drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in LibTIFF
Name: |
Mehrere Probleme in LibTIFF |
|
ID: |
USN-5421-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 18.04 LTS, Ubuntu 14.04 ESM, Ubuntu 20.04 LTS, Ubuntu 16.04 ESM, Ubuntu 21.10 |
|
Datum: |
Mo, 16. Mai 2022, 22:34 |
|
Referenzen: |
https://launchpad.net/ubuntu/+source/tiff/4.1.0+git191117-2ubuntu0.20.04.3
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35522 |
|
Applikationen: |
libtiff |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============8210685057822375479== Content-Language: en-US Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------hjnZC0JIz3xKRfY5cHytKbY6"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------hjnZC0JIz3xKRfY5cHytKbY6 Content-Type: multipart/mixed; boundary="------------bnm9eO3hPS4zi6cejsv5mTQ4"; protected-headers="v1" From: David Fernandez Gonzalez <david.fernandezgonzalez@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <1f5e009a-79e0-f26e-6b71-5bdc842263bf@canonical.com> Subject: [USN-5421-1] LibTIFF vulnerabilities
--------------bnm9eO3hPS4zi6cejsv5mTQ4 Content-Type: multipart/mixed; boundary="------------Gt6soehrkswLgjQA0JdmfgDc"
--------------Gt6soehrkswLgjQA0JdmfgDc Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64
========================================================================== Ubuntu Security Notice USN-5421-1 May 16, 2022
tiff vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in LibTIFF.
Software Description: - tiff: Tag Image File Format (TIFF) library
Details:
It was discovered that LibTIFF incorrectly handled certain images. An attacker could possibly use this issue to cause a crash, resulting in a denial of service. This issue only affects Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-35522)
Chintan Shah discovered that LibTIFF incorrectly handled memory when handling certain images. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-0561, CVE-2022-0562, CVE-2022-0891)
It was discovered that LibTIFF incorrectly handled certain images. An attacker could possibly use this issue to cause a crash, resulting in a denial of service. This issue only affects Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 21.10. (CVE-2022-0865)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.10: libtiff-tools 4.3.0-1ubuntu0.1 libtiff5 4.3.0-1ubuntu0.1
Ubuntu 20.04 LTS: libtiff-tools 4.1.0+git191117-2ubuntu0.20.04.3 libtiff5 4.1.0+git191117-2ubuntu0.20.04.3
Ubuntu 18.04 LTS: libtiff-tools 4.0.9-5ubuntu0.5 libtiff5 4.0.9-5ubuntu0.5
Ubuntu 16.04 ESM: libtiff-tools 4.0.6-1ubuntu0.8+esm1 libtiff5 4.0.6-1ubuntu0.8+esm1
Ubuntu 14.04 ESM: libtiff-tools 4.0.3-7ubuntu0.11+esm1 libtiff5 4.0.3-7ubuntu0.11+esm1
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5421-1 CVE-2020-35522, CVE-2022-0561, CVE-2022-0562, CVE-2022-0865, CVE-2022-0891
Package Information: https://launchpad.net/ubuntu/+source/tiff/4.3.0-1ubuntu0.1 https://launchpad.net/ubuntu/+source/tiff/4.1.0+git191117-2ubuntu0.20.04.3 https://launchpad.net/ubuntu/+source/tiff/4.0.9-5ubuntu0.5
--------------Gt6soehrkswLgjQA0JdmfgDc Content-Type: application/pgp-keys; name="OpenPGP_0x196D412138F33F64.asc" Content-Disposition: attachment; filename="OpenPGP_0x196D412138F33F64.asc" Content-Description: OpenPGP public key Content-Transfer-Encoding: quoted-printable
-----BEGIN PGP PUBLIC KEY BLOCK-----
xsDNBGIl7V0BDAC+6Rrs/dA9eDfxCA5DutvqKqSxwodFEgiMxDLnR0OSrwlYgTFh X+OChdT+L0AyBJsjfsrWByRCm/Eky6JE9QtnmDpusvrYwXmVm/Whe/0W+qJ6rzzU sL0GkZoOUt2JhTdYcJ1o2A+J3RgXUuXUENMrpFhUwwpu7YOaMgCrno64C4wBgK55 KDUCd6i5bM26P4csLNjRO4+qJj4m3Hve/iJgpb510XI3aS4azY/Rm+iXGrlGMi9T PGEDcsjoO3zT7v3l0EA5SEhpbXBHOGy94vRcMBYuUZqhwfa8Mi/h1uTtTHmT/+1f 7eWoO0tPssex6mWIodZo1epKIfjhbW63C571XIB0ZIuqfChj4k5dgthUqeJXpRDl v3l2wd5HYzbGu3Ie37PodIeocnTa2C/o6PvN+wA4+BYWgZXCdCA5TqVrM+HCwzmF Guc6ALYNklgpxas/4ZP6tcQxMgU8oBQ1+3Ufef46iP/jo9CvFRQ5JystLhHLfVpm BgcILk2rYwwWjE0AEQEAAc1ARGF2aWQgRmVybmFuZGV6IEdvbnphbGV6IDxkYXZp ZC5mZXJuYW5kZXpnb256YWxlekBjYW5vbmljYWwuY29tPsLBFAQTAQoAPhYhBIhm zS6qttOZ5NIT3RltQSE48z9kBQJiJe1dAhsDBQkDwmcABQsJCAcDBRUKCQgLBRYC AwEAAh4BAheAAAoJEBltQSE48z9kbG0MALnqt1PxxnNeDW11/d8nV66k/rweAfYT TqzJ0ikuNDh94AdeuLCsOLfMk64d3KMyswD+i8CaFhkKv2kIlD/QzOku3PBUo4PP +NxKWzCWYG3ZcGApgdhr+y7G59ZvuKxO0xxzbRIQmcnAl1qr6PvHpaSQJ/w1eKMl GTVX5PvZNxVvg3TZ6NQhX1n2gIeqCYo4C9e9aIYCk8w4Gu6NyMiUBuy0ybMkz9JL X4wEeRc2aGuWtSAnOayqTyDpleVy0qCH7tufh1ZL0gNFN8UJptivtmVSjNh5nPwU x+a42iTjU3uVUGZ/UdtTOpruXHAX0zporXYXNFzZUG82Um7mYB8ETx1EribDG7TC ktYEA+XBkfZ6JhGeeKMsLt5GmcfXB/+EoKUZjSsx94kqFNAQe6X4Y/158tZ8Gt3J k2Aj/VBZK7lSbFjIB/jdf6ydhwLRIXsAlVx8i2NYa3SxLZMfKaet8LA/y+GNZxnj GCdRT9eEJOZ62VETYwd+pAPW5BamUv8kW87AzQRiJe1dAQwAp0ywqyunvK5Iwn7T x+tzixODvTgwMc+uNrH3o6+Ra6+Bn+YLmuuOwiScRb+sSErXoDz/LgLF0oIB2ZIs Be+FT0m/eUY3xLiGF8L9DvrRSmePyiiml9rrd1wduuhg6hQw6/ef08WayVEzFWCF 63sqQk18ZKatP3WnOhSd0OT5xOXcW2//NJwFni+cjfnYuUMpVNodCwFQJtEeYSZz zxVEJd4AtfM/ynGznPyYIsybt+fUhDvVEI+neWflpLk9jrJ1XIAhObEWkmgH9KQ3 5VGN7aLVBkxdbz2yCM4Auz8+DnDyksxuvZ3wcsM/eyIPFoBLrh3xNLOrERNqjPR3 MSnEGkt3+dkiQ5LbcvOpittix8Ycc6qdYYL6Gfy4Lfr/VZUWeGrGsVc79C+aqQUe 1dJkqGMTk9CRNaGxUlSyQ5ylcyoNlLusPGO/3zPGBIY7fOlqTVR7LFmfyxHcoCmg EqXxhooeJn2PmTOY6E2Ap5ViYr8akucmO6GPJxHXqgW7qNDdABEBAAHCwPwEGAEK ACYWIQSIZs0uqrbTmeTSE90ZbUEhOPM/ZAUCYiXtXQIbDAUJA8JnAAAKCRAZbUEh OPM/ZODXDACkYliQ7r5w5IbBniu2axcW5j3PGd+G9Cm90oirsd9v35qRxErYXwbP b79gBTMxHGgw+4mIz3F2mzzynZ11joW+0Zr8Vgr3BKSNBS5hz9NfcwkdiubkGsoj jhruNUFtQqBNyQIJh9CfECXq2puYY7H6lu13bBNb49TY6XzyvOni2A5WntQqN+Ap /RkxkLIGnBwi4p06OYs9Atda8IrMv0zXxlzRNEqk1cniNsSyRWHruVvN6nhVuvwF sNM6z7F48B8tTh3iKludMPVL5YgGQeVtN3rXOwPCq3f9Y6G67eJxs7HhQYtuj7Gn c3porYgLw2xOh6BOa6dWby0/adS79+FdycEtlNRKlrLMneEL2Sk1zrKVd0uF96yX VOS0nAHllLod67uFgjT85P2MZWN7dPD6jAhv9rOq9cgOCKB+ulACePOpoXDFzgND w5FGDbZtHYnLrJWyyqnas4ms4pnmJsnHAyDBWYS8a6j82D7NSx/7MrH6bAFl18zK 7/zNmhJ06VU=3D =3DJWgW -----END PGP PUBLIC KEY BLOCK-----
--------------Gt6soehrkswLgjQA0JdmfgDc--
--------------bnm9eO3hPS4zi6cejsv5mTQ4--
--------------hjnZC0JIz3xKRfY5cHytKbY6 Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature"
-----BEGIN PGP SIGNATURE-----
wsD5BAABCAAjFiEEiGbNLqq205nk0hPdGW1BITjzP2QFAmKCGe4FAwAAAAAACgkQGW1BITjzP2Rc AQv+NSpAsiaj3DUExO2Phxwjb3zT6aGqbwOrBMxzKZpUkGh1oTQy/oqbHYPrpzZ7EonT8jgjvvGn +BIvikNVvlxYFUUcsjCcx4labTV2YrktIueel384re6fyMy76IhX5C+69MBMh+sY4h1D8Ul9DsGx onvp4OVBiWVm6n4kh1IoXIwlE2bXtZ+/xfZsg65XzDk+UKdkRROU6d8bJANjNw+YDeO766em58bk EGNEYNNyZGPvq5CLPVnIWQI0WzOvE9WPAM4dDJS+NoGPvps1E4LELr7k4kr6+vfnC8YTqqeDtrjH I+hgPnXiuy8aDpqcqvETxpvQBWXA9hwrBSnZpvK+ZDCutmJU9LRVUFKz6UPH9VqJ8yBLuzKvYAB+ xlBY4rOQ0Qd29hQ4PFezFwUCgApH0TSkU4vBNYQ7Cf2FajOrUB1Qc49spNOM/87fqGH2Mh+xvewA WJtTmw+xzbHlUq2BW3OblhF0/w53amTvP1/snJSvzUfzoSlNBKewk6p/J7Db =bQXd -----END PGP SIGNATURE-----
--------------hjnZC0JIz3xKRfY5cHytKbY6--
--===============8210685057822375479== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
Cg==
--===============8210685057822375479==--
|
|
|
|