News

=========================================================== Ubuntu Security Notice USN-330-1 August 02, 2006 tiff vulnerabilities CVE-2006-3459, CVE-2006-3460, CVE-2006-3461, CVE-2006-3462, CVE-2006-3463, CVE-2006-3464, CVE-2006-3465 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 Ubuntu 5.10 Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.04: libtiff4 3.6.1-5ubuntu0.6 Ubuntu 5.10: libtiff4 3.7.3-1ubuntu1.5 Ubuntu 6.06 LTS: libtiff4 3.7.4-1ubuntu3.2 After a standard system upgrade you need to reboot your computer to effect the necessary changes. Details follow: Tavis Ormandy discovered that the TIFF library did not sufficiently check handled images for validity. By tricking an user or an automated system into processing a specially crafted TIFF image, an attacker could exploit these weaknesses to execute arbitrary code with the target application's privileges. This library is used in many client and server applications, thus you should reboot your computer after the upgrade to ensure that all running programs use the new version of the library.