Cloud Foundry Logo

USN-3212-2: LibTIFF regression


Share

USN-3212-2: LibTIFF regression

Vendor

Canonical Ubuntu

Versions Affected

  • Canonical Ubuntu 14.04

Description

USN-3212-1 fixed vulnerabilities in LibTIFF. Unfortunately, some of the security patches were misapplied, which caused a regression when processing certain images. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.

Affected Cloud Foundry Products and Versions

  • All versions of Cloud Foundry cflinuxfs2 prior to 1.125.0

Mitigation

OSS users are strongly encouraged to follow one of the mitigations below:

  • The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 version 1.125.0 or later.

References

Cloud Foundry Foundation Security Team Profile Image

Cloud Foundry Foundation Security Team, AUTHOR

SEE ALL ARTICLES