drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in tiff
Name: |
Zwei Probleme in tiff |
|
ID: |
USN-1498-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 11.04, Ubuntu 11.10, Ubuntu 12.04 LTS |
|
Datum: |
Do, 5. Juli 2012, 21:54 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2088
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2113 |
|
Applikationen: |
libtiff |
|
Originalnachricht |
--===============6998667270056954967== Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-wzA/pg7S6ZvYIW/SoCMj"
--=-wzA/pg7S6ZvYIW/SoCMj Content-Type: text/plain; charset="UTF-8 Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-1498-1 July 05, 2012
tiff vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS
Summary:
The TIFF library could be made to crash or run programs as your login if it opened a specially crafted file.
Software Description: - tiff: Tag Image File Format (TIFF) library
Details:
It was discovered that the TIFF library incorrectly handled certain malformed TIFF images. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. (CVE-2012-2088)
It was discovered that the tiff2pdf utility incorrectly handled certain malformed TIFF images. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. (CVE-2012-2113)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.04 LTS: libtiff-tools 3.9.5-2ubuntu1.1 libtiff4 3.9.5-2ubuntu1.1
Ubuntu 11.10: libtiff-tools 3.9.5-1ubuntu1.2 libtiff4 3.9.5-1ubuntu1.2
Ubuntu 11.04: libtiff-tools 3.9.4-5ubuntu6.2 libtiff4 3.9.4-5ubuntu6.2
Ubuntu 10.04 LTS: libtiff-tools 3.9.2-2ubuntu0.9 libtiff4 3.9.2-2ubuntu0.9
Ubuntu 8.04 LTS: libtiff-tools 3.8.2-7ubuntu3.12 libtiff4 3.8.2-7ubuntu3.12
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-1498-1 CVE-2012-2088, CVE-2012-2113
Package Information: https://launchpad.net/ubuntu/+source/tiff/3.9.5-2ubuntu1.1 https://launchpad.net/ubuntu/+source/tiff/3.9.5-1ubuntu1.2 https://launchpad.net/ubuntu/+source/tiff/3.9.4-5ubuntu6.2 https://launchpad.net/ubuntu/+source/tiff/3.9.2-2ubuntu0.9 https://launchpad.net/ubuntu/+source/tiff/3.8.2-7ubuntu3.12
--ÐzA/pg7S6ZvYIW/SoCMj Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABCgAGBQJP9aQLAAoJEGVp2FWnRL6TubEP/jHfkdv/ti3Yk9xXVuEkAIfz 2izJiNBsIVkFQI1QGuKKa2c3I/SPAb+wXQGT4SVz8BCLM+guMb2DVlFSIlX0onzM 7McOoOxwMKTqdgY3ybpr/vgKnZsV90lbTmKeT/EJjf4dXfn9b5MkFc8uj8f9oypP s52MaUMBjdGCy6XjzyQL7ZVK7O9lBUE8sMPqL8jUYkfSdRfl6M2SHvMpDUpdJf4d AGf69lrUgpA3ALbq/nkw2OpYrpKhYphm0D5fQjjxy+/ayichAWSTVhcIvr0qZet0 qyZOaMPa9z5ygfnzXF5krg6P0ex6uZENTqBxxYz7HXZ7jxsEWFQ3zMaYkz/oPYNK ujvGrrsPAExtNrpI5nEC/eY6nCFohWxpN1dke6IN/pSIbXcjSMM1YWCRaSa1dfrl SW8wsy2LtW+p9pCsw0mOuXl8lT2leE15zgFAQL++zdxSZKi4XwTcW72vVwIUbYbB q8wm5GJ9/s+WnF3+9plhLO+G1QwB7ZVQj081a6mIgUtBCkQYpUSrJE+g9liQcM3s lrehXjfLk04OEZ07nlWhwqNkkpIjZc1svkTacMhRhUkUbMfGmLZPgleRcev4jBqD xtE/ceggsxxxW0xG+vxuUULHFql3KimLrpTsaAaXDvO1rk8WscY1QNO6BtcKQ6hd Fapsg2tMibq6WBitLAZW =KF4s -----END PGP SIGNATURE-----
--=-wzA/pg7S6ZvYIW/SoCMj--
--===============6998667270056954967== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============6998667270056954967==--
|
|
|
|