=========================================================================Ubuntu Security Notice USN-3212-1
February 27, 2017

tiff vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

LibTIFF could be made to crash or run programs as your login if it opened a
specially crafted file.

Software Description:
- tiff: Tag Image File Format (TIFF) library

Details:

It was discovered that LibTIFF incorrectly handled certain malformed
images. If a user or automated system were tricked into opening a specially
crafted image, a remote attacker could crash the application, leading to a
denial of service, or possibly execute arbitrary code with user privileges.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.10:
  libtiff-tools                   4.0.6-2ubuntu0.1
  libtiff5                        4.0.6-2ubuntu0.1

Ubuntu 16.04 LTS:
  libtiff-tools                   4.0.6-1ubuntu0.1
  libtiff5                        4.0.6-1ubuntu0.1

Ubuntu 14.04 LTS:
  libtiff-tools                   4.0.3-7ubuntu0.6
  libtiff5                        4.0.3-7ubuntu0.6

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-3212-1
  CVE-2015-7554, CVE-2015-8668, CVE-2016-10092, CVE-2016-10093,
  CVE-2016-10094, CVE-2016-3622, CVE-2016-3623, CVE-2016-3624,
  CVE-2016-3632, CVE-2016-3658, CVE-2016-3945, CVE-2016-3990,
  CVE-2016-3991, CVE-2016-5314, CVE-2016-5315, CVE-2016-5316,
  CVE-2016-5317, CVE-2016-5320, CVE-2016-5321, CVE-2016-5322,
  CVE-2016-5323, CVE-2016-5652, CVE-2016-5875, CVE-2016-6223,
  CVE-2016-8331, CVE-2016-9273, CVE-2016-9297, CVE-2016-9448,
  CVE-2016-9453, CVE-2016-9532, CVE-2016-9533, CVE-2016-9534,
  CVE-2016-9535, CVE-2016-9536, CVE-2016-9537, CVE-2016-9538,
  CVE-2016-9539, CVE-2016-9540, CVE-2017-5225

Package Information:
  https://launchpad.net/ubuntu/+source/tiff/4.0.6-2ubuntu0.1
  https://launchpad.net/ubuntu/+source/tiff/4.0.6-1ubuntu0.1
  https://launchpad.net/ubuntu/+source/tiff/4.0.3-7ubuntu0.6

Ubuntu 3212-1: LibTIFF vulnerabilities

February 27, 2017
LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file.

Summary

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 16.10: libtiff-tools 4.0.6-2ubuntu0.1 libtiff5 4.0.6-2ubuntu0.1 Ubuntu 16.04 LTS: libtiff-tools 4.0.6-1ubuntu0.1 libtiff5 4.0.6-1ubuntu0.1 Ubuntu 14.04 LTS: libtiff-tools 4.0.3-7ubuntu0.6 libtiff5 4.0.3-7ubuntu0.6 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-3212-1

CVE-2015-7554, CVE-2015-8668, CVE-2016-10092, CVE-2016-10093,

CVE-2016-10094, CVE-2016-3622, CVE-2016-3623, CVE-2016-3624,

CVE-2016-3632, CVE-2016-3658, CVE-2016-3945, CVE-2016-3990,

CVE-2016-3991, CVE-2016-5314, CVE-2016-5315, CVE-2016-5316,

CVE-2016-5317, CVE-2016-5320, CVE-2016-5321, CVE-2016-5322,

CVE-2016-5323, CVE-2016-5652, CVE-2016-5875, CVE-2016-6223,

CVE-2016-8331, CVE-2016-9273, CVE-2016-9297, CVE-2016-9448,

CVE-2016-9453, CVE-2016-9532, CVE-2016-9533, CVE-2016-9534,

CVE-2016-9535, CVE-2016-9536, CVE-2016-9537, CVE-2016-9538,

CVE-2016-9539, CVE-2016-9540, CVE-2017-5225

Severity
February 27, 2017

Package Information

https://launchpad.net/ubuntu/+source/tiff/4.0.6-2ubuntu0.1 https://launchpad.net/ubuntu/+source/tiff/4.0.6-1ubuntu0.1 https://launchpad.net/ubuntu/+source/tiff/4.0.3-7ubuntu0.6

Related News

Linux Mint 22: Elevating Security and Usability for Admins
3 - 5 min read
Linux Mint has has long been recognized as a versatile and user-friendly distribution and has earned great popularity among administrators and
Exim 4.98 Addresses Critical Vulnerabilities, Bolsters Email Server Security
2 - 4 min read
Exim is one of Unix-like systems' most widely used mail transfer agents. It's essential for email delivery and handling and is a significant part of
Recent OpenSSH RCE Bug Explained: Impact & Mitigations
2 - 4 min read
In an era where cybersecurity threats loom larger than ever, the discovery of a Remote Code Execution (RCE) vulnerability in OpenSSH by Qualys’
CVE-2024-4577: A Swiftly Weaponized Vulnerability for Ransomware Distribution
2 - 4 min read
Security researchers recently issued an update detailing how attackers are exploiting a PHP code execution vulnerability to spread TellYouThePass
Play Ransomware Group Unleashes New Threat on ESXi Environments: Analysis & Mitigation Strategies
3 - 5 min read
The Play ransomware group, well-known for its double-extortion tactics, recently unveiled a Linux variant targeting ESXi environments. This
Critical Linux Kernel Vulnerabilities Patched in Ubuntu Azure Systems
2 - 4 min read
Canonical has fixed several recently identified critical Linux kernel vulnerabilities in July 2024. These vulnerabilities primarily affect Microsoft
The Urgent Need for Secure Software Development: New Report Serves as a Wake-Up Call for the Industry
3 - 5 min read
The Linux Foundation and Open Source Security Foundation recently published a report entitled "Secure Software Development Education 2024
Severe Linux Kernel Privilege Escalation Bugs Could Compromise Entire Systems
2 - 4 min read
The Cybersecurity and Infrastructure Security Agency (CISA) recently added a new Linux kernel privilege escalation bug ( CVE-2024-1086 ) to its

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved