LibTIFF Security Exploit Fixed for Ubuntu 12.04

On December 5, Canonical published in a security notice details about a CUPS vulnerability for its Ubuntu 12.04 LTS (Precise Pangolin), Ubuntu 11.10 (Oneiric Ocelot), Ubuntu 10.04 LTS (Lucid Lynx), and Ubuntu 8.04 LTS (Hardy Heron) operating systems.

According to Canonical, programs that used LibTIFF could have been made to crash or to run programs, if they opened a specially-crafted file.

It was discovered that LibTIFF incorrectly handled certain malformed images using the DOTRANGE tag.

A remote attacker could have crashed the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.

For a more detailed description of the security problems, you can visit Canonical's security notification.

Users can simply fix the security flaws by upgrading the operating systems to the latest libtiff4, specific to each distribution.

A normal system update, executed with the Update Manager, will implement all the necessary changes. A complete system restart is not necessary.