-----BEGIN PGP PUBLIC KEY BLOCK-----
xsDNBGYvHjQBDADOi4xF8D69+cDdNMpjhdrWL3Hs7cRLXj2+aOPuMJXBw+dKUeOJ
eLHWnU+yhzQAJTVMSO/cYSzbJSkSF45dSnAIwYU9A501PWv786NEBNNe76y7B8Nm
PTQlRHdet678wzNNvIPCF/Ovll1dmRwh6OBvuSGrjhAITv3F6fDYyP2GE9lfDYyr
aMvG6HxkUZF5mAOB8N0AkVQaiIVLNOXHeKcpznw0G0uW3LtMMQWlm/VPLnaAwehK
0xHW6iK9ou5t5pWYJHoLRWbLTqUHDa9wvDaW+UGMsReVymXRJApHmS/li16TOaJN
w5xyz2NZ30f8FEstdTPo3OmZGcOSqztaqJAKn2tePDTnGXr/yj6wognQGZzXMcRi
uyyN+8j98u1pGwIVnxBQuq+lvpnC6acLvGjrp7F8g5zj6yeYGPJoR1Zp4eP7vbim
KhwK5tQxyoN0b5jP+PdGRQ3AwCBIGVSMRx58JTrPTdmfbVTswlVx+Zc4SeMY9PkO
t8PYsDZR+op2mK0AEQEAAc0nQnJ1Y2UgQ2FibGUgPGJydWNlLmNhYmxlQGNhbm9u
aWNhbC5jb20+wsEOBBMBCgA4AhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAFiEE
kd98mdFcnQdP7vQkuGrtzot7pOcFAmYvIIEACgkQuGrtzot7pOetwwv9F4wYw/6x
ZEAp0Vu5F8QlO1rKzEM2eI7Hle/YUEglOdEkKKgtOIrTFlGNIAovVrG/tR8iIdyb
JpEKZoD8e7Vq4wUDNMMTdmrDcetVIHJHCE6ZsFNTXuETss2oKZWPlYAWu9WKK/a3
CukscfORCuR7dVMXOSQ/B9MIt4KabfqOZo6Quh79HHLBNku4FfDlAoiBbG7jEir+
P8QgcJXG8PXjZC4TeVlY4nzGvecr/HVZuuX31GKjqvNRFgohWNYEveDy9zbdkqSf
OgpPHM5E3AAsZUNplo6iIWpxsJ8CyaO9kCNpAQko4rohmYp/VdC/PjaINZKqYT2w
RcZBhsaz8UnZ/frmPTQI8vYOMjhrJx+/t6j1U4hPc1IxeZONoe/vwPlFeR3tpJTC
Ve9uBEGDHZ4peg7wYq6soBaywPZtfhv+vdYfAjJ2W5Ve1xdWXn/Ni3t2Jj0zKOp1
EskzVYobpty3eAoW6BHL1YTin+1BRyt0fB0NoK956UNvQ0EHMm4+n2d2wsEUBBMB
CgA+FiEEkd98mdFcnQdP7vQkuGrtzot7pOcFAmYvHjQCGwMFCQPCZwAFCwkIBwIG
FQoJCAsCBBYCAwECHgECF4AACgkQuGrtzot7pOch/gv6A/IpwNg2u8tHVshl6skL
jdg+ZbN1iXjEWl/yZhPInPni0N3j+uYXO5WcbcnzHCABwl23CEXONDqK56YSFA3w
CriafqM60+8T0rhtE7V1ZDTnlscYWngW135EbPjTMV97UPAzGNJFxQABcNze3Ol3
Gfzqi8PM4dua+rBhuc7frLPGMnr6Uh0dK+48zkR7A3S4FpPodW9Lrx+3p1D4msF+
fCVqiXJAgNZ+4+4DLvw/Z0TqAfq8+p1U5ZPQghmY5t7Eb/ohqmMAHvfwt0ydqTb6
dPQFDftoS5X8k+bq3K2jcjjiXKpnfr2enUtLyC542bXWNcPd0plYYzrU4NI/jLsa
+65eMsJL+jMonB03lvbKcAmJriwsz8ptJPzOeRF+7XYYmgO7qg3FFTcxiomhPKSH
Fm+NAWzxTmHLzNQ93Y+3qSiQ0JGHs3M/68Juzl88qFhOqVUPZkd0q/fQpWWE/DU2
qDIpTJB/EOzrVjlgp9qTGJV1skGtW40nvhhpRhR/njz6zsDNBGYvHjQBDADGlkFl
ersL/tg3bhamgmyYg89KXwxILy7k74KtWQ/dufAf8M11q4y0BpzMu00nTRC0M5NH
nMSqZcvwz+iWvNDc5SiL4OwNg8YKU/3oGmCLBKDpWzXvBhLkGw8L94CLRakU358P
QCtmmPMdYVQ/HBJoxFhnzDPxe9ioPUm/sFaRHswCK/0hJ0q7LUz8w2D6gy+3SDcy
/9MaHTVRarGSVCeShz7qwAg/1dLTFosgxrb4fEKlldlbO97AM+GCpgt1Jew5e88Y
LEWP59/h6kDTQrPddUBO7hVNbly3Pxc8eL9b3iQ1wRJxBNrJ0hlGE4nBw6tVmUjc
vpngQHJ8ZmxQnVs3oVvZESFu6JPoqgNS8VhEAI6EnEOFFm5HL9uDL71fmacAWRrm
9gh1qsMByVvB6pOpeWSQPRicrgAAMcZP+COYl6uqwc2VCKL9NxahrjPjecSUHoEc
78tnVkHrOJiyUa4Xu1AJgeLuwhFnGbgF3SJ4/8/rrYoHScIS9+yKmYzHYDcAEQEA
AcLA/AQYAQoAJhYhBJHffJnRXJ0HT+70JLhq7c6Le6TnBQJmLx40AhsMBQkDwmcA
AAoJELhq7c6Le6Tn/0YL/3u59UilxpTpYCc24LevE7/2RgDHjxG+2TSPs+0G7jN5
wruyvRWOVahZ/N+XW2QLuOUimuYcRtDlAwwd/nsz8OMvVZ++NcFgKJNLUJOqe7Fn
t1oYtTUx9JX7E4j5+SZgG5ORWc4YfLx9hKRxfxZuKOjYrAjPn3f21TppQyhc/mt7
7afVn5tWGGAtV1LTf+qg8JZYLDk6/uz60QFmLga5/r5JDYsrZ9tLrlKymBL2CvJA
B80PAmY7BG0xcJPBU92rU/vj1qEBkQq6tV9dJMmf8u3j3PXVMQTvlm83INjr71lt
bzA/Wy6jHoW1xUWzDb6RKHpfLu87QJ9JMNe/A7eK3xWIwe9aDaQv1pftZ1p3DYau
4xZW0n/FI+30ZxH3W1dTuR2nodEPZIUtD2y8iZyQYie1Ru02rTnw364h/dAB2o7P
MGn/BTYQXiui5WHdgd4e8zAYTC8OSAVw5qjh42UIMltpCX5dli5blaM0lK70x2xe
24qugAHoDe4CIMOsmvXvEw==
=NMey
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
wsD5BAABCAAjFiEEkd98mdFcnQdP7vQkuGrtzot7pOcFAmZn++gFAwAAAAAACgkQuGrtzot7pOcv
PwwAlnTw9+YIxR6aue8AUQdVZbCFnu8If4s6y5PHLEaSjNJ6n4PlhT4fwkqEcNnMuZd1nJd74G6M
Gn1524G9VHQUxtJoAbQ5ZsvbxoXpuRBXa2OUkiTQPHVfOhzO041HxPlwFO2dDyMW5y0YBguNGQ9V
IxXKPQqeJsl+AlBrAI5evXmANaI7AK9a2gZ5BK3Wtrca6n8bq8kXeVUPmm4HfBpUCjWMW5u1UeuX
EQ14tAQVJhmgjWQwcYdC9dpBXAwY6t6Uz7xIzOgMgdSP0jCwonUXqFojqZ+4CBWgv/T+vZTKcRR3
ZHkBdKp0ZdE9BnBH38l3vZQ+5fS+SEYCUBapYCiEoqtxmKi57W3Pd0sK+NpqPZZbGKpVQmL7jxfO
cnxExovq2OSunwFEUE7Y/Ov2j51KFjrHqrip30N9MkdgAqLL7mMtE0H25VsdrLsVYmZX+YoMfboK
QILTHZM6lSwtgjeW8TqnXylpm3PT0z9wfqnVvkYTuLV/hifGaxCzS4H4Ux9v
=cqbD
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6827-1
June 11, 2024
tiff vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
LibTIFF could be made to crash if it opened a specially crafted
file.
Software Description:
- tiff: Tag Image File Format (TIFF) library
Details:
It was discovered that LibTIFF incorrectly handled memory when
performing certain cropping operations, leading to a heap buffer
overflow. An attacker could possibly use this issue to cause a
denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
libtiff-opengl 4.5.1+git230720-4ubuntu2.1
libtiff-tools 4.5.1+git230720-4ubuntu2.1
libtiff6 4.5.1+git230720-4ubuntu2.1
libtiffxx6 4.5.1+git230720-4ubuntu2.1
Ubuntu 23.10
libtiff-opengl 4.5.1+git230720-1ubuntu1.2
libtiff-tools 4.5.1+git230720-1ubuntu1.2
libtiff6 4.5.1+git230720-1ubuntu1.2
libtiffxx6 4.5.1+git230720-1ubuntu1.2
Ubuntu 22.04 LTS
libtiff-opengl 4.3.0-6ubuntu0.9
libtiff-tools 4.3.0-6ubuntu0.9
libtiff5 4.3.0-6ubuntu0.9
libtiffxx5 4.3.0-6ubuntu0.9
Ubuntu 20.04 LTS
libtiff-tools 4.1.0+git191117-2ubuntu0.20.04.13
libtiff5 4.1.0+git191117-2ubuntu0.20.04.13
Ubuntu 18.04 LTS
libtiff-opengl 4.0.9-5ubuntu0.10+esm6
Available with Ubuntu Pro
libtiff-tools 4.0.9-5ubuntu0.10+esm6
Available with Ubuntu Pro
libtiff5 4.0.9-5ubuntu0.10+esm6
Available with Ubuntu Pro
libtiffxx5 4.0.9-5ubuntu0.10+esm6
Available with Ubuntu Pro
Ubuntu 16.04 LTS
libtiff-opengl 4.0.6-1ubuntu0.8+esm16
Available with Ubuntu Pro
libtiff-tools 4.0.6-1ubuntu0.8+esm16
Available with Ubuntu Pro
libtiff5 4.0.6-1ubuntu0.8+esm16
Available with Ubuntu Pro
libtiffxx5 4.0.6-1ubuntu0.8+esm16
Available with Ubuntu Pro
Ubuntu 14.04 LTS
libtiff-opengl 4.0.3-7ubuntu0.11+esm13
Available with Ubuntu Pro
libtiff-tools 4.0.3-7ubuntu0.11+esm13
Available with Ubuntu Pro
libtiff5 4.0.3-7ubuntu0.11+esm13
Available with Ubuntu Pro
libtiffxx5 4.0.3-7ubuntu0.11+esm13
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6827-1
CVE-2023-3164
Package Information:
https://launchpad.net/ubuntu/+source/tiff/4.5.1+git230720-4ubuntu2.1
https://launchpad.net/ubuntu/+source/tiff/4.5.1+git230720-1ubuntu1.2
https://launchpad.net/ubuntu/+source/tiff/4.3.0-6ubuntu0.9
https://launchpad.net/ubuntu/+source/tiff/4.1.0+git191117-2ubuntu0.20.04.13
No comments:
Post a Comment