drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in LibTIFF
Name: |
Ausführen beliebiger Kommandos in LibTIFF |
|
ID: |
USN-5743-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 16.04 ESM |
|
Datum: |
Fr, 25. November 2022, 06:59 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970 |
|
Applikationen: |
libtiff |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============3934567821314627935== Content-Language: en-US Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------oxmg0wYlG4h0YobxBTuvQHrs"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------oxmg0wYlG4h0YobxBTuvQHrs Content-Type: multipart/mixed; boundary="------------2OQzTaBjCEG02OfsI2Rw91MM"; protected-headers="v1" From: Ian Constantin <ian.constantin@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <3a9fa307-d085-1296-facc-069eb632d4cc@canonical.com> Subject: [USN-5743-1] LibTIFF vulnerability
--------------2OQzTaBjCEG02OfsI2Rw91MM Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64
========================================================================== Ubuntu Security Notice USN-5743-1 November 24, 2022
tiff vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
Summary:
LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file.
Software Description: - tiff: Tag Image File Format (TIFF) library
Details:
It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: libtiff-tools 4.0.6-1ubuntu0.8+esm8 libtiff5 4.0.6-1ubuntu0.8+esm8
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5743-1 CVE-2022-3970
--------------2OQzTaBjCEG02OfsI2Rw91MM--
--------------oxmg0wYlG4h0YobxBTuvQHrs Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature"
-----BEGIN PGP SIGNATURE-----
iQGzBAEBCgAdFiEEcxdv4gCCE8W9nrt5a1+PL+d1/EgFAmN/5R0ACgkQa1+PL+d1 /EiJSwv/WO68jKBaXqW5n6lRDF5HOUBWdsFJj4B7pLD6AdTqV4lO68JwJAXn375j g8KnUvETUwDfkZ94LmSLB7DVPjpHml1cyi4vh+Yid+Srr2kOtRVasV9MRcLq2JUY g9a8p+hcCuaSbOg9/IFdcc1vR42S+WUojwtQGpVtHGFkUvzcw05saoI9LQeByt69 5SIipnqmWiljOfhgvfGZgH57t2xMY84pQ+Y/dZlxtHV/v7zg168rA+57twnCi2CL LdrB2oluWTKEcZ9Ugrr5F3rpYZXUqpIYR8GyWuwK3/+oUXm+L0AptxZy+VOiLROt Gu7XgSeVPY1CNFUIfsGjyuvdzIfUVy9hCjglIAnTYaw4KEHl0S8aytvB1WNdZADj m6NdY67KWlQx2288PeAnESwbR4Q7L8cM8MRx2V951+UvH5LyQ/BTeWXEpCKjCJGQ e5b2H0KMR5KZ44xFsnmuzd58h6BKxQ9ncIOxZHvGII58UbxJ3xVqT3ZIDUk2m24g bqFl38v4 =vug7 -----END PGP SIGNATURE-----
--------------oxmg0wYlG4h0YobxBTuvQHrs--
--===============3934567821314627935== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
Cg==
--===============3934567821314627935==--
|
|
|
|