Summary
The remote host is missing an update to tiff
announced via advisory USN-801-1.
Solution
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 6.06 LTS:
libtiff4 3.7.4-1ubuntu3.6
Ubuntu 8.04 LTS:
libtiff4 3.8.2-7ubuntu3.4
Ubuntu 8.10:
libtiff4 3.8.2-11ubuntu0.8.10.3
Ubuntu 9.04:
libtiff4 3.8.2-11ubuntu0.9.04.3
In general, a standard system upgrade is sufficient to effect the necessary changes.
https://secure1.securityspace.com/smysecure/catid.html?in=USN-801-1
Insight
Tielei Wang and Tom Lane discovered that the TIFF library did not correctly handle certain malformed TIFF images. If a user or automated system were tricked into processing a malicious image, an attacker could execute arbitrary code with the privileges of the user invoking the program.
Severity
Classification
-
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Ubuntu Update for bind9 USN-1601-1
- Ubuntu Update for apturl, Epiphany, gecko-sharp, gnome-python-extras, liferea, rhythmbox, totem, ubufox, yelp update USN-930-2
- Ubuntu Update for bash USN-2363-1
- Ubuntu Update for ffmpeg, ffmpeg-debian vulnerabilities USN-931-1
- Ubuntu Update for cupsys vulnerabilities USN-598-1