USN-639-1: tiff vulnerability

09-02-2008

Registered User

26,240, 27

Join Date: Sep 2000

Last Activity: 1 August 2008, 3:09 PM EDT

Posts: 26,240

Thanks Given: 0

Thanked 27 Times in 26 Posts

USN-639-1: tiff vulnerability

Referenced CVEs:
CVE-2008-2327

Description:
=========================================================== Ubuntu Security Notice USN-639-1 September 02, 2008 tiff vulnerability CVE-2008-2327 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libtiff4 3.7.4-1ubuntu3.3 Ubuntu 7.04: libtiff4 3.8.2-6ubuntu1 Ubuntu 7.10: libtiff4 3.8.2-7ubuntu2.1 Ubuntu 8.04 LTS: libtiff4 3.8.2-7ubuntu3.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Drew Yao discovered that the TIFF library did not correctly validate LZW compressed TIFF images. If a user or automated system were tricked into processing a malicious image, a remote attacker could execute arbitrary code or cause an application linked against libtiff to crash, leading to a denial of service.

More...

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

img-tiff(n) img-tiff(n) __________________________________________________________________________________________________________________________________________________ NAME
img-tiff - Img, Tagged Image File Format (tiff) SYNOPSIS
package require Tk package require img::tiff ?1.4? image create photo ?name? ?options? _________________________________________________________________ DESCRIPTION
The package img::tiff is a sub-package of Img. It can be loaded as a part of the complete Img support, via package require Img, or on its own, via package require img::tiff. Like all packages of Img it does not provide new commands, but extends the existing Tk command image so that it supports files containing raster images in the Tagged Image File Format (tiff). More specifically img::tiff extends Tk's photo image type. The name of the new format handler is tiff. This handler provides new additional configuration options. See section TIFF OPTIONS for more detailed explanations. All of the above means that in a call like image create photo ?name? ?options? [1] Image data in tiff format (options -data and -file) is detected automatically. [2] The format name tiff is recognized by the option -format. In addition the value for the option is treated as list and may contain any of the special options listed in section TIFF OPTIONS. TIFF OPTIONS
The handler provides three options, one for reading from a TIFF image, the other two influencing the writing of such. -index n This option is for reading from TIFF files containing more than one image (multi-page TIFF. When specified it will read the n'th image in the data. The first image is at index 0 and will be read by default, i.e. when the option is not specified. -compression type This option specifies the type of compression to use when writing TIFF data. It has to be one of none, jpeg, packbits, or deflate. The default is none. -byteorder type This option specifies the byteorder to use when writing TIFF data. It has to be one of bigendian, littleendian, network, smallen- dian, or the empty string. The default is the empty string. The values bigendian and network are aliases of each other, as are littleendian and smallendian. SEE ALSO
img-bmp, img-dted, img-gif, img-ico, img-intro, img-jpeg, img-pcx, img-pixmap, img-png, img-ppm, img-ps, img-raw, img-sgi, img-sun, img- tga, img-tiff, img-window, img-xbm, img-xpm KEYWORDS
image handling, tiff, tk COPYRIGHT
Copyright (c) 1995-2009 Jan Nijtmans <nijtmans@users.sourceforge.net> Img 1.4 img-tiff(n)

Security Advisories (RSS)

USN-639-1: tiff vulnerability

LEARN ABOUT OSX

img-tiff