[USN-46-1] TIFF library vulnerability

[Martin Pitt]

===========================================================
Ubuntu Security Notice USN-46-1		  December 22, 2004
tiff vulnerability
CAN-2004-1308
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

libtiff4

The problem can be corrected by upgrading the affected package to
version 3.6.1-1.1ubuntu1.1.  In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

A buffer overflow was discovered in the TIFF library. A TIFF file
includes a value indicating the number of "directory entry" header
fields contained in the file. If this value is -1, an invalid memory
allocation was performed. A malicious image could be constructed
which, when decoded, would have resulted in execution of arbitrary
code with the privileges of the process using the library.

Since this library is used in many applications like "ghostscript" and
the "CUPS" printing system, this vulnerability may lead to remotely
induced privilege escalation.

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1-1.1ubuntu1.1.diff.gz
      Size/MD5:    22770 6763905425507303c628d773cee68cd1
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1-1.1ubuntu1.1.dsc
      Size/MD5:      646 9382dd270ae226e5f2a404006d78db47
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1.orig.tar.gz
      Size/MD5:   848760 bd252167a20ac7910ab3bd2b3ee9e955

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-tools_3.6.1-1.1ubuntu1.1_amd64.deb
      Size/MD5:   172868 dc56a896377bdb6cc10ff8038aaf33da
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1-1.1ubuntu1.1_amd64.deb
      Size/MD5:   458450 7f607e3b97fb5bcdd5da37f4f44d9ae2
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-1.1ubuntu1.1_amd64.deb
      Size/MD5:   111346 62e90ecdbf07bf0c571728890fa26e23

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-tools_3.6.1-1.1ubuntu1.1_i386.deb
      Size/MD5:   157252 940f8a1884509bc892eca7b26ea67d6c
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1-1.1ubuntu1.1_i386.deb
      Size/MD5:   439610 3881385ae3ba4d84837a6912bd38f946
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-1.1ubuntu1.1_i386.deb
      Size/MD5:   102238 d3b3a7afde8e221b801ba619139ce09e

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-tools_3.6.1-1.1ubuntu1.1_powerpc.deb
      Size/MD5:   187880 7373d1bbd48331f917a8b6132368bb6d
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1-1.1ubuntu1.1_powerpc.deb
      Size/MD5:   462496 6e7a942d020ffba8c3abef047e550fea
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-1.1ubuntu1.1_powerpc.deb
      Size/MD5:   112420 6424b25afbd913496f49c7eb4f96ca77
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20041222/8c608563/attachment.sig>