USN-289-1: tiff vulnerabilities

8 June 2006

tiff vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 6.06 LTS
  • Ubuntu 5.10
  • Ubuntu 5.04

Software Description

Details

A buffer overflow has been found in the tiff2pdf utility. By tricking an user into processing a specially crafted TIF file with tiff2pdf, this could potentially be exploited to execute arbitrary code with the privileges of the user. (CVE-2006-2193)

A. Alejandro Hern´┐Żndez discovered a buffer overflow in the tiffsplit utility. By calling tiffsplit with specially crafted long arguments, an user can execute arbitrary code. If tiffsplit is used in e. g. a web-based frontend or similar automated system, this could lead to remote arbitary code execution with the privileges of that system. (In normal interactive command line usage this is not a vulnerability.) (CVE-2006-2656)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 6.06 LTS
libtiff-tools - 3.7.4-1ubuntu3.1
Ubuntu 5.10
libtiff-tools - 3.7.3-1ubuntu1.4
Ubuntu 5.04
libtiff-tools - 3.6.1-5ubuntu0.5

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system upgrade is sufficient to effect the necessary changes.

References