drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in tiff
Name: |
Zwei Probleme in tiff |
|
ID: |
USN-1416-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04, Ubuntu 11.10 |
|
Datum: |
Do, 5. April 2012, 09:11 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4665
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1173 |
|
Applikationen: |
libtiff |
|
Originalnachricht |
--===============9059509572601143644== Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-FL8+y1wk9qtcm3JecgSF"
--=-FL8+y1wk9qtcm3JecgSF Content-Type: text/plain; charset="UTF-8 Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-1416-1 April 04, 2012
tiff vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS
Summary:
The TIFF library could be made to crash or run programs as your login if it opened a specially crafted file.
Software Description: - tiff: Tag Image File Format (TIFF) library
Details:
Alexander Gavrun discovered that the TIFF library incorrectly allocated space for a tile. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could execute arbitrary code with user privileges, or crash the application, leading to a denial of service. (CVE-2012-1173)
It was discovered that the tiffdump utility incorrectly handled directory data structures with many directory entries. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. This issue only applied to Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2010-4665)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 11.10: libtiff4 3.9.5-1ubuntu1.1
Ubuntu 11.04: libtiff4 3.9.4-5ubuntu6.1
Ubuntu 10.10: libtiff4 3.9.4-2ubuntu0.5
Ubuntu 10.04 LTS: libtiff4 3.9.2-2ubuntu0.8
Ubuntu 8.04 LTS: libtiff4 3.8.2-7ubuntu3.10
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-1416-1 CVE-2010-4665, CVE-2012-1173
Package Information: https://launchpad.net/ubuntu/+source/tiff/3.9.5-1ubuntu1.1 https://launchpad.net/ubuntu/+source/tiff/3.9.4-5ubuntu6.1 https://launchpad.net/ubuntu/+source/tiff/3.9.4-2ubuntu0.5 https://launchpad.net/ubuntu/+source/tiff/3.9.2-2ubuntu0.8 https://launchpad.net/ubuntu/+source/tiff/3.8.2-7ubuntu3.10
--ßL8+y1wk9qtcm3JecgSF Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABCgAGBQJPfLtrAAoJEGVp2FWnRL6TMfIP/iANKDJwcG15gesBcGdHVToL wPnhUdgEdryZeuSZZEZDijYL6iNqRyNs3m7hNDp/68LGrV8+jbbiJi8qji6OckHv PPcgMITlvkd1w6bqzyLKCj3zz4BWISKjPD3/c4X9h3Bpdptzwy7D4BUv+IEPY82I Mizx2p792MLTFI7ZEjPVwahvpY7gv/0+sr/AIbUoak7Jgs259ty+UzRSh3S3p5YR vNwvFCx2rpfEYeKKrjnvFcSJakfITHioCghdilw+ULoakqKA/shzsYQZXlGW7QS5 WhkzoL47zHSQ774S7PB2l/uROGqhQ29cfKmiehV0neaBx8v2ybnoL8XKECZeQvMW qNuPYGvOKqRYMLOZsLPqKG992J+DbpolXntWzvvSPgXjndM+tFVbcR1iJZwZ2E5k 9cLc2hmgav+58LcXAlmC3BScOErqiGf3Ooc0KKxfK4zh/8oJNIJfqvlEfKGLDQVK 0UCS+sqF2xEmYQ1gt6TKbOW2owB01HKGxOnBOL5jPsMoebq0Yh3JXPIiaaK1KdQ7 vshVDn0oBCqTuuQZJu5mCW2fWeONzudEvjIlyMxrdjrRst02WkPKgy1LXCvkx5Jx R2m1KHggyranLKI7EyeySKJWevFJNKKCF6mXLKeZQoh78KWOJRTaquflyZ+XHQsm rWKAbwt5FMVzOpWaFURa =twyA -----END PGP SIGNATURE-----
--=-FL8+y1wk9qtcm3JecgSF--
--===============9059509572601143644== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============9059509572601143644==--
|
|
|
|