Ubuntu USN-801-1 (tiff) Network Vulnerability

Summary

The remote host is missing an update to tiff announced via advisory USN-801-1.

Solution

The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libtiff4 3.7.4-1ubuntu3.6 Ubuntu 8.04 LTS: libtiff4 3.8.2-7ubuntu3.4 Ubuntu 8.10: libtiff4 3.8.2-11ubuntu0.8.10.3 Ubuntu 9.04: libtiff4 3.8.2-11ubuntu0.9.04.3 In general, a standard system upgrade is sufficient to effect the necessary changes. https://secure1.securityspace.com/smysecure/catid.html?in=USN-801-1

Insight

Tielei Wang and Tom Lane discovered that the TIFF library did not correctly handle certain malformed TIFF images. If a user or automated system were tricked into processing a malicious image, an attacker could execute arbitrary code with the privileges of the user invoking the program.

Severity

Classification

CVE

CVE-2008-0196, CVE-2008-2327, CVE-2009-0034, CVE-2009-0037, CVE-2009-0040, CVE-2009-0352, CVE-2009-0353, CVE-2009-0652, CVE-2009-0771, CVE-2009-0772, CVE-2009-0773, CVE-2009-0774, CVE-2009-0776, CVE-2009-0858, CVE-2009-1185, CVE-2009-1302, CVE-2009-1303, CVE-2009-1307, CVE-2009-1392, CVE-2009-1422, CVE-2009-1423, CVE-2009-1424, CVE-2009-1425, CVE-2009-1832, CVE-2009-1836, CVE-2009-1838, CVE-2009-1841, CVE-2009-1890, CVE-2009-1891, CVE-2009-1959, CVE-2009-2285, CVE-2009-2295, CVE-2009-2334, CVE-2009-2335, CVE-2009-2336, CVE-2009-2347, CVE-2009-2360

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Take action and discover your vulnerabilities