USN-330-1: tiff vulnerabilities

Ubuntu Security Notice USN-330-1

2nd August, 2006

tiff vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 6.06 LTS
  • Ubuntu 5.10
  • Ubuntu 5.04


Tavis Ormandy discovered that the TIFF library did not sufficiently
check handled images for validity. By tricking an user or an automated
system into processing a specially crafted TIFF image, an attacker
could exploit these weaknesses to execute arbitrary code with the
target application's privileges.

This library is used in many client and server applications, thus you
should reboot your computer after the upgrade to ensure that all
running programs use the new version of the library.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 6.06 LTS:
libtiff4 3.7.4-1ubuntu3.2
Ubuntu 5.10:
libtiff4 3.7.3-1ubuntu1.5
Ubuntu 5.04:
libtiff4 3.6.1-5ubuntu0.6

To update your system, please follow these instructions:

After a standard system upgrade you need to reboot your computer to
effect the necessary changes.


CVE-2006-3459, CVE-2006-3460, CVE-2006-3461, CVE-2006-3462, CVE-2006-3463, CVE-2006-3464, CVE-2006-3465