Ubuntu Security Notice USN-6428-1

Ubuntu Security Notice USN-6428-1: Posted Oct 11, 2023; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6428-1 - It was discovered that LibTIFF could be made to read out of bounds when processing certain malformed image files with the tiffcrop utility. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcrop to crash, resulting in a denial of service.; tags | advisory, denial of service; systems | linux, ubuntu; advisories | CVE-2023-1916; SHA-256 | 891afd8586b3c24ab048bfa40e9bd2dacb700190acc1c690c6bd2e2efec06002; Download | Favorite | View

Ubuntu Security Notice USN-6428-1

==========================================================================
Ubuntu Security Notice USN-6428-1
October 11, 2023

tiff vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.04
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)

Summary:

LibTIFF could be made to crash if it opened a specially crafted file.

Software Description:
- tiff: Tag Image File Format (TIFF) library

Details:

It was discovered that LibTIFF could be made to read out of bounds when
processing certain malformed image files with the tiffcrop utility. If a
user were tricked into opening a specially crafted image file, an attacker
could possibly use this issue to cause tiffcrop to crash, resulting in a
denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.04:
  libtiff-tools                   4.5.0-5ubuntu1.2
  libtiff6                        4.5.0-5ubuntu1.2

Ubuntu 22.04 LTS:
  libtiff-tools                   4.3.0-6ubuntu0.6
  libtiff5                        4.3.0-6ubuntu0.6

Ubuntu 20.04 LTS:
  libtiff-tools                   4.1.0+git191117-2ubuntu0.20.04.10
  libtiff5                        4.1.0+git191117-2ubuntu0.20.04.10

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
  libtiff-tools                   4.0.9-5ubuntu0.10+esm3
  libtiff5                        4.0.9-5ubuntu0.10+esm3

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
  libtiff-tools                   4.0.6-1ubuntu0.8+esm13
  libtiff5                        4.0.6-1ubuntu0.8+esm13

Ubuntu 14.04 LTS (Available with Ubuntu Pro):
  libtiff-tools                   4.0.3-7ubuntu0.11+esm10
  libtiff5                        4.0.3-7ubuntu0.11+esm10

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-6428-1
  CVE-2023-1916

Package Information:
  https://launchpad.net/ubuntu/+source/tiff/4.5.0-5ubuntu1.2
  https://launchpad.net/ubuntu/+source/tiff/4.3.0-6ubuntu0.6
  https://launchpad.net/ubuntu/+source/tiff/4.1.0+git191117-2ubuntu0.20.04.10

Top Authors In Last 30 Days

Red Hat 236 files
Ubuntu 90 files
Gentoo 31 files
Debian 23 files
tmrswrr 10 files
Sina Kheirkhah 7 files
Amit Roy 4 files
bRpsd 4 files
Rodolfo Tavares 4 files
nu11secur1ty 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,077)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,339)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,263)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,651)
UNIX (9,425)
UnixWare (187)
Windows (6,666)
Other

Ubuntu Security Notice USN-6428-1

Ubuntu Security Notice USN-6428-1

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Ubuntu Security Notice USN-6428-1

Share This

Ubuntu Security Notice USN-6428-1

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems