Login
Newsletter
Werbung

Sicherheit: Ausführen beliebiger Kommandos in LibTIFF
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in LibTIFF
ID: USN-5743-1
Distribution: Ubuntu
Plattformen: Ubuntu 16.04 ESM
Datum: Fr, 25. November 2022, 06:59
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970
Applikationen: libtiff

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============3934567821314627935==
Content-Language: en-US
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature";
boundary="------------oxmg0wYlG4h0YobxBTuvQHrs"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------oxmg0wYlG4h0YobxBTuvQHrs
Content-Type: multipart/mixed;
boundary="------------2OQzTaBjCEG02OfsI2Rw91MM";
protected-headers="v1"
From: Ian Constantin <ian.constantin@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <3a9fa307-d085-1296-facc-069eb632d4cc@canonical.com>
Subject: [USN-5743-1] LibTIFF vulnerability

--------------2OQzTaBjCEG02OfsI2Rw91MM
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64

==========================================================================
Ubuntu Security Notice USN-5743-1
November 24, 2022

tiff vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 ESM

Summary:

LibTIFF could be made to crash or run programs as your login if it
opened a specially crafted file.

Software Description:
- tiff: Tag Image File Format (TIFF) library

Details:

It was discovered that LibTIFF incorrectly handled certain malformed
images. If a user or automated system were tricked into opening a
specially crafted image, a remote attacker could crash the application,
leading to a denial of service, or possibly execute arbitrary code with
user privileges.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 ESM:
libtiff-tools 4.0.6-1ubuntu0.8+esm8
libtiff5 4.0.6-1ubuntu0.8+esm8

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-5743-1
CVE-2022-3970

--------------2OQzTaBjCEG02OfsI2Rw91MM--

--------------oxmg0wYlG4h0YobxBTuvQHrs
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature"

-----BEGIN PGP SIGNATURE-----

iQGzBAEBCgAdFiEEcxdv4gCCE8W9nrt5a1+PL+d1/EgFAmN/5R0ACgkQa1+PL+d1
/EiJSwv/WO68jKBaXqW5n6lRDF5HOUBWdsFJj4B7pLD6AdTqV4lO68JwJAXn375j
g8KnUvETUwDfkZ94LmSLB7DVPjpHml1cyi4vh+Yid+Srr2kOtRVasV9MRcLq2JUY
g9a8p+hcCuaSbOg9/IFdcc1vR42S+WUojwtQGpVtHGFkUvzcw05saoI9LQeByt69
5SIipnqmWiljOfhgvfGZgH57t2xMY84pQ+Y/dZlxtHV/v7zg168rA+57twnCi2CL
LdrB2oluWTKEcZ9Ugrr5F3rpYZXUqpIYR8GyWuwK3/+oUXm+L0AptxZy+VOiLROt
Gu7XgSeVPY1CNFUIfsGjyuvdzIfUVy9hCjglIAnTYaw4KEHl0S8aytvB1WNdZADj
m6NdY67KWlQx2288PeAnESwbR4Q7L8cM8MRx2V951+UvH5LyQ/BTeWXEpCKjCJGQ
e5b2H0KMR5KZ44xFsnmuzd58h6BKxQ9ncIOxZHvGII58UbxJ3xVqT3ZIDUk2m24g
bqFl38v4
=vug7
-----END PGP SIGNATURE-----

--------------oxmg0wYlG4h0YobxBTuvQHrs--


--===============3934567821314627935==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

Cg==

--===============3934567821314627935==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung