=========================================================== Ubuntu Security Notice USN-277-1 May 03, 2006 tiff vulnerabilities CVE-2006-2024, CVE-2006-2025, CVE-2006-2026, CVE-2006-2120 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger) The following packages are affected: libtiff4 The problem can be corrected by upgrading the affected package to version 3.6.1-5ubuntu0.3 (for Ubuntu 5.04), or 3.7.3-1ubuntu1.1 (for Ubuntu 5.10). After a standard system upgrade you need to reboot your computer to effect the necessary changes, since this library is used by many client and server applications. Details follow: Tavis Ormandy and Andrey Kiselev discovered that libtiff did not sufficiently verify the validity of TIFF files. By tricking an user into opening a specially crafted TIFF file with any application that uses libtiff, an attacker could exploit this to crash the application or even execute arbitrary code with the application's privileges. Updated packages for Ubuntu 5.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1-5ubuntu0.3.diff.gz Size/MD5: 25844 bf3bb894195ad17e5c860daf0b52e1ce http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1-5ubuntu0.3.dsc Size/MD5: 681 7ca48c0c729b1ed1eaf448c8f25f3fd9 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1.orig.tar.gz Size/MD5: 848760 bd252167a20ac7910ab3bd2b3ee9e955 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.6.1-5ubuntu0.3_amd64.deb Size/MD5: 172968 2ffca24fa53dc7bfb5c5901e193a104c http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1-5ubuntu0.3_amd64.deb Size/MD5: 459186 3bb686188917d73793abc5f812d388b9 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-5ubuntu0.3_amd64.deb Size/MD5: 112794 309519051cbeac5ee4970c17c95f873f i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.6.1-5ubuntu0.3_i386.deb Size/MD5: 155950 dd997be32c7b3379260bf9f9ff9576c8 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1-5ubuntu0.3_i386.deb Size/MD5: 440500 16622a398c014cf6035494e0ff29d660 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-5ubuntu0.3_i386.deb Size/MD5: 103712 fe939d6535627e0fc713fb43fefa399e powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.6.1-5ubuntu0.3_powerpc.deb Size/MD5: 188176 88838f14d7d5da36f1f403f4c0a39b66 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1-5ubuntu0.3_powerpc.deb Size/MD5: 463658 3aa8bf134de05702211eafa321b06503 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-5ubuntu0.3_powerpc.deb Size/MD5: 114124 de1c205214d625b875ae75c18c18078a Updated packages for Ubuntu 5.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.3-1ubuntu1.1.diff.gz Size/MD5: 10710 2bd5f0ece5925350446d84ee8189e071 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.3-1ubuntu1.1.dsc Size/MD5: 756 6189550944c0b45fc86c910ed0dbcf26 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.3.orig.tar.gz Size/MD5: 1268182 48fbef3d76a6253699f28f49c8f25a8b amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.3-1ubuntu1.1_amd64.deb Size/MD5: 47954 af59fddd16097f942f3e0e30191d28d0 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.3-1ubuntu1.1_amd64.deb Size/MD5: 219564 3ed70fe840906f3f2a1c3911a7361e29 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.3-1ubuntu1.1_amd64.deb Size/MD5: 281560 1e221cf189548ff8d6e5d1493800c05d http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.3-1ubuntu1.1_amd64.deb Size/MD5: 471914 5736f410bb8db26c4249a4921491be9a http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.3-1ubuntu1.1_amd64.deb Size/MD5: 42792 139dc849797a3d1075afb782d6bd6c70 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.3-1ubuntu1.1_i386.deb Size/MD5: 47346 5eddb50954c66c612b7f3512782dda0f http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.3-1ubuntu1.1_i386.deb Size/MD5: 204506 18fdd790464fad763946019e3eacf08d http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.3-1ubuntu1.1_i386.deb Size/MD5: 258138 7034f05b5208a7e12d08f0f0f617c267 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.3-1ubuntu1.1_i386.deb Size/MD5: 457970 6ff93fae3665cc4d755e00193bc3878d http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.3-1ubuntu1.1_i386.deb Size/MD5: 42792 b8171ab19a074a0bb824bbf9b7e6878c powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.3-1ubuntu1.1_powerpc.deb Size/MD5: 49658 ce5d543ec0f79778d91c35621a21cfb2 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.3-1ubuntu1.1_powerpc.deb Size/MD5: 238916 80c0907f7bcc9ce449ab7c290f4de184 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.3-1ubuntu1.1_powerpc.deb Size/MD5: 286772 43624f7226b1b4f7805b6824afabce4d http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.3-1ubuntu1.1_powerpc.deb Size/MD5: 472118 0bbe31b13584e60800c85e9a1e2fd462 http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.3-1ubuntu1.1_powerpc.deb Size/MD5: 44986 11c16855448a486adbdd3520006845dd