Ubuntu Security Notice USN-289-1
8th June, 2006
tiff vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 6.06 LTS
- Ubuntu 5.10
- Ubuntu 5.04
Details
A buffer overflow has been found in the tiff2pdf utility. By tricking
an user into processing a specially crafted TIF file with tiff2pdf,
this could potentially be exploited to execute arbitrary code with the
privileges of the user. (CVE-2006-2193)
A. Alejandro Hern�ez discovered a buffer overflow in the tiffsplit
utility. By calling tiffsplit with specially crafted long arguments,
an user can execute arbitrary code. If tiffsplit is used in e. g. a
web-based frontend or similar automated system, this could lead to
remote arbitary code execution with the privileges of that system. (In
normal interactive command line usage this is not a vulnerability.)
(CVE-2006-2656)
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 6.06 LTS:
- libtiff-tools 3.7.4-1ubuntu3.1
- Ubuntu 5.10:
- libtiff-tools 3.7.3-1ubuntu1.4
- Ubuntu 5.04:
- libtiff-tools 3.6.1-5ubuntu0.5
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system upgrade is sufficient to effect the
necessary changes.