drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in tiff
Name: |
Denial of Service in tiff |
|
ID: |
USN-1511-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 11.04, Ubuntu 11.10, Ubuntu 12.04 LTS |
|
Datum: |
Do, 19. Juli 2012, 16:53 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3401 |
|
Applikationen: |
libtiff |
|
Originalnachricht |
--===============8633906447959969642== Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-Uj6iGV3Su6keXzMCGIve"
--=-Uj6iGV3Su6keXzMCGIve Content-Type: text/plain; charset="UTF-8 Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-1511-1 July 19, 2012
tiff vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS
Summary:
tiff2pdf could be made to crash or run programs as your login if it opened a specially crafted file.
Software Description: - tiff: Tag Image File Format (TIFF) library
Details:
Huzaifa Sidhpurwala discovered that the tiff2pdf utility incorrectly handled certain malformed TIFF images. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.04 LTS: libtiff-tools 3.9.5-2ubuntu1.2
Ubuntu 11.10: libtiff-tools 3.9.5-1ubuntu1.3
Ubuntu 11.04: libtiff-tools 3.9.4-5ubuntu6.3
Ubuntu 10.04 LTS: libtiff-tools 3.9.2-2ubuntu0.10
Ubuntu 8.04 LTS: libtiff-tools 3.8.2-7ubuntu3.13
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-1511-1 CVE-2012-3401
Package Information: https://launchpad.net/ubuntu/+source/tiff/3.9.5-2ubuntu1.2 https://launchpad.net/ubuntu/+source/tiff/3.9.5-1ubuntu1.3 https://launchpad.net/ubuntu/+source/tiff/3.9.4-5ubuntu6.3 https://launchpad.net/ubuntu/+source/tiff/3.9.2-2ubuntu0.10 https://launchpad.net/ubuntu/+source/tiff/3.8.2-7ubuntu3.13
--Þj6iGV3Su6keXzMCGIve Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABCgAGBQJQCA+jAAoJEGVp2FWnRL6TbHEP/3vMzR8PiK2Y3+RUoZZHtssh q9g0eMwLrfr6PFcB6/0NN/ZMjlaZFVlv1nP9ApR4r1wP1ou+8G6OtaneEJVX1Yi/ NXBxR67XAyZ9sJGOkibLC8Xj22iap5IMwLxHXBsQg2JnRXgplEy11QyGnzkHlF7M YeAYGk+i6J5J25oO6TAt/jyd5NUVnSETW7zTU9ppcn57Sqx1XXT59JPSp+H9BdoJ ujJfCh+oqerzKnUI5nIbPsS/sN7vfJJNSZcn8XGILNXEGbz5D3HXrIY4ZpZlZIZw tnCTFjoCMdMePMdxzIF42ZGJ8oEViwTZZ/ABgbzL+2HDr4tCIc6HMMZfiwc1dj2/ t+2NKwFWAlFJ5geHWgPABsgk82hp9uGPtgMWBZfrtZ9lCwLuC0AHjV6YZ/xsp1oq a6TmqlTKnF/pJdb8smNkvGgyQfguboZ8JJFdx8lVq7l5/mh5pUQ/SbUBcqEpz1le AMt3ZrHiRFzj1hyGdFqHwRp+aGZW6PfmlRDIVsw8JQ2+uEEn4F0wryLLxAZYzwIq xTugs3PxhbQGlKNhzycWjn7ZA1TYV8KLfFjQGYpMTZmE6zeEUcrgF7ecAu4tHmnW SqHifpkiHPhIhmFM3bSLebnd8nD+I1ZzsgS3ml+VVpd1hUbyCch56iLMtU84/DEY 8+B4mikm2t2hLcq+Jx36 =GFvq -----END PGP SIGNATURE-----
--=-Uj6iGV3Su6keXzMCGIve--
--===============8633906447959969642== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============8633906447959969642==--
|
|
|
|