Ubuntu Security Notice 5421-1 - It was discovered that LibTIFF incorrectly handled certain images. An attacker could possibly use this issue to cause a crash, resulting in a denial of service. This issue only affects Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Chintan Shah discovered that LibTIFF incorrectly handled memory when handling certain images. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code.
fd53c220dff57e76bdac23217ea634b1fb5272778561ded300fb599bd6d0ff03
==========================================================================
Ubuntu Security Notice USN-5421-1
May 16, 2022
tiff vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in LibTIFF.
Software Description:
- tiff: Tag Image File Format (TIFF) library
Details:
It was discovered that LibTIFF incorrectly handled certain images.
An attacker could possibly use this issue to cause a crash,
resulting in a denial of service. This issue only affects
Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2020-35522)
Chintan Shah discovered that LibTIFF incorrectly handled memory when
handling certain images. An attacker could possibly use this issue to
cause a crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2022-0561, CVE-2022-0562, CVE-2022-0891)
It was discovered that LibTIFF incorrectly handled certain images.
An attacker could possibly use this issue to cause a crash,
resulting in a denial of service. This issue only affects
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 21.10. (CVE-2022-0865)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 21.10:
libtiff-tools 4.3.0-1ubuntu0.1
libtiff5 4.3.0-1ubuntu0.1
Ubuntu 20.04 LTS:
libtiff-tools 4.1.0+git191117-2ubuntu0.20.04.3
libtiff5 4.1.0+git191117-2ubuntu0.20.04.3
Ubuntu 18.04 LTS:
libtiff-tools 4.0.9-5ubuntu0.5
libtiff5 4.0.9-5ubuntu0.5
Ubuntu 16.04 ESM:
libtiff-tools 4.0.6-1ubuntu0.8+esm1
libtiff5 4.0.6-1ubuntu0.8+esm1
Ubuntu 14.04 ESM:
libtiff-tools 4.0.3-7ubuntu0.11+esm1
libtiff5 4.0.3-7ubuntu0.11+esm1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5421-1
CVE-2020-35522, CVE-2022-0561, CVE-2022-0562, CVE-2022-0865,
CVE-2022-0891
Package Information:
https://launchpad.net/ubuntu/+source/tiff/4.3.0-1ubuntu0.1
https://launchpad.net/ubuntu/+source/tiff/4.1.0+git191117-2ubuntu0.20.04.3
https://launchpad.net/ubuntu/+source/tiff/4.0.9-5ubuntu0.5