Ubuntu: 1498-2 Urgent: PNG Toolkit Remote Command Execution
Jul 05, 2012
•
LinuxSecurity Advisories
1 - 2 min read
Topics Covered
The TIFF library could be made to crash or run programs as your login if it opened a specially crafted file.
=========================================================================Ubuntu Security Notice USN-1498-1 July 05, 2012 tiff vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS Summary: The TIFF library could be made to crash or run programs as your login if it opened a specially crafted file. Software Description: - tiff: Tag Image File Format (TIFF) library Details: It was discovered that the TIFF library incorrectly handled certain malformed TIFF images. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. (CVE-2012-2088) It was discovered that the tiff2pdf utility incorrectly handled certain malformed TIFF images. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. (CVE-2012-2113) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: libtiff-tools 3.9.5-2ubuntu1.1 libtiff4 3.9.5-2ubuntu1.1 Ubuntu 11.10: libtiff-tools 3.9.5-1ubuntu1.2 libtiff4 3.9.5-1ubuntu1.2 Ubuntu 11.04: libtiff-tools 3.9.4-5ubuntu6.2 libtiff4 3.9.4-5ubuntu6.2 Ubuntu 10.04 LTS: libtiff-tools 3.9.2-2ubuntu0.9 libtiff4 3.9.2-2ubuntu0.9 Ubuntu 8.04 LTS: libtiff-tools 3.8.2-7ubuntu3.12 libtiff4 3.8.2-7ubuntu3.12 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-1498-1 CVE-2012-2088, CVE-2012-2113 Package Information: https://launchpad.net/ubuntu/+source/tiff/3.9.5-2ubuntu1.1 https://launchpad.net/ubuntu/+source/tiff/3.9.5-1ubuntu1.2 https://launchpad.net/ubuntu/+source/tiff/3.9.4-5ubuntu6.2 https://launchpad.net/ubuntu/+source/tiff/3.9.2-2ubuntu0.9 https://launchpad.net/ubuntu/+source/tiff/3.8.2-7ubuntu3.12
PREVIOUS
NEXT
Ubuntu: 1498-2 Urgent: PNG Toolkit Remote Command Execution
ubuntu
July 5, 2012
The TIFF library could be made to crash or run programs as your login if it opened a specially crafted file.
Summary
Topics Covered
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: libtiff-tools 3.9.5-2ubuntu1.1 libtiff4 3.9.5-2ubuntu1.1 Ubuntu 11.10: libtiff-tools 3.9.5-1ubuntu1.2 libtiff4 3.9.5-1ubuntu1.2 Ubuntu 11.04: libtiff-tools 3.9.4-5ubuntu6.2 libtiff4 3.9.4-5ubuntu6.2 Ubuntu 10.04 LTS: libtiff-tools 3.9.2-2ubuntu0.9 libtiff4 3.9.2-2ubuntu0.9 Ubuntu 8.04 LTS: libtiff-tools 3.8.2-7ubuntu3.12 libtiff4 3.8.2-7ubuntu3.12 In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-1498-1
CVE-2012-2088, CVE-2012-2113
Severity
important
Lowest
Low
Medium
High
Critical
July 05, 2012
Topics Covered
Package Information
https://launchpad.net/ubuntu/+source/tiff/3.9.5-2ubuntu1.1 https://launchpad.net/ubuntu/+source/tiff/3.9.5-1ubuntu1.2 https://launchpad.net/ubuntu/+source/tiff/3.9.4-5ubuntu6.2 https://launchpad.net/ubuntu/+source/tiff/3.9.2-2ubuntu0.9 https://launchpad.net/ubuntu/+source/tiff/3.8.2-7ubuntu3.12
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!