==========================================================================
Ubuntu Security Notice USN-3602-1
March 20, 2018
tiff vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS
Summary:
LibTIFF could be made to crash or run programs as your login if it opened a
specially crafted file.
Software Description:
– tiff: Tag Image File Format (TIFF) library
Details:
It was discovered that LibTIFF incorrectly handled certain malformed
images. If a user or automated system were tricked into opening a specially
crafted image, a remote attacker could crash the application, leading to a
denial of service, or possibly execute arbitrary code with user privileges.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
libtiff-tools 4.0.6-1ubuntu0.3
libtiff5 4.0.6-1ubuntu0.3
Ubuntu 14.04 LTS:
libtiff-tools 4.0.3-7ubuntu0.8
libtiff5 4.0.3-7ubuntu0.8
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/usn/usn-3602-1
CVE-2016-10266, CVE-2016-10267, CVE-2016-10268, CVE-2016-10269,
CVE-2016-10371, CVE-2017-10688, CVE-2017-11335, CVE-2017-12944,
CVE-2017-13726, CVE-2017-13727, CVE-2017-18013, CVE-2017-7592,
CVE-2017-7593, CVE-2017-7594, CVE-2017-7595, CVE-2017-7596,
CVE-2017-7597, CVE-2017-7598, CVE-2017-7599, CVE-2017-7600,
CVE-2017-7601, CVE-2017-7602, CVE-2017-9403, CVE-2017-9404,
CVE-2017-9815, CVE-2017-9936, CVE-2018-5784
Package Information:
https://launchpad.net/ubuntu/+source/tiff/4.0.6-1ubuntu0.3
https://launchpad.net/ubuntu/+source/tiff/4.0.3-7ubuntu0.8
—–BEGIN PGP SIGNATURE—–
iQIcBAEBCgAGBQJasVvPAAoJEGVp2FWnRL6T9A4QAJtR+vP2nIqiRkoBNyboeZQe
MkNrIZMnaMBRdjNwza3rAHg6p27ur7om/HaguBR/Jwg8FbEF91zDvBLE4S8SIHoh
T2dRkUhm+36D1cXUGXs/8EukAzb9M+yu7IhjLfdSOiEajfa91/+fpsRwKAV0pPbq
uRty5VzmijWCLFVIPuH0XzgZZ4dh3t7lgt3c6C6dCc2Ke6/Jh3/2pS65n4rn6xSG
ic0f0llt+PwHBgRKHx063p8aAhMPWFp3mBfGZ/z3oQ3EboXI+J1zORlwTiITmVYg
fhL3QF26MJhoC/Y9odAqGiRHLdw3AWXjNWbv6FFCABbbOSuBd1S3xPpkeTQTt1AZ
udrYx2kkbr+uLKeQMvVVbqJj+7c54xsFhiTfaXzZYWzyiMB9fHpwxwxMHE8amgcp
BtI7Er6h9A1VJbTC40e+WTdcRwKc2kPCkcg7jHENWCZ29wXcsBTxPlJDSJAJAd9X
L0PHRZALRiirGDW859aONdbK2pee+n+f2JYEVYy8WhWKem8t6CsrHjJZssjlI6hc
F8CjNi0OhLt0K+RYhAksDMnkMyT6aV4GRp3ey5FKjFVf3oUIs+ossZTktQ3859rr
XPGkkGB6Cm2R5FGalxMGD6cwdzVCesoygmIaL0fB1skwVS9WRDO2YG1x/Nlof07R
M7WH1/f9veqj2pJ9efJm
=S5tC
—–END PGP SIGNATURE—–
—