========================================================================== Ubuntu Security Notice USN-3606-1 March 26, 2018 tiff vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 17.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file. Software Description: - tiff: Tag Image File Format (TIFF) library Details: It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 17.10: libtiff-tools 4.0.8-5ubuntu0.1 libtiff5 4.0.8-5ubuntu0.1 Ubuntu 16.04 LTS: libtiff-tools 4.0.6-1ubuntu0.4 libtiff5 4.0.6-1ubuntu0.4 Ubuntu 14.04 LTS: libtiff-tools 4.0.3-7ubuntu0.9 libtiff5 4.0.3-7ubuntu0.9 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/usn/usn-3606-1 CVE-2016-3186, CVE-2016-5102, CVE-2016-5318, CVE-2017-11613, CVE-2017-12944, CVE-2017-17095, CVE-2017-18013, CVE-2017-5563, CVE-2017-9117, CVE-2017-9147, CVE-2017-9935, CVE-2018-5784 Package Information: https://launchpad.net/ubuntu/+source/tiff/4.0.8-5ubuntu0.1 https://launchpad.net/ubuntu/+source/tiff/4.0.6-1ubuntu0.4 https://launchpad.net/ubuntu/+source/tiff/4.0.3-7ubuntu0.9