LibTIFF Vulnerabilities Fixed in Ubuntu 13.04

A few other distributions have been affected by this problem

  Ubuntu 12.04 desktop
Canonical published details about LibTIFF vulnerabilities for its Ubuntu 13.04, Ubuntu 12.10, Ubuntu 12.04 LTS, and Ubuntu 10.04 LTS operating systems.

Canonical published details about LibTIFF vulnerabilities for its Ubuntu 13.04, Ubuntu 12.10, Ubuntu 12.04 LTS, and Ubuntu 10.04 LTS operating systems.

According to Canonical, LibTIFF could be made to crash or run programs, as the user’s login, if it opened a specially crafted file.

It was discovered that LibTIFF incorrectly handled certain malformed images when using the tiff2pdf tool.

If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.

For a more detailed description of the security problems, you can visit Canonical's security notification.

Users can simply fix the security flaws by upgrading the operating systems to the latest libtiff5 and libtiff4 package, specific to each distribution.

A normal system update, executed with the Update Manager, will implement all the necessary changes. A complete system restart is not necessary.

Comments