Support Content Notification - Support Portal

USN-6644-1: LibTIFF vulnerabilities

Product/Component

Isolation Segment

3 more products

Notification Id

24842

Last Updated

25 July 2024

Initial Publication Date

25 July 2024

Status

CLOSED

Severity

MEDIUM

CVSS Base Score

WorkAround

Affected CVE

CVE-2023-52356;CVE-2023-6228;CVE-2023-6277

Severity

medium

Vendor

VMware Tanzu

Versions Affected

Canonical Ubuntu 18.04

It was discovered that LibTIFF incorrectly handled certain files. If a user were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause the application to crash, resulting in a denial of service. (CVE-2023-52356) It was discovered that LibTIFF incorrectly handled certain image files with the tiffcp utility. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcp to crash, resulting in a denial of service. (CVE-2023-6228) It was discovered that LibTIFF incorrectly handled certain files. If a user were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause the application to consume resources, resulting in a denial of service. (CVE-2023-6277) Update Instructions: Run `sudo pro fix USN-6644-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtiff-opengl - 4.0.6-1ubuntu0.8+esm15 libtiffxx5 - 4.0.6-1ubuntu0.8+esm15 libtiff5-dev - 4.0.6-1ubuntu0.8+esm15 libtiff5 - 4.0.6-1ubuntu0.8+esm15 libtiff-tools - 4.0.6-1ubuntu0.8+esm15 libtiff-doc - 4.0.6-1ubuntu0.8+esm15 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro.

Fixed and Unaffected VMware Products and Versions