[USN-5743-2] LibTIFF vulnerability

Thu, 01 Dec 2022 09:48:38 -0800 

==========================================================================
Ubuntu Security Notice USN-5743-2
December 01, 2022

tiff vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

LibTIFF could be made to crash or run programs as your login if it
opened a specially crafted file.

Software Description:
- tiff: Tag Image File Format (TIFF) library

Details:

USN-5743-1 fixed a vulnerability in LibTIFF. This update provides the
corresponding updates for Ubuntu 18.04 LTS, Ubuntu 20.04 LTS,
Ubuntu 22.04 LTS and Ubuntu 22.10.

Original advisory details:

 It was discovered that LibTIFF incorrectly handled certain malformed
 images. If a user or automated system were tricked into opening a specially 
 crafted image, a remote attacker could crash the application, leading to a
 denial of service, or possibly execute arbitrary code with user privileges. 

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.10:
  libtiff-tools                   4.4.0-4ubuntu3.2
  libtiff5                        4.4.0-4ubuntu3.2

Ubuntu 22.04 LTS:
  libtiff-tools                   4.3.0-6ubuntu0.3
  libtiff5                        4.3.0-6ubuntu0.3

Ubuntu 20.04 LTS:
  libtiff-tools                   4.1.0+git191117-2ubuntu0.20.04.7
  libtiff5                        4.1.0+git191117-2ubuntu0.20.04.7

Ubuntu 18.04 LTS:
  libtiff-tools                   4.0.9-5ubuntu0.9
  libtiff5                        4.0.9-5ubuntu0.9

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-5743-2
  https://ubuntu.com/security/notices/USN-5743-1
  CVE-2022-3970

Package Information:
  https://launchpad.net/ubuntu/+source/tiff/4.4.0-4ubuntu3.2
  https://launchpad.net/ubuntu/+source/tiff/4.3.0-6ubuntu0.3
https://launchpad.net/ubuntu/+source/tiff/4.1.0+git191117-2ubuntu0.20.04.7
  https://launchpad.net/ubuntu/+source/tiff/4.0.9-5ubuntu0.9

Attachment: OpenPGP_0x86A73CCF854ECB9A.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature
Description: OpenPGP digital signature














    











					Reply via email to