==========================================================================
Ubuntu Security Notice USN-4158-1
October 17, 2019
tiff vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 19.04
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in LibTIFF.
Software Description:
– tiff: Tag Image File Format (TIFF) library
Details:
It was discovered that LibTIFF incorrectly handled certain malformed
images. If a user or automated system were tricked into opening a specially
crafted image, a remote attacker could crash the application, leading to a
denial of service, or possibly execute arbitrary code with user privileges.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.04:
libtiff-tools 4.0.10-4ubuntu0.1
libtiff5 4.0.10-4ubuntu0.1
Ubuntu 18.04 LTS:
libtiff-tools 4.0.9-5ubuntu0.3
libtiff5 4.0.9-5ubuntu0.3
Ubuntu 16.04 LTS:
libtiff-tools 4.0.6-1ubuntu0.7
libtiff5 4.0.6-1ubuntu0.7
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4158-1
CVE-2019-14973, CVE-2019-17546
Package Information:
https://launchpad.net/ubuntu/+source/tiff/4.0.10-4ubuntu0.1
https://launchpad.net/ubuntu/+source/tiff/4.0.9-5ubuntu0.3
https://launchpad.net/ubuntu/+source/tiff/4.0.6-1ubuntu0.7
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl2oY9cACgkQZWnYVadE
vpOGYQ/9EX2Dvfu17L5vWaWPh7dIW+DUvDFuSzysNlUbK4R4uWwVXb/laaOGzjVV
DRk9zoqSXQPddFOyB7RzyjmxhPlVZQRnoaGs9ZWeYX71hGCp1w2DxZlBPs01d3xV
pO+mPVKX6ffX7vrxBM9N3yuHLlgdF1XMGEsD3KJ6/1Z5lW6Kp/CouBE/AgO5ESLR
/JQnD3Hzmv3uhtBiIQtFP77yee/wO5nDY+xMmRQ+pUvTXs/Lu71urmxJYF+TmssW
H++888bzTpReTg2CV14drokGWXtNMY9x7Pz6JWvvgntopEAZpxwrgCJswmtHmTMO
i1qpOtStKDanpca5qVtBYfWzshF2TeFWgO6gSHGyhN2aYRQAfYcGEfUGvUTVQwE2
GZD9L2TK0MOP1lUGDvBj4cDTYtM18xNAvm8SWEzJVBDNdZBgU4S56OghlZ3DvIhz
SDOY8J8+E5y8x/u1VQsrZr+I52d45t+HQ2uwsTTqCtFnEXx4dmpnZDR8EtzhB4Py
LM83Mvluqd2ohCPp1g/boQcQOpSGf1Rj/Za7iw5yJpk7ncX30SA7ScJkzyK7x/U+
s/wbtiBOY4oZJuXZUEY8TXQr+6rNRGLkv2tbrvaVlfAbGiQm93usUR48e4DOtbQS
yLAJnlXPyEOEbFVxFGgdgcJaRFe1hojmqee7HdySMqMnRHmD5L4=
=1Tkf
—–END PGP SIGNATURE—–
—