privilege escalation.

Updated packages for Ubuntu 4.10 (Warty Warthog):

Source archives:

tiff_3.6.1-1.1ubuntu1.3.diff.gz
Size/MD5: 23204 9ac3ca3fba6f2dfee338a6ead67dd861
tiff_3.6.1-1.1ubuntu1.3.dsc
Size/MD5: 646 dd500c399e6e27e8fccc0a2217b81e24
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1.orig.tar.gz
Size/MD5: 848760 bd252167a20ac7910ab3bd2b3ee9e955

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

libtiff-tools_3.6.1-1.1ubuntu1.3_amd64.deb
Size/MD5: 172882 44812e9c564e534afaf120298a05649d
libtiff4-dev_3.6.1-1.1ubuntu1.3_amd64.deb
Size/MD5: 458464 45c8e715cfd6d0d10a8f7755d444e8b2
libtiff4_3.6.1-1.1ubuntu1.3_amd64.deb
Size/MD5: 111528 c3e7f1e32d02fb2f43dcd7eba004f410

i386 architecture (x86 compatible Intel/AMD)

libtiff-tools_3.6.1-1.1ubuntu1.3_i386.deb
Size/MD5: 157242 89a8e234340550fbb7b51b0665f57b07
libtiff4-dev_3.6.1-1.1ubuntu1.3_i386.deb
Size/MD5: 439630 bc310ca8d58fd2edff9becf96618016a
libtiff4_3.6.1-1.1ubuntu1.3_i386.deb
Size/MD5: 102426 b57bcb6731278bd7b9efac661b1d5b29

powerpc architecture (Apple Macintosh G3/G4/G5)

libtiff-tools_3.6.1-1.1ubuntu1.3_powerpc.deb
Size/MD5: 187860 a90692f339814812b81b45bd42b020ad
libtiff4-dev_3.6.1-1.1ubuntu1.3_powerpc.deb
Size/MD5: 462482 263381d0e365ef440423e5a39fce2fd9
libtiff4_3.6.1-1.1ubuntu1.3_powerpc.deb
Size/MD5: 112628 7e2d3f122c362d9afce7fdb1058e1628

Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

Source archives:

tiff_3.6.1-5ubuntu0.1.diff.gz
Size/MD5: 23765 32eb02942dff40b39c1d15250c3c0859
tiff_3.6.1-5ubuntu0.1.dsc
Size/MD5: 681 2450a075bf97cc3f9e6824361985c8d4
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1.orig.tar.gz
Size/MD5: 848760 bd252167a20ac7910ab3bd2b3ee9e955

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

libtiff-tools_3.6.1-5ubuntu0.1_amd64.deb
Size/MD5: 172924 7231c0247df7c384675a9c6635daa4c3
libtiff4-dev_3.6.1-5ubuntu0.1_amd64.deb
Size/MD5: 458530 0dc168ca75707a0ad7cae668ee8f8c94
libtiff4_3.6.1-5ubuntu0.1_amd64.deb
Size/MD5: 111658 3f9045465c9ec449afa7ed5f407ef182

i386 architecture (x86 compatible Intel/AMD)

libtiff-tools_3.6.1-5ubuntu0.1_i386.deb
Size/MD5: 155938 1a2182f4b9d338b6384a285aa4274193
libtiff4-dev_3.6.1-5ubuntu0.1_i386.deb
Size/MD5: 439730 df6990250a7715682cadfdef6a6e8bb3
libtiff4_3.6.1-5ubuntu0.1_i386.deb
Size/MD5: 102640 15d2802c1720a6597838adb38fd69b8f

powerpc architecture (Apple Macintosh G3/G4/G5)

libtiff-tools_3.6.1-5ubuntu0.1_powerpc.deb
Size/MD5: 188166 0cdfe537f7838f94dad74e96e9d741b4
libtiff4-dev_3.6.1-5ubuntu0.1_powerpc.deb
Size/MD5: 462522 673438e0b48b119901dfc70189a1af94
libtiff4_3.6.1-5ubuntu0.1_powerpc.deb
Size/MD5: 112828 656a62054187e8a3c803fecc54f6fe09





--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
http://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung