drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in LibTIFF (Aktualisierung)
Name: |
Ausführen beliebiger Kommandos in LibTIFF (Aktualisierung) |
|
ID: |
USN-5743-2 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 22.10 |
|
Datum: |
Do, 1. Dezember 2022, 23:16 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970
https://launchpad.net/ubuntu/+source/tiff/4.1.0+git191117-2ubuntu0.20.04.7 |
|
Applikationen: |
libtiff |
|
Update von: |
Ausführen beliebiger Kommandos in LibTIFF |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============2516719818229394285== Content-Language: en-US Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------bziO0B1xD4eEd53Ongn64Vb0"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------bziO0B1xD4eEd53Ongn64Vb0 Content-Type: multipart/mixed; boundary="------------4xsKokdjZOLZOGxU1vXUeHgF"; protected-headers="v1" From: David Fernandez Gonzalez <david.fernandezgonzalez@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <dae1ead7-6684-19dd-eb60-98500a3668a5@canonical.com> Subject: [USN-5743-2] LibTIFF vulnerability
--------------4xsKokdjZOLZOGxU1vXUeHgF Content-Type: multipart/mixed; boundary="------------4cP0kF8bEPwMvVAa3tys9eZC"
--------------4cP0kF8bEPwMvVAa3tys9eZC Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64
========================================================================== Ubuntu Security Notice USN-5743-2 December 01, 2022
tiff vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS
Summary:
LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file.
Software Description: - tiff: Tag Image File Format (TIFF) library
Details:
USN-5743-1 fixed a vulnerability in LibTIFF. This update provides the corresponding updates for Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 22.10.
Original advisory details:
It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.10: libtiff-tools 4.4.0-4ubuntu3.2 libtiff5 4.4.0-4ubuntu3.2
Ubuntu 22.04 LTS: libtiff-tools 4.3.0-6ubuntu0.3 libtiff5 4.3.0-6ubuntu0.3
Ubuntu 20.04 LTS: libtiff-tools 4.1.0+git191117-2ubuntu0.20.04.7 libtiff5 4.1.0+git191117-2ubuntu0.20.04.7
Ubuntu 18.04 LTS: libtiff-tools 4.0.9-5ubuntu0.9 libtiff5 4.0.9-5ubuntu0.9
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5743-2 https://ubuntu.com/security/notices/USN-5743-1 CVE-2022-3970
Package Information: https://launchpad.net/ubuntu/+source/tiff/4.4.0-4ubuntu3.2 https://launchpad.net/ubuntu/+source/tiff/4.3.0-6ubuntu0.3 https://launchpad.net/ubuntu/+source/tiff/4.1.0+git191117-2ubuntu0.20.04.7 https://launchpad.net/ubuntu/+source/tiff/4.0.9-5ubuntu0.9
--------------4cP0kF8bEPwMvVAa3tys9eZC Content-Type: application/pgp-keys; name="OpenPGP_0x86A73CCF854ECB9A.asc" Content-Disposition: attachment; filename="OpenPGP_0x86A73CCF854ECB9A.asc" Content-Description: OpenPGP public key Content-Transfer-Encoding: quoted-printable
-----BEGIN PGP PUBLIC KEY BLOCK-----
xsFNBGM0XCwBEAC/1sgU6QaxKU49T3i2BdLteX5GqAJfpwzSr2RBvr6L8W//AoUn gP8z1eiDwutJ62pTf473COZoDXTgdi7R0zT0QCbCZoHo4hVR2VHnfmxOR94XCVSE 1rvO3HF5NVLGVJl2V465y2sz2L2IWTYu1xvY/4FPhtWXLwHJmojmDbuRHF2AmX8A 6ECxYuZAcadLOuQO8mQV95YgVoWmoAjJKb1audHcLA4MRglds7jr9GgYkYWQ38Gk AM9R6DNEbRowxMBCwkj3jVz8r0kO1WOPWP0in1VvGMrlcSIgjaxW/re427CSB2LA 9QwFc+EmOE5PoNWCoAuPa+vhoo7xqTY2Qr2Wvu86PlpWS596RWFzmz5UVan5yhaB qEoEsZc7ZQbS4Qwc7x4teKhk8xQjx6lRsO6g1b4Wlm6S0PcELo1J5zwC+16MSZff eK3zuAdijyNwL2xl8XwShTUxFo/mpyB+W+zDUU8OBudsYwKYSWUbMZzferYlndcv 3atN6ZteWmuPtxHIGkkc5yChs1dsQ1ke1e9sUQA0UCdMVL4awA/LGSlo9ymTvL3Z Qwh05ujgDs09p7AkUFLLDhgS437yxzT46RqYcurDMn27kwTcfd4s2FJZVV90+Dgr z4o6lAjObZXVTsE+E2eLIxlXpfH2g3Nr/1Ipe9VZ5FetTgu32Bd3iRUQ2wARAQAB zUBEYXZpZCBGZXJuYW5kZXogR29uemFsZXogPGRhdmlkLmZlcm5hbmRlemdvbnph bGV6QGNhbm9uaWNhbC5jb20+wsGUBBMBCgA+FiEEZj5eir1e7OtcLCXYhqc8z4VO y5oFAmM0XCwCGwMFCQHhM4AFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQhqc8 z4VOy5oojA/+MNrpuhfKM5Gm5h9cKMDUysMFfULChDjzQZdkM6Gh9xBFYyidoOq2 jOAs0xEk9vb6WfB+enfxFF1jmSXPISBvdHzoI4NpAoF+tf+e2tuC6TA+hLH/VqK8 yGy9SzChihpBLze6/S3dct6ayPew2lGC+r6gUMs8XiZyTMACoZR4ywt3BolWDGpp 6za7ylFUcJOTecqVRLVDKu5+8JrXSeG/jv1QqYR1ltHdAQVxkvctOVJciOcyIz45 XJkrjFJB/kMNE6sOq2z7lMKIauFZCTaLUVrq0brY4IHtXvsa/2vN6h9bWPFor3KU hVIDhuEdjS4g3ge57+sCYrPGOHXRk+mJrqSd9T1bgLxXOP65kRUhecIRxfTovMTm iifFcAY2Q/iEAn0SMCycmi9SZngaUd+IxYXk0tCfH2Y0q12vMuuuox94+A0t05Vr 0Vej0NiBebB01a90tcJBbIVV09NrOYXDhyDvUCsuineao+CNXKoM3SaNFjOiwZgz yR1t2LcBlGVAQq/gySTE8X4WVIwVknUxcIUcOSzGDMEtd4X0qFv6A0oib/VEzuOz JVE4WqiRCXKRws5j3KMHrNi4Inac/Ew0ph60NctY50xGxQqrHhxIZG9FKb1hM+Ov cX2dy1HrLJwHf4le+Y4Yeobts8alQvJKd9IaVYZcKSt/M0JolPIPKdTOwU0EYzRc LAEQANVn81wr2CkEdUQ0l8A5gN3NOft4P6TBQBvxK+9QW9n1l/JT7Pfa1lvE62xx s+LIceFExzcq1Dfd9qnNBc39qY2XwIwNx7Gz67libTikfYhBO1gtfZ/i8GJuDjLH xOAEBnDVogkE+lnBxfZ0adfldzJ3wKMQUU7LP6+dAmF91hyJO1HOQ5eOntWhbzqW R69kRqlN7Wwd++7TbgqgiPtw6Vreu1BLlovkcImA6TZyJeD5SBN0eApBjWNZ5QCj wd0hTeCUWCu2USBApZQn76ORTIpZ4j573DVvQZq88WsN875Yu2U2pHBQtEYFT8WG Lrk5aNqDeQGw4jxGVvXwJjPOviGhhrzditvUD2L23fh7cTWSQJ6BZHoymLYQk3YZ C19ewaoNsVt1a5WxomZdPspkJLaMyiXVT0tqtcyFDb6ekEZQsziU1egsXbnjXG+l fsJmfv16k0C57EyeQLA66S7WFmjJ8dBmCx2J2WWW7etTbyU356AvZeLAiwMoGY4z ZREemM6s2hdI6eKbartF3u+aQN8k72X8hfgAM3dl0nvfhx22CaqsR0rDk3A0tYS2 QOLnkzXpulEhidStLVLkRJw59eK4vu2CYZ37923vCvTlBctYHiRudTXQUaRQYiA+ jLdWiGiYWm6wN9TybY9GO7RY06Su1aQ2BMN8w3Why3rsRJK1ABEBAAHCwXwEGAEK ACYWIQRmPl6KvV7s61wsJdiGpzzPhU7LmgUCYzRcLAIbDAUJAeEzgAAKCRCGpzzP hU7Lmq0WD/46MGGZbPLp7XFh+rlotr1GBLZ0jwudoT8kkKHRpoMKRt4OZuOBjio7 3bXh74bscu1vmS1b35QvfIfiVrNOmQ8g9794598gpS7izrC/eJfenei93dqnwAMU hEB16dEIbIevZUT3uYHNd6LgCVLdGLeauhAUZrfZ/NLvChw8+8I1Hn3Fhe5ablV7 ZfiOY/h/fC5MChBGH1izOFBkLEEeeAuaOTJKn4EYZFMitD69YGM621vCtC4jkI2g bar8O0U9t3gyAS0WbtDz4UoMhdXOY4LIUH5KvvUby1lJq+LdS39HGvgtI+Exme0P XajNpZBA/axARaUGyulxoz5+Y9InR0b4cIIMXWONVQ1pRglFEw6JrBvLcwS3SCfq LW/p1ADFcLMcYMFQmJh7IYCD14gPreDELq+gmo57qDmHzaCQbh0XZB84qhIfS/cb BFqT+0ccCLiTzAbyJeFAEu10KzLVBdUy/dysfHFevTrurObyK99MD1+6RIvNShds gEMF3sanW3yugha6XoSd855nwiJBOJD8zff201m0IH/Dxzu/EC7zfG/SqoywZnGR +N4bNLderqMXCgcyTcaLopQgExFMQoUmlRSHUGgPx5uXRkoTqY1V24c33lHp6G9G GVCAGQawnWBNaJmlqoUcbIueao+hlICYiwhG/ZIP9jUceNt1LyJi9A=3D=3D =3DRGXl -----END PGP PUBLIC KEY BLOCK-----
--------------4cP0kF8bEPwMvVAa3tys9eZC--
--------------4xsKokdjZOLZOGxU1vXUeHgF--
--------------bziO0B1xD4eEd53Ongn64Vb0 Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature"
-----BEGIN PGP SIGNATURE-----
wsF5BAABCAAjFiEEZj5eir1e7OtcLCXYhqc8z4VOy5oFAmOI6IcFAwAAAAAACgkQhqc8z4VOy5o5 IhAAsB2Ds8aR9rvxFKpaG2DLpVklMF7UQKmbiDlx+pogipf9T2biQo5dQyn2UU/qxhvW+A868p34 5uo5cSN1kJDPC9JgXvUzZCi2Ma2irsgqKweszxi2UfXptSCI3C1gPU/4qr53cxaKJaRxYXb53vz1 OfZWK1hustDHKh2OAvupwYpNnU0gfcaLZPnbgjjTttPD1eSTDuO/Mc8qqq/Uz+GDOuxGYr82sUHK dE3eWJhD3eGe/Sw+EFwJ6/g1oDGrqB0l3pjF19eoAAZg8PELSIV9MX4mF25pJBxlbuI306Kho4EK d97KUWLIxC5KbLh6xaMVRnywAw4SkV0QgpvKyOQ/jTLAxee+ukWViSTFlTEFqwKNfsV2g7NSqXyD vHu7s/kp3HlrfwGjklDHEUMZqs6rmRZwBFsZ9y7pS/Wf8uSHLMLTCvdWvUMPnLFdv8f6OZy5Ie2M d+Ilz7qeZ3JsuB6MODPZ5AtFK7sY/sYvHRq481KVTCyk2OLHNQMI7j7mMavHGYy3n07f3bYjhkZi S7KfII5JizOlTKIkzA97cUZvJuq0edRVWY+G8crE+injZf9pEY11hZElZoedykNntUq6+NQSkIJk zmzAfdBLEXMXbVggaYpQB6WMi0otEN8ntLitMkj2JudDUlbjcUq0EXIwSSKT0bVLqHfjFavkalhP MvE= =xYLq -----END PGP SIGNATURE-----
--------------bziO0B1xD4eEd53Ongn64Vb0--
--===============2516719818229394285== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
Cg==
--===============2516719818229394285==--
|
|
|
|