|
Family: Ubuntu Local Security Checks --> Category: infos
USN156-1 : tiff vulnerability Vulnerability Scan
Vulnerability Scan Summary tiff vulnerability
Detailed Explanation for this Vulnerability Test
Synopsis :
These remote packages are missing security patches :
- libtiff-tools
- libtiff4
- libtiff4-dev
Description :
Wouter Hanegraaff discovered that the TIFF library did not
sufficiently validate the "YCbCr subsampling" value in TIFF image
headers. Decoding a malicious image with a zero value resulted in an
arithmetic exception, which caused the program that uses the TIFF
library to crash. This leads to a Denial of Service in server
applications that use libtiff (like the CUPS printing system) and can
cause data loss in, for example, the Evolution email client.
Solution :
Upgrade to :
- libtiff-tools-3.6.1-5ubuntu0.2 (Ubuntu 5.04)
- libtiff4-3.6.1-5ubuntu0.2 (Ubuntu 5.04)
- libtiff4-dev-3.6.1-5ubuntu0.2 (Ubuntu 5.04)
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|