Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in libtiff
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in libtiff
ID: USN-3602-1
Distribution: Ubuntu
Plattformen: Ubuntu 14.04 LTS, Ubuntu 16.04 LTS
Datum: Di, 20. März 2018, 23:51
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9815
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7596
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10688
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10268
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9936
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7594
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11335
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7598
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10269
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7597
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9403
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7602
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7595
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9404
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7600
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13727
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7592
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10267
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18013
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10371
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10266
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7601
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12944
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13726
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7593
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7599
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5784
Applikationen: libtiff

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============2381949866790611893==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="pkXEBzB9nVeEym9gl5SwHgFiUWPHweoEh"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--pkXEBzB9nVeEym9gl5SwHgFiUWPHweoEh
Content-Type: multipart/mixed;
boundary="Xfs7fWOHesEqjeo4bi0YhXMcsWJsHtC3q";
protected-headers="v1"
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <a8b46382-4d13-0e51-2653-5a32428f09a1@canonical.com>
Subject: [USN-3602-1] LibTIFF vulnerabilities

--Xfs7fWOHesEqjeo4bi0YhXMcsWJsHtC3q
Content-Type: text/plain; charset=utf-8
Content-Language: en-C
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-3602-1
March 20, 2018

tiff vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

LibTIFF could be made to crash or run programs as your login if it opened a
specially crafted file.

Software Description:
- tiff: Tag Image File Format (TIFF) library

Details:

It was discovered that LibTIFF incorrectly handled certain malformed
images. If a user or automated system were tricked into opening a specially
crafted image, a remote attacker could crash the application, leading to a
denial of service, or possibly execute arbitrary code with user privileges.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
libtiff-tools 4.0.6-1ubuntu0.3
libtiff5 4.0.6-1ubuntu0.3

Ubuntu 14.04 LTS:
libtiff-tools 4.0.3-7ubuntu0.8
libtiff5 4.0.3-7ubuntu0.8

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3602-1
CVE-2016-10266, CVE-2016-10267, CVE-2016-10268, CVE-2016-10269,
CVE-2016-10371, CVE-2017-10688, CVE-2017-11335, CVE-2017-12944,
CVE-2017-13726, CVE-2017-13727, CVE-2017-18013, CVE-2017-7592,
CVE-2017-7593, CVE-2017-7594, CVE-2017-7595, CVE-2017-7596,
CVE-2017-7597, CVE-2017-7598, CVE-2017-7599, CVE-2017-7600,
CVE-2017-7601, CVE-2017-7602, CVE-2017-9403, CVE-2017-9404,
CVE-2017-9815, CVE-2017-9936, CVE-2018-5784

Package Information:
https://launchpad.net/ubuntu/+source/tiff/4.0.6-1ubuntu0.3
https://launchpad.net/ubuntu/+source/tiff/4.0.3-7ubuntu0.8


--Xfs7fWOHesEqjeo4bi0YhXMcsWJsHtC3q--

--pkXEBzB9nVeEym9gl5SwHgFiUWPHweoEh
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJasVvPAAoJEGVp2FWnRL6T9A4QAJtR+vP2nIqiRkoBNyboeZQe
MkNrIZMnaMBRdjNwza3rAHg6p27ur7om/HaguBR/Jwg8FbEF91zDvBLE4S8SIHoh
T2dRkUhm+36D1cXUGXs/8EukAzb9M+yu7IhjLfdSOiEajfa91/+fpsRwKAV0pPbq
uRty5VzmijWCLFVIPuH0XzgZZ4dh3t7lgt3c6C6dCc2Ke6/Jh3/2pS65n4rn6xSG
ic0f0llt+PwHBgRKHx063p8aAhMPWFp3mBfGZ/z3oQ3EboXI+J1zORlwTiITmVYg
fhL3QF26MJhoC/Y9odAqGiRHLdw3AWXjNWbv6FFCABbbOSuBd1S3xPpkeTQTt1AZ
udrYx2kkbr+uLKeQMvVVbqJj+7c54xsFhiTfaXzZYWzyiMB9fHpwxwxMHE8amgcp
BtI7Er6h9A1VJbTC40e+WTdcRwKc2kPCkcg7jHENWCZ29wXcsBTxPlJDSJAJAd9X
L0PHRZALRiirGDW859aONdbK2pee+n+f2JYEVYy8WhWKem8t6CsrHjJZssjlI6hc
F8CjNi0OhLt0K+RYhAksDMnkMyT6aV4GRp3ey5FKjFVf3oUIs+ossZTktQ3859rr
XPGkkGB6Cm2R5FGalxMGD6cwdzVCesoygmIaL0fB1skwVS9WRDO2YG1x/Nlof07R
M7WH1/f9veqj2pJ9efJm
=S5tC
-----END PGP SIGNATURE-----

--pkXEBzB9nVeEym9gl5SwHgFiUWPHweoEh--


--===============2381949866790611893==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

--===============2381949866790611893==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung