Details
Tavis Ormandy discovered that the TIFF library did not sufficiently
check handled images for validity. By tricking an user or an automated
system into processing a specially crafted TIFF image, an attacker
could exploit these weaknesses to execute arbitrary code with the
target application's privileges.
This library is used in many client and server applications, thus you
should reboot your computer after the upgrade to ensure that all
running programs use the new version of the library.
Tavis Ormandy discovered that the TIFF library did not sufficiently
check handled images for validity. By tricking an user or an automated
system into processing a specially crafted TIFF image, an attacker
could exploit these weaknesses to execute arbitrary code with the
target application's privileges.
This library is used in many client and server applications, thus you
should reboot your computer after the upgrade to ensure that all
running programs use the new version of the library.
Update instructions
After a standard system upgrade you need to reboot your computer to effect the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 6.06 dapper | libtiff4 – 3.7.4-1ubuntu3.2 | ||
| 5.10 breezy | libtiff4 – 3.7.3-1ubuntu1.5 | ||
| 5.04 hoary | libtiff4 – 3.6.1-5ubuntu0.6 | ||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.
References
- CVE-2006-3465
- CVE-2006-3465
- CVE-2006-3464
- CVE-2006-3464
- CVE-2006-3463
- CVE-2006-3463
- CVE-2006-3462
- CVE-2006-3462
- CVE-2006-3461
- CVE-2006-3461