Headline
Ubuntu Security Notice USN-6290-1
Ubuntu Security Notice 6290-1 - It was discovered that LibTIFF could be made to write out of bounds when processing certain malformed image files with the tiffcrop utility. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcrop to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. It was discovered that LibTIFF incorrectly handled certain image files. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.04.
==========================================================================Ubuntu Security Notice USN-6290-1August 15, 2023tiff vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 23.04- Ubuntu 22.04 LTS- Ubuntu 20.04 LTS- Ubuntu 18.04 LTS (Available with Ubuntu Pro)- Ubuntu 16.04 LTS (Available with Ubuntu Pro)- Ubuntu 14.04 LTS (Available with Ubuntu Pro)Summary:Several security issues were fixed in LibTIFF.Software Description:- tiff: Tag Image File Format (TIFF) libraryDetails:It was discovered that LibTIFF could be made to write out of bounds whenprocessing certain malformed image files with the tiffcrop utility. If auser were tricked into opening a specially crafted image file, an attackercould possibly use this issue to cause tiffcrop to crash, resulting in adenial of service, or possibly execute arbitrary code. This issue onlyaffected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.(CVE-2022-48281)It was discovered that LibTIFF incorrectly handled certain image files. Ifa user were tricked into opening a specially crafted image file, anattacker could possibly use this issue to cause a denial of service. Thisissue only affected Ubuntu 23.04. (CVE-2023-2731)It was discovered that LibTIFF incorrectly handled certain image fileswith the tiffcp utility. If a user were tricked into opening a speciallycrafted image file, an attacker could possibly use this issue to causetiffcp to crash, resulting in a denial of service. (CVE-2023-2908)It was discovered that LibTIFF incorrectly handled certain file paths. Ifa user were tricked into specifying certain output paths, an attackercould possibly use this issue to cause a denial of service. This issueonly affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-3316)It was discovered that LibTIFF could be made to write out of bounds whenprocessing certain malformed image files. If a user were tricked intoopening a specially crafted image file, an attacker could possibly usethis issue to cause a denial of service, or possibly execute arbitrarycode. (CVE-2023-3618)It was discovered that LibTIFF could be made to write out of bounds whenprocessing certain malformed image files. If a user were tricked intoopening a specially crafted image file, an attacker could possibly usethis issue to cause a denial of service, or possibly execute arbitrarycode. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, andUbuntu 23.04. (CVE-2023-25433, CVE-2023-26966)It was discovered that LibTIFF did not properly managed memory whenprocessing certain malformed image files with the tiffcrop utility. If auser were tricked into opening a specially crafted image file, an attackercould possibly use this issue to cause tiffcrop to crash, resulting in adenial of service, or possibly execute arbitrary code. This issue onlyaffected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04.(CVE-2023-26965)It was discovered that LibTIFF contained an arithmetic overflow. If a userwere tricked into opening a specially crafted image file, an attackercould possibly use this issue to cause a denial of service.(CVE-2023-38288, CVE-2023-38289)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 23.04: libtiff-tools 4.5.0-5ubuntu1.1 libtiff6 4.5.0-5ubuntu1.1Ubuntu 22.04 LTS: libtiff-tools 4.3.0-6ubuntu0.5 libtiff5 4.3.0-6ubuntu0.5Ubuntu 20.04 LTS: libtiff-tools 4.1.0+git191117-2ubuntu0.20.04.9 libtiff5 4.1.0+git191117-2ubuntu0.20.04.9Ubuntu 18.04 LTS (Available with Ubuntu Pro): libtiff-tools 4.0.9-5ubuntu0.10+esm2 libtiff5 4.0.9-5ubuntu0.10+esm2Ubuntu 16.04 LTS (Available with Ubuntu Pro): libtiff-tools 4.0.6-1ubuntu0.8+esm12 libtiff5 4.0.6-1ubuntu0.8+esm12Ubuntu 14.04 LTS (Available with Ubuntu Pro): libtiff-tools 4.0.3-7ubuntu0.11+esm9 libtiff5 4.0.3-7ubuntu0.11+esm9In general, a standard system update will make all the necessary changes.References: https://ubuntu.com/security/notices/USN-6290-1 CVE-2022-48281, CVE-2023-25433, CVE-2023-26965, CVE-2023-26966, CVE-2023-2731, CVE-2023-2908, CVE-2023-3316, CVE-2023-3618, CVE-2023-38288, CVE-2023-38289Package Information: https://launchpad.net/ubuntu/+source/tiff/4.5.0-5ubuntu1.1 https://launchpad.net/ubuntu/+source/tiff/4.3.0-6ubuntu0.5https://launchpad.net/ubuntu/+source/tiff/4.1.0+git191117-2ubuntu0.20.04.9
Related news
Red Hat Security Advisory 2023-5314-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Issues addressed include a denial of service vulnerability.
OpenShift API for Data Protection (OADP) 1.1.6 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21698: A denial of service attack was found in prometheus/client_golang. This flaw allows an attacker to produce a denial of service attack on an HTTP server by exploiting the InstrumentHandlerCounter function in the version below 1.11.1, resulting in a loss of availability. * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream cou...
Red Hat Security Advisory 2023-4893-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
The Migration Toolkit for Containers (MTC) 1.7.12 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24532: A flaw was found in the crypto/internal/nistec golang library. The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars, such as a scalar larger than the order of the curve. This does not impact usages of crypto/ecdsa or crypto/ecdh.
Red Hat Security Advisory 2023-4289-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes.
Red Hat Security Advisory 2023-4286-01 - Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development.
OpenShift API for Data Protection (OADP) 1.0.11 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24540: A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution.
Ubuntu Security Notice 6229-1 - It was discovered that LibTIFF was not properly handling variables used to perform memory management operations when processing an image through tiffcrop, which could lead to a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that LibTIFF was not properly processing numerical values when dealing with little-endian input data, which could lead to the execution of an invalid operation. An attacker could possibly use this issue to cause a denial of service
Ubuntu Security Notice 6229-1 - It was discovered that LibTIFF was not properly handling variables used to perform memory management operations when processing an image through tiffcrop, which could lead to a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that LibTIFF was not properly processing numerical values when dealing with little-endian input data, which could lead to the execution of an invalid operation. An attacker could possibly use this issue to cause a denial of service
Ubuntu Security Notice 6229-1 - It was discovered that LibTIFF was not properly handling variables used to perform memory management operations when processing an image through tiffcrop, which could lead to a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that LibTIFF was not properly processing numerical values when dealing with little-endian input data, which could lead to the execution of an invalid operation. An attacker could possibly use this issue to cause a denial of service
Ubuntu Security Notice 6229-1 - It was discovered that LibTIFF was not properly handling variables used to perform memory management operations when processing an image through tiffcrop, which could lead to a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that LibTIFF was not properly processing numerical values when dealing with little-endian input data, which could lead to the execution of an invalid operation. An attacker could possibly use this issue to cause a denial of service
An update is now available for Red Hat OpenShift Logging Subsystem 5.7.3 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-26115: A flaw was found in the Node.js word-wrap module, where it is vulnerable to a denial of service caused by a Regular expression denial of service (ReDoS) issue in the result variable. By sending a specially crafted regex input, a remote attacker can cause a denial of service. * CVE-2023-26136: A flaw was found in the tough-cookie package. Affec...
A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.
A null pointer dereference issue was discovered in Libtiff's tif_dir.c file. This flaw allows an attacker to pass a crafted TIFF image file to the tiffcp utility, which triggers runtime error, causing an undefined behavior, resulting in an application crash, eventually leading to a denial of service.
libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updating of buffer size after rotateImage() in tiffcrop cause heap-buffer-overflow and SEGV.
libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian.
Red Hat Security Advisory 2023-3711-01 - The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Issues addressed include buffer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones.
loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image.
Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.
A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service.
Ubuntu Security Notice 5841-1 - It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. This issue was only fixed in Ubuntu 14.04 ESM. It was discovered that LibTIFF was incorrectly accessing a data structure when processing data with the tiffcrop tool, which could lead to a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
Debian Linux Security Advisory 5333-1 - Several buffer overflow, divide by zero or out of bounds read/write vulnerabilities were discovered in tiff, the Tag Image File Format (TIFF) library and tools, which may cause denial of service when processing a crafted TIFF image.
processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF image.