Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: Ubuntu Local Security Checks --> Category: infos

USN156-1 : tiff vulnerability Vulnerability Scan


Vulnerability Scan Summary
tiff vulnerability

Detailed Explanation for this Vulnerability Test

Synopsis :

These remote packages are missing security patches :
- libtiff-tools
- libtiff4
- libtiff4-dev


Description :

Wouter Hanegraaff discovered that the TIFF library did not
sufficiently validate the "YCbCr subsampling" value in TIFF image
headers. Decoding a malicious image with a zero value resulted in an
arithmetic exception, which caused the program that uses the TIFF
library to crash. This leads to a Denial of Service in server
applications that use libtiff (like the CUPS printing system) and can
cause data loss in, for example, the Evolution email client.

Solution :

Upgrade to :
- libtiff-tools-3.6.1-5ubuntu0.2 (Ubuntu 5.04)
- libtiff4-3.6.1-5ubuntu0.2 (Ubuntu 5.04)
- libtiff4-dev-3.6.1-5ubuntu0.2 (Ubuntu 5.04)



Threat Level: High


Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.