You are here
Home > Preporuke > Sigurnosni nedostaci programske biblioteke LibTIFF

Sigurnosni nedostaci programske biblioteke LibTIFF

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-3602-1
March 20, 2018

tiff vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS

Summary:

LibTIFF could be made to crash or run programs as your login if it opened a
specially crafted file.

Software Description:
– tiff: Tag Image File Format (TIFF) library

Details:

It was discovered that LibTIFF incorrectly handled certain malformed
images. If a user or automated system were tricked into opening a specially
crafted image, a remote attacker could crash the application, leading to a
denial of service, or possibly execute arbitrary code with user privileges.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
libtiff-tools 4.0.6-1ubuntu0.3
libtiff5 4.0.6-1ubuntu0.3

Ubuntu 14.04 LTS:
libtiff-tools 4.0.3-7ubuntu0.8
libtiff5 4.0.3-7ubuntu0.8

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3602-1
CVE-2016-10266, CVE-2016-10267, CVE-2016-10268, CVE-2016-10269,
CVE-2016-10371, CVE-2017-10688, CVE-2017-11335, CVE-2017-12944,
CVE-2017-13726, CVE-2017-13727, CVE-2017-18013, CVE-2017-7592,
CVE-2017-7593, CVE-2017-7594, CVE-2017-7595, CVE-2017-7596,
CVE-2017-7597, CVE-2017-7598, CVE-2017-7599, CVE-2017-7600,
CVE-2017-7601, CVE-2017-7602, CVE-2017-9403, CVE-2017-9404,
CVE-2017-9815, CVE-2017-9936, CVE-2018-5784

Package Information:
https://launchpad.net/ubuntu/+source/tiff/4.0.6-1ubuntu0.3
https://launchpad.net/ubuntu/+source/tiff/4.0.3-7ubuntu0.8

—–BEGIN PGP SIGNATURE—–

iQIcBAEBCgAGBQJasVvPAAoJEGVp2FWnRL6T9A4QAJtR+vP2nIqiRkoBNyboeZQe
MkNrIZMnaMBRdjNwza3rAHg6p27ur7om/HaguBR/Jwg8FbEF91zDvBLE4S8SIHoh
T2dRkUhm+36D1cXUGXs/8EukAzb9M+yu7IhjLfdSOiEajfa91/+fpsRwKAV0pPbq
uRty5VzmijWCLFVIPuH0XzgZZ4dh3t7lgt3c6C6dCc2Ke6/Jh3/2pS65n4rn6xSG
ic0f0llt+PwHBgRKHx063p8aAhMPWFp3mBfGZ/z3oQ3EboXI+J1zORlwTiITmVYg
fhL3QF26MJhoC/Y9odAqGiRHLdw3AWXjNWbv6FFCABbbOSuBd1S3xPpkeTQTt1AZ
udrYx2kkbr+uLKeQMvVVbqJj+7c54xsFhiTfaXzZYWzyiMB9fHpwxwxMHE8amgcp
BtI7Er6h9A1VJbTC40e+WTdcRwKc2kPCkcg7jHENWCZ29wXcsBTxPlJDSJAJAd9X
L0PHRZALRiirGDW859aONdbK2pee+n+f2JYEVYy8WhWKem8t6CsrHjJZssjlI6hc
F8CjNi0OhLt0K+RYhAksDMnkMyT6aV4GRp3ey5FKjFVf3oUIs+ossZTktQ3859rr
XPGkkGB6Cm2R5FGalxMGD6cwdzVCesoygmIaL0fB1skwVS9WRDO2YG1x/Nlof07R
M7WH1/f9veqj2pJ9efJm
=S5tC
—–END PGP SIGNATURE—–

AutorDanijel Kozinovic
Cert idNCERT-REF-2018-03-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostaci programske biblioteke libgit2

Otkriveni su sigurnosni nedostaci u programskoj biblioteci libgit2 za operacijski sustav Fedora. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja....

Close