what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Ubuntu Security Notice USN-5523-1

Ubuntu Security Notice USN-5523-1
Posted Jul 19, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5523-1 - It was discovered that LibTIFF was not properly performing checks to guarantee that allocated memory space existed, which could lead to a NULL pointer dereference via a specially crafted file. An attacker could possibly use this issue to cause a denial of service. It was discovered that LibTIFF was not properly performing checks to avoid division calculations where the denominator value was zero, which could lead to an undefined behavior situation via a specially crafted file. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2020-19131, CVE-2020-19144, CVE-2022-0909, CVE-2022-0924, CVE-2022-22844
SHA-256 | 5a59e47169abf47600d89ed49be7fdb00d3a42d34c3e046b30db89c940dc1bea

Ubuntu Security Notice USN-5523-1

Change Mirror Download
==========================================================================
Ubuntu Security Notice USN-5523-1
July 19, 2022

tiff vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM

Summary:

Several security issues were fixed in LibTIFF.

Software Description:
- tiff: Tag Image File Format (TIFF) library

Details:

It was discovered that LibTIFF was not properly performing checks to
guarantee that allocated memory space existed, which could lead to a
NULL pointer dereference via a specially crafted file. An attacker
could possibly use this issue to cause a denial of service.
(CVE-2022-0907, CVE-2022-0908)

It was discovered that LibTIFF was not properly performing checks to
avoid division calculations where the denominator value was zero,
which could lead to an undefined behavior situation via a specially
crafted file. An attacker could possibly use this issue to cause a
denial of service. (CVE-2022-0909)

It was discovered that LibTIFF was not properly performing bounds
checks, which could lead to an out-of-bounds read via a specially
crafted file. An attacker could possibly use this issue to cause a
denial of service or to expose sensitive information. (CVE-2022-0924)

It was discovered that LibTIFF was not properly performing the
calculation of data that would eventually be used as a reference for
bounds checking operations, which could lead to an out-of-bounds
read via a specially crafted file. An attacker could possibly use
this issue to cause a denial of service or to expose sensitive
information. (CVE-2020-19131)

It was discovered that LibTIFF was not properly terminating a
function execution when processing incorrect data, which could lead
to an out-of-bounds read via a specially crafted file. An attacker
could possibly use this issue to cause a denial of service or to
expose sensitive information. (CVE-2020-19144)

It was discovered that LibTIFF was not properly performing checks
when setting the value for data later used as reference during memory
access, which could lead to an out-of-bounds read via a specially
crafted file. An attacker could possibly use this issue to cause a
denial of service or to expose sensitive information.
(CVE-2022-22844)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 ESM:
libtiff-opengl 4.0.6-1ubuntu0.8+esm2
libtiff-tools 4.0.6-1ubuntu0.8+esm2
libtiff5 4.0.6-1ubuntu0.8+esm2
libtiffxx5 4.0.6-1ubuntu0.8+esm2

Ubuntu 14.04 ESM:
libtiff-opengl 4.0.3-7ubuntu0.11+esm2
libtiff-tools 4.0.3-7ubuntu0.11+esm2
libtiff5 4.0.3-7ubuntu0.11+esm2
libtiffxx5 4.0.3-7ubuntu0.11+esm2

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-5523-1
CVE-2020-19131, CVE-2020-19144, CVE-2022-0907, CVE-2022-0908,
CVE-2022-0909, CVE-2022-0924, CVE-2022-22844


Login or Register to add favorites

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    25 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    21 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    14 Files
  • 15
    Oct 15th
    49 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close