USN-6827-1: LibTIFF vulnerability
Severity
low
Vendor
VMware Tanzu
Versions Affected
- Cflinuxfs3
- Cflinuxfs4
Description
It was discovered that LibTIFF incorrectly handled memory when performing certain cropping operations, leading to a heap buffer overflow. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-6827-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtiff-doc - 4.0.6-1ubuntu0.8+esm16 libtiff-opengl - 4.0.6-1ubuntu0.8+esm16 libtiff-tools - 4.0.6-1ubuntu0.8+esm16 libtiff5 - 4.0.6-1ubuntu0.8+esm16 libtiff5-dev - 4.0.6-1ubuntu0.8+esm16 libtiffxx5 - 4.0.6-1ubuntu0.8+esm16 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro.
Fixed VMware Products and Versions
- Cflinuxfs3
- 0.390.0 or greater
- Cflinuxfs4
- 1.99.0 or greater
- Operations Manager Image
- 2.7.25 or greater
- 2.8.16 or greater
- 2.9.12 or greater
- 2.10.3 or greater
- Tanzu Greenplum for Kubernetes
- 2.0.0 or greater
- Operations Manager
- 2.7.25 or greater
- 2.8.16 or greater
- 2.9.12 or greater
- 2.10.3 or greater
- CF Deployment
- 41.0.0 or greater
References
https://ubuntu.com/security/notices/USN-6827-1
https://www.cloudfoundry.org/blog/usn-6827-1
https://cve.mitre.org/cgi-bin/cvename.cgi?name=usn-6827-1
History
2024-06-11: Initial vulnerability report published.