This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============2381949866790611893== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="pkXEBzB9nVeEym9gl5SwHgFiUWPHweoEh"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --pkXEBzB9nVeEym9gl5SwHgFiUWPHweoEh Content-Type: multipart/mixed; boundary="Xfs7fWOHesEqjeo4bi0YhXMcsWJsHtC3q"; protected-headers="v1" From: Marc Deslauriers <marc.deslauriers@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <a8b46382-4d13-0e51-2653-5a32428f09a1@canonical.com> Subject: [USN-3602-1] LibTIFF vulnerabilities
--Xfs7fWOHesEqjeo4bi0YhXMcsWJsHtC3q Content-Type: text/plain; charset=utf-8 Content-Language: en-C Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-3602-1 March 20, 2018
tiff vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS - Ubuntu 14.04 LTS
Summary:
LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file.
Software Description: - tiff: Tag Image File Format (TIFF) library
Details:
It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: libtiff-tools 4.0.6-1ubuntu0.3 libtiff5 4.0.6-1ubuntu0.3
Ubuntu 14.04 LTS: libtiff-tools 4.0.3-7ubuntu0.8 libtiff5 4.0.3-7ubuntu0.8
In general, a standard system update will make all the necessary changes.
References: https://usn.ubuntu.com/usn/usn-3602-1 CVE-2016-10266, CVE-2016-10267, CVE-2016-10268, CVE-2016-10269, CVE-2016-10371, CVE-2017-10688, CVE-2017-11335, CVE-2017-12944, CVE-2017-13726, CVE-2017-13727, CVE-2017-18013, CVE-2017-7592, CVE-2017-7593, CVE-2017-7594, CVE-2017-7595, CVE-2017-7596, CVE-2017-7597, CVE-2017-7598, CVE-2017-7599, CVE-2017-7600, CVE-2017-7601, CVE-2017-7602, CVE-2017-9403, CVE-2017-9404, CVE-2017-9815, CVE-2017-9936, CVE-2018-5784
Package Information: https://launchpad.net/ubuntu/+source/tiff/4.0.6-1ubuntu0.3 https://launchpad.net/ubuntu/+source/tiff/4.0.3-7ubuntu0.8
--Xfs7fWOHesEqjeo4bi0YhXMcsWJsHtC3q--
--pkXEBzB9nVeEym9gl5SwHgFiUWPHweoEh Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJasVvPAAoJEGVp2FWnRL6T9A4QAJtR+vP2nIqiRkoBNyboeZQe MkNrIZMnaMBRdjNwza3rAHg6p27ur7om/HaguBR/Jwg8FbEF91zDvBLE4S8SIHoh T2dRkUhm+36D1cXUGXs/8EukAzb9M+yu7IhjLfdSOiEajfa91/+fpsRwKAV0pPbq uRty5VzmijWCLFVIPuH0XzgZZ4dh3t7lgt3c6C6dCc2Ke6/Jh3/2pS65n4rn6xSG ic0f0llt+PwHBgRKHx063p8aAhMPWFp3mBfGZ/z3oQ3EboXI+J1zORlwTiITmVYg fhL3QF26MJhoC/Y9odAqGiRHLdw3AWXjNWbv6FFCABbbOSuBd1S3xPpkeTQTt1AZ udrYx2kkbr+uLKeQMvVVbqJj+7c54xsFhiTfaXzZYWzyiMB9fHpwxwxMHE8amgcp BtI7Er6h9A1VJbTC40e+WTdcRwKc2kPCkcg7jHENWCZ29wXcsBTxPlJDSJAJAd9X L0PHRZALRiirGDW859aONdbK2pee+n+f2JYEVYy8WhWKem8t6CsrHjJZssjlI6hc F8CjNi0OhLt0K+RYhAksDMnkMyT6aV4GRp3ey5FKjFVf3oUIs+ossZTktQ3859rr XPGkkGB6Cm2R5FGalxMGD6cwdzVCesoygmIaL0fB1skwVS9WRDO2YG1x/Nlof07R M7WH1/f9veqj2pJ9efJm =S5tC -----END PGP SIGNATURE-----
--pkXEBzB9nVeEym9gl5SwHgFiUWPHweoEh--
--===============2381949866790611893== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5 LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj dXJpdHktYW5ub3VuY2UK
--===============2381949866790611893==--
|