Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 579
Alerts This Week
Warning Icon 1 579

Ubuntu 22.04 LTS: 5619-1 Critical: LibTIFF Denial Of Service

ubuntu
Calendar Grey September 20, 2022
Dist Ubuntu Esm H88
Several security flaws identified in LibTIFF across different Ubuntu releases. Please ensure you update your systems promptly to safeguard against potential threats.
Several security issues were fixed in LibTIFF.

Summary

Several security issues were fixed in LibTIFF.

Software Description:

- tiff: Tag Image File Format (TIFF) library

Details:

It was discovered that LibTIFF was not properly performing the calculation

of data that would eventually be used as a reference for bound-checking

operations. An attacker could possibly use this issue to cause a denial of

service or to expose sensitive information. This issue only affected Ubuntu

18.04 LTS. (CVE-2020-19131)

It was discovered that LibTIFF was not properly terminating a function

execution when processing incorrect data. An attacker could possibly use

this issue to cause a denial of service or to expose sensitive information.

This issue only affected Ubuntu 18.04 LTS. (CVE-2020-19144)

It was discovered that LibTIFF did not properly manage memory under certain

circumstances. If a user were tricked into opening a specially crafted TIFF

file using tiffinfo tool, an attacker could possibly use this issue to

cause a denial of...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS:
  libtiff-opengl                  4.3.0-6ubuntu0.1
  libtiff-tools                   4.3.0-6ubuntu0.1
  libtiff5                        4.3.0-6ubuntu0.1
  libtiffxx5                      4.3.0-6ubuntu0.1

Ubuntu 20.04 LTS:
  libtiff-opengl                  4.1.0+git191117-2ubuntu0.20.04.5
  libtiff-tools                   4.1.0+git191117-2ubuntu0.20.04.5
  libtiff5                        4.1.0+git191117-2ubuntu0.20.04.5
  libtiffxx5                      4.1.0+git191117-2ubuntu0.20.04.5

Ubuntu 18.04 LTS:
  libtiff-opengl                  4.0.9-5ubuntu0.7
  libtiff-tools                   4.0.9-5ubuntu0.7
  libtiff5                        4.0.9-5ubuntu0.7
  libtiffxx5                      4.0.9-5ubuntu0.7

Ubuntu 16.04 ESM:
  libtiff-opengl                  4.0.6-1ubuntu0.8+esm4
  libtiff-tools                   4.0.6-1ubuntu0.8+esm4
  libtiff5                        4.0.6-1ubuntu0.8+esm4
  libtiffxx5                      4.0.6-1ubuntu0.8+esm4

Ubuntu 14.04 ESM:
  libtiff-opengl                  4.0.3-7ubuntu0.11+esm4
  libtiff-tools                   4.0.3-7ubuntu0.11+esm4
  libtiff5                        4.0.3-7ubuntu0.11+esm4
  libtiffxx5                      4.0.3-7ubuntu0.11+esm4

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5619-1

CVE-2020-19131, CVE-2020-19144, CVE-2022-1354, CVE-2022-1355,

CVE-2022-2056, CVE-2022-2057, CVE-2022-2058

Severity
critical
Lowest
Low
Medium
High
Critical

September 20, 2022

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.