Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Ubuntu 24.04 LTS: USN-6827-1 Critical: LibTIFF Denial of Service

ubuntu
Calendar Grey June 11, 2024
Dist Ubuntu Esm H88
Stay secure by upgrading your LibTIFF packages to combat identified vulnerabilities. Follow our steps to ensure your system is protected against threats
LibTIFF could be made to crash if it opened a specially crafted file.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 23.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: LibTIFF could be made to crash if it opened a specially crafted file. Software Description: - tiff: Tag Image File Format (TIFF) library Details: It was discovered that LibTIFF incorrectly handled memory when performing certain cropping operations, leading to a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service.

Topics%20covered

Topics Covered

security advisory denial of service software update Ubuntu heap overflow crash tiff

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS libtiff-opengl 4.5.1+git230720-4ubuntu2.1 libtiff-tools 4.5.1+git230720-4ubuntu2.1 libtiff6 4.5.1+git230720-4ubuntu2.1 libtiffxx6 4.5.1+git230720-4ubuntu2.1 Ubuntu 23.10 libtiff-opengl 4.5.1+git230720-1ubuntu1.2 libtiff-tools 4.5.1+git230720-1ubuntu1.2 libtiff6 4.5.1+git230720-1ubuntu1.2 libtiffxx6 4.5.1+git230720-1ubuntu1.2 Ubuntu 22.04 LTS libtiff-opengl 4.3.0-6ubuntu0.9 libtiff-tools 4.3.0-6ubuntu0.9 libtiff5 4.3.0-6ubuntu0.9 libtiffxx5 4.3.0-6ubuntu0.9 Ubuntu 20.04 LTS libtiff-tools 4.1.0+git191117-2ubuntu0.20.04.13 libtiff5 4.1.0+git191117-2ubuntu0.20.04.13 Ubuntu 18.04 LTS libtiff-opengl 4.0.9-5ubuntu0.10+esm6 Available with Ubuntu Pro libtiff-tools 4.0.9-5ubuntu0.10+esm6 Available with Ubuntu Pro libtiff5 4.0.9-5ubuntu0.10+esm6 Available with Ubuntu Pro libtiffxx5 4.0.9-5ubuntu0.10+esm6 Available with Ubuntu Pro Ubuntu 16.04 LTS libtiff-opengl 4.0.6-1ubuntu0.8+esm16 Available with Ubuntu Pro libtiff-tools 4.0.6-1ubuntu0.8+esm16 Available with Ubuntu Pro libtiff5 4.0.6-1ubuntu0.8+esm16 Available with Ubuntu Pro libtiffxx5 4.0.6-1ubuntu0.8+esm16 Available with Ubuntu Pro Ubuntu 14.04 LTS libtiff-opengl 4.0.3-7ubuntu0.11+esm13 Available with Ubuntu Pro libtiff-tools 4.0.3-7ubuntu0.11+esm13 Available with Ubuntu Pro libtiff5 4.0.3-7ubuntu0.11+esm13 Available with Ubuntu Pro libtiffxx5 4.0.3-7ubuntu0.11+esm13 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6827-1

CVE-2023-3164

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6827-1

Topics%20covered

Topics Covered

security advisory denial of service software update Ubuntu heap overflow crash tiff

Package Information

https://launchpad.net/ubuntu/+source/tiff/4.5.1+git230720-4ubuntu2.1 https://launchpad.net/ubuntu/+source/tiff/4.5.1+git230720-1ubuntu1.2 https://launchpad.net/ubuntu/+source/tiff/4.3.0-6ubuntu0.9 https://launchpad.net/ubuntu/+source/tiff/4.1.0+git191117-2ubuntu0.20.04.13

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here