Ubuntu 12.10: 1631-2 Urgent: LibPNG Vulnerability Exploit
Nov 15, 2012
•
LinuxSecurity Advisories
1 - 2 min read
LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file.
=========================================================================Ubuntu Security Notice USN-1631-1 November 15, 2012 tiff vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS Summary: LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file. Software Description: - tiff: Tag Image File Format (TIFF) library Details: It was discovered that LibTIFF incorrectly handled certain malformed images using the PixarLog compression format. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. (CVE-2012-4447) Huzaifa S. Sidhpurwala discovered that the ppm2tiff tool incorrectly handled certain malformed PPM images. If a user or automated system were tricked into opening a specially crafted PPM image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. (CVE-2012-4564) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.10: libtiff5 4.0.2-1ubuntu2.1 Ubuntu 12.04 LTS: libtiff4 3.9.5-2ubuntu1.3 Ubuntu 11.10: libtiff4 3.9.5-1ubuntu1.4 Ubuntu 10.04 LTS: libtiff4 3.9.2-2ubuntu0.11 Ubuntu 8.04 LTS: libtiff4 3.8.2-7ubuntu3.14 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-1631-1 CVE-2012-4447, CVE-2012-4564 Package Information: https://launchpad.net/ubuntu/+source/tiff/4.0.2-1ubuntu2.1 https://launchpad.net/ubuntu/+source/tiff/3.9.5-2ubuntu1.3 https://launchpad.net/ubuntu/+source/tiff/3.9.5-1ubuntu1.4 https://launchpad.net/ubuntu/+source/tiff/3.9.2-2ubuntu0.11 https://launchpad.net/ubuntu/+source/tiff/3.8.2-7ubuntu3.14
PREVIOUS
NEXT
Ubuntu 12.10: 1631-2 Urgent: LibPNG Vulnerability Exploit
ubuntu
November 15, 2012
LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file.
Summary
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 12.10: libtiff5 4.0.2-1ubuntu2.1 Ubuntu 12.04 LTS: libtiff4 3.9.5-2ubuntu1.3 Ubuntu 11.10: libtiff4 3.9.5-1ubuntu1.4 Ubuntu 10.04 LTS: libtiff4 3.9.2-2ubuntu0.11 Ubuntu 8.04 LTS: libtiff4 3.8.2-7ubuntu3.14 In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-1631-1
CVE-2012-4447, CVE-2012-4564
Severity
critical
Lowest
Low
Medium
High
Critical
November 15, 2012
Package Information
https://launchpad.net/ubuntu/+source/tiff/4.0.2-1ubuntu2.1 https://launchpad.net/ubuntu/+source/tiff/3.9.5-2ubuntu1.3 https://launchpad.net/ubuntu/+source/tiff/3.9.5-1ubuntu1.4 https://launchpad.net/ubuntu/+source/tiff/3.9.2-2ubuntu0.11 https://launchpad.net/ubuntu/+source/tiff/3.8.2-7ubuntu3.14
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!