View Full Version : USN-639-1: tiff vulnerability

September 2nd, 2008, 09:30 PM
Referenced CVEs:

================================================== ========= Ubuntu Security Notice USN-639-1 September 02, 2008 tiff vulnerability CVE-2008-2327 ================================================== ========= A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libtiff4 3.7.4-1ubuntu3.3 Ubuntu 7.04: libtiff4 3.8.2-6ubuntu1 Ubuntu 7.10: libtiff4 3.8.2-7ubuntu2.1 Ubuntu 8.04 LTS: libtiff4 3.8.2-7ubuntu3.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Drew Yao discovered that the TIFF library did not correctly validate LZW compressed TIFF images. If a user or automated system were tricked into processing a malicious image, a remote attacker could execute arbitrary code or cause an application linked against libtiff to crash, leading to a denial of service.

More... (http://www.ubuntu.com/usn/usn-639-1)