Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

Ubuntu 14.10: 2553-1 Critical: LibTIFF Denial Of Service

ubuntu
Calendar Grey March 31, 2015
Dist Ubuntu Esm H88
Stay informed about LibTIFF vulnerabilities on Ubuntu systems. Apply security patches, upgrade packages, and monitor advisories to safeguard your data.
LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file.

Summary

LibTIFF could be made to crash or run programs as your login if it opened a

specially crafted file.

Software Description:

- tiff: Tag Image File Format (TIFF) library

Details:

William Robinet discovered that LibTIFF incorrectly handled certain

malformed images. If a user or automated system were tricked into opening a

specially crafted image, a remote attacker could crash the application,

leading to a denial of service, or possibly execute arbitrary code with

user privileges. (CVE-2014-8127, CVE-2014-8128, CVE-2014-8129,

CVE-2014-8130)

Paris Zoumpouloglou discovered that LibTIFF incorrectly handled certain

malformed BMP images. If a user or automated system were tricked into

opening a specially crafted BMP image, a remote attacker could crash the

application, leading to a denial of service. (CVE-2014-9330)

Michal Zalewski discovered that LibTIFF incorrectly handled certain

malformed images. If a user or automated system were tricked into opening a

specia...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
  libtiff5                        4.0.3-10ubuntu0.1

Ubuntu 14.04 LTS:
  libtiff5                        4.0.3-7ubuntu0.2

Ubuntu 12.04 LTS:
  libtiff4                        3.9.5-2ubuntu1.7

Ubuntu 10.04 LTS:
  libtiff4                        3.9.2-2ubuntu0.15

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2553-1

CVE-2014-8127, CVE-2014-8128, CVE-2014-8129, CVE-2014-8130,

CVE-2014-9330, CVE-2014-9655

Severity
critical
Lowest
Low
Medium
High
Critical

March 31, 2015

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.