The problem can be corrected by upgrading the affected package to
version 3.6.1-1.1ubuntu1.4 (for Ubuntu 4.10), or 3.6.1-5ubuntu0.2 (for
Ubuntu 5.04). After a standard system upgrade you need to restart
your CUPS server with
sudo /etc/init.d/cupsys restart
to effect the necessary changes.
Wouter Hanegraaff discovered that the TIFF library did not
sufficiently validate the "YCbCr subsampling" value in TIFF image
headers. Decoding a malicious image with a zero value resulted in an
arithmetic exception, which caused the program that uses the TIFF
library to crash. This leads to a Denial of Service in server
applications that use libtiff (like the CUPS printing system) and can
cause data loss in, for example, the Evolution email client.