About Ubuntu

=========================================================== Ubuntu Security Notice USN-277-1 May 03, 2006 tiff vulnerabilities CVE-2006-2024, CVE-2006-2025, CVE-2006-2026, CVE-2006-2120 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger) The following packages are affected: libtiff4 The problem can be corrected by upgrading the affected package to version 3.6.1-5ubuntu0.3 (for Ubuntu 5.04), or 3.7.3-1ubuntu1.1 (for Ubuntu 5.10). After a standard system upgrade you need to reboot your computer to effect the necessary changes, since this library is used by many client and server applications. Details follow: Tavis Ormandy and Andrey Kiselev discovered that libtiff did not sufficiently verify the validity of TIFF files. By tricking an user into opening a specially crafted TIFF file with any application that uses libtiff, an attacker could exploit this to crash the application or even execute arbitrary code with the application's privileges.