|
Family: Ubuntu Local Security Checks --> Category: infos
USN277-1 : tiff vulnerabilities Vulnerability Scan
Vulnerability Scan Summary tiff vulnerabilities
Detailed Explanation for this Vulnerability Test
Synopsis :
These remote packages are missing security patches :
- libtiff-opengl
- libtiff-tools
- libtiff4
- libtiff4-dev
- libtiffxx0c2
Description :
Tavis Ormandy and Andrey Kiselev discovered that libtiff did not
sufficiently verify the validity of TIFF files. By tricking an user
into opening a specially crafted TIFF file with any application that
uses libtiff, a possible hacker could exploit this to crash the application
or even execute arbitrary code with the application's rights.
Solution :
Upgrade to :
- libtiff-opengl-3.7.3-1ubuntu1.1 (Ubuntu 5.10)
- libtiff-tools-3.7.3-1ubuntu1.1 (Ubuntu 5.10)
- libtiff4-3.7.3-1ubuntu1.1 (Ubuntu 5.10)
- libtiff4-dev-3.7.3-1ubuntu1.1 (Ubuntu 5.10)
- libtiffxx0c2-3.7.3-1ubuntu1.1 (Ubuntu 5.10)
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|