Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 438
Alerts This Week
Warning Icon 1 438

Ubuntu 20.04 LTS, 18.04 LTS: USN-5523-2 Moderate: LibTIFF DoS

ubuntu
Calendar Grey September 12, 2022
Dist Ubuntu Esm H88
LibTIFF vulnerabilities fixed in Ubuntu 20.04 and 18.04, addressing potential denial of service threats. Ensure your system is updated promptly.
Several security issues were fixed in LibTIFF.

Summary

Several security issues were fixed in LibTIFF.

Software Description:

- tiff: Tag Image File Format (TIFF) library

Details:

USN-5523-1 fixed several vulnerabilities in LibTIFF. This update

provides the fixes for CVE-2022-0907, CVE-2022-0908, CVE-2022-0909,

CVE-2022-0924 and CVE-2022-22844 for Ubuntu 18.04 LTS and

Ubuntu 20.04 LTS.

Original advisory details:

 It was discovered that LibTIFF was not properly perf   orming checks to

 guarantee that allocated memory space existed, which could lead to a

 NULL pointer dereference via a specially crafted file. An attacker

 could possibly use this issue to cause a denial of service.

 (CVE-2022-0907, CVE-2022-0908)

 It was discovered that LibTIFF was not properly performing checks to

 avoid division calculations where the denominator value was zero,

 which could lead to an undefined behavior situation via a specially

 crafted file. An attacker could possibly use this issue to cause a

 denia...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
   libtiff-opengl                  4.1.0+git191117-2ubuntu0.20.04.4
   libtiff-tools                   4.1.0+git191117-2ubuntu0.20.04.4
   libtiff5                        4.1.0+git191117-2ubuntu0.20.04.4
   libtiffxx5                      4.1.0+git191117-2ubuntu0.20.04.4

Ubuntu 18.04 LTS:
   libtiff-opengl                  4.0.9-5ubuntu0.6
   libtiff-tools                   4.0.9-5ubuntu0.6
   libtiff5                        4.0.9-5ubuntu0.6
   libtiffxx5                      4.0.9-5ubuntu0.6

In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-5523-2

  https://ubuntu.com/security/notices/USN-5523-1

  CVE-2022-0907, CVE-2022-0908, CVE-2022-0909, CVE-2022-0924,

  CVE-2022-22844

Severity
important
Lowest
Low
Medium
High
Critical

September 12, 2022

Package Information

  https://launchpad.net/ubuntu/+source/tiff/4.0.9-5ubuntu0.6

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.