Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 488
Alerts This Week
Warning Icon 1 488

Ubuntu 10.10 USN-1120-1 Critical: tiff Code Execution Threat

ubuntu
Calendar Grey April 21, 2011
Scroller Ubuntu
Ubuntu Security Notice USN-1121-1 April 22, 2011 relating to a jpeg flaw that could result in arbitrary code execution.
The TIFF library could be made to run programs as your login if it opened a specially crafted file.

Summary

The TIFF library could be made to run programs as your login if it opened a

specially crafted file.

Software Description:

- tiff: TIFF manipulation and conversion tools

Details:

It was discovered that the TIFF library incorrectly handled certain JPEG

data. If a user or automated system were tricked into opening a specially

crafted TIFF image, a remote attacker could execute arbitrary code with

user privileges, or crash the application, leading to a denial of service.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 10.10:
  libtiff4                        3.9.4-2ubuntu0.4

Ubuntu 10.04 LTS:
  libtiff4                        3.9.2-2ubuntu0.7

After a standard system update you need to restart your session to make
all the necessary changes.

References

CVE-2009-5022

Severity
critical
Lowest
Low
Medium
High
Critical

April 21, 2011

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.