Headline
Ubuntu Security Notice USN-6997-1
Ubuntu Security Notice 6997-1 - It was discovered that LibTIFF incorrectly handled memory. An attacker could possibly use this issue to cause the application to crash, resulting in a denial of service.
==========================================================================
Ubuntu Security Notice USN-6997-1
September 09, 2024
tiff vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
LibTIFF could be made to crash if it received specially crafted input.
Software Description:
- tiff: Tag Image File Format (TIFF) library
Details:
It was discovered that LibTIFF incorrectly handled memory. An attacker
could possibly use this issue to cause the application to crash, resulting
in a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
libtiff6 4.5.1+git230720-4ubuntu2.2
Ubuntu 22.04 LTS
libtiff5 4.3.0-6ubuntu0.10
Ubuntu 20.04 LTS
libtiff5 4.1.0+git191117-2ubuntu0.20.04.14
Ubuntu 18.04 LTS
libtiff5 4.0.9-5ubuntu0.10+esm7
Available with Ubuntu Pro
Ubuntu 16.04 LTS
libtiff5 4.0.6-1ubuntu0.8+esm17
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6997-1
CVE-2024-7006
Package Information:
https://launchpad.net/ubuntu/+source/tiff/4.5.1+git230720-4ubuntu2.2
https://launchpad.net/ubuntu/+source/tiff/4.3.0-6ubuntu0.10
https://launchpad.net/ubuntu/+source/tiff/4.1.0+git191117-2ubuntu0.20.04.14
Related news
Ubuntu Security Notice 6997-2 - USN-6997-1 fixed a vulnerability in LibTIFF. This update provides the corresponding updates for Ubuntu 14.04 LTS. It was discovered that LibTIFF incorrectly handled memory. An attacker could possibly use this issue to cause the application to crash, resulting in a denial of service.
Red Hat Security Advisory 2024-6360-03 - An update for libtiff is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a null pointer vulnerability.