You are here
Home > Preporuke > Sigurnosni nedostaci programske biblioteke LibTIFF

Sigurnosni nedostaci programske biblioteke LibTIFF

==========================================================================
Ubuntu Security Notice USN-4158-1
October 17, 2019

tiff vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 19.04
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in LibTIFF.

Software Description:
– tiff: Tag Image File Format (TIFF) library

Details:

It was discovered that LibTIFF incorrectly handled certain malformed
images. If a user or automated system were tricked into opening a specially
crafted image, a remote attacker could crash the application, leading to a
denial of service, or possibly execute arbitrary code with user privileges.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
libtiff-tools 4.0.10-4ubuntu0.1
libtiff5 4.0.10-4ubuntu0.1

Ubuntu 18.04 LTS:
libtiff-tools 4.0.9-5ubuntu0.3
libtiff5 4.0.9-5ubuntu0.3

Ubuntu 16.04 LTS:
libtiff-tools 4.0.6-1ubuntu0.7
libtiff5 4.0.6-1ubuntu0.7

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4158-1
CVE-2019-14973, CVE-2019-17546

Package Information:
https://launchpad.net/ubuntu/+source/tiff/4.0.10-4ubuntu0.1
https://launchpad.net/ubuntu/+source/tiff/4.0.9-5ubuntu0.3
https://launchpad.net/ubuntu/+source/tiff/4.0.6-1ubuntu0.7

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl2oY9cACgkQZWnYVadE
vpOGYQ/9EX2Dvfu17L5vWaWPh7dIW+DUvDFuSzysNlUbK4R4uWwVXb/laaOGzjVV
DRk9zoqSXQPddFOyB7RzyjmxhPlVZQRnoaGs9ZWeYX71hGCp1w2DxZlBPs01d3xV
pO+mPVKX6ffX7vrxBM9N3yuHLlgdF1XMGEsD3KJ6/1Z5lW6Kp/CouBE/AgO5ESLR
/JQnD3Hzmv3uhtBiIQtFP77yee/wO5nDY+xMmRQ+pUvTXs/Lu71urmxJYF+TmssW
H++888bzTpReTg2CV14drokGWXtNMY9x7Pz6JWvvgntopEAZpxwrgCJswmtHmTMO
i1qpOtStKDanpca5qVtBYfWzshF2TeFWgO6gSHGyhN2aYRQAfYcGEfUGvUTVQwE2
GZD9L2TK0MOP1lUGDvBj4cDTYtM18xNAvm8SWEzJVBDNdZBgU4S56OghlZ3DvIhz
SDOY8J8+E5y8x/u1VQsrZr+I52d45t+HQ2uwsTTqCtFnEXx4dmpnZDR8EtzhB4Py
LM83Mvluqd2ohCPp1g/boQcQOpSGf1Rj/Za7iw5yJpk7ncX30SA7ScJkzyK7x/U+
s/wbtiBOY4oZJuXZUEY8TXQr+6rNRGLkv2tbrvaVlfAbGiQm93usUR48e4DOtbQS
yLAJnlXPyEOEbFVxFGgdgcJaRFe1hojmqee7HdySMqMnRHmD5L4=
=1Tkf
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostaci programskih paketa java-1.8.0-openjdk i java-11-openjdk

Otkriveni su sigurnosni nedostaci u programskim paketima java-1.8.0-openjdk i java-11-openjdk za operacijski sustav RHEL. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje...

Close