What is the severity of USN-3864-1?

The vulnerability USN-3864-1 is classified as critical due to its potential for denial of service or arbitrary code execution.

How do I fix USN-3864-1?

To fix USN-3864-1, upgrade the affected libtiff packages to the versions provided in the Ubuntu security advisory.

Which versions of Ubuntu are affected by USN-3864-1?

USN-3864-1 affects Ubuntu versions 14.04, 16.04, 18.04, and 18.10.

What type of attack does USN-3864-1 enable?

USN-3864-1 enables remote attackers to cause a denial of service or potentially execute arbitrary code via specially crafted images.

What is the background of the vulnerability USN-3864-1?

USN-3864-1 is related to inadequate handling of malformed images by the LibTIFF library.

Vulnerability/
USN-3864-1

22/1/2019

USN-3864-1: LibTIFF vulnerabilities

First published: Tue Jan 22 2019(Updated: )

It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.

Affected Software	Affected Version	How to fix
All of
ubuntu/libtiff-tools	<4.0.9-6ubuntu0.1	4.0.9-6ubuntu0.1
Ubuntu OpenSSH Client	=18.10
All of
ubuntu/libtiff5	<4.0.9-6ubuntu0.1	4.0.9-6ubuntu0.1
Ubuntu OpenSSH Client	=18.10
All of
ubuntu/libtiff-tools	<4.0.9-5ubuntu0.1	4.0.9-5ubuntu0.1
Ubuntu OpenSSH Client	=18.04
All of
ubuntu/libtiff5	<4.0.9-5ubuntu0.1	4.0.9-5ubuntu0.1
Ubuntu OpenSSH Client	=18.04
All of
ubuntu/libtiff-tools	<4.0.6-1ubuntu0.5	4.0.6-1ubuntu0.5
Ubuntu OpenSSH Client	=16.04
All of
ubuntu/libtiff5	<4.0.6-1ubuntu0.5	4.0.6-1ubuntu0.5
Ubuntu OpenSSH Client	=16.04
All of
ubuntu/libtiff-tools	<4.0.3-7ubuntu0.10	4.0.3-7ubuntu0.10
Ubuntu OpenSSH Client	=14.04
All of
ubuntu/libtiff5	<4.0.3-7ubuntu0.10	4.0.3-7ubuntu0.10
Ubuntu OpenSSH Client	=14.04

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

What is the severity of USN-3864-1?
The vulnerability USN-3864-1 is classified as critical due to its potential for denial of service or arbitrary code execution.
How do I fix USN-3864-1?
To fix USN-3864-1, upgrade the affected libtiff packages to the versions provided in the Ubuntu security advisory.
Which versions of Ubuntu are affected by USN-3864-1?
USN-3864-1 affects Ubuntu versions 14.04, 16.04, 18.04, and 18.10.
What type of attack does USN-3864-1 enable?
USN-3864-1 enables remote attackers to cause a denial of service or potentially execute arbitrary code via specially crafted images.
What is the background of the vulnerability USN-3864-1?
USN-3864-1 is related to inadequate handling of malformed images by the LibTIFF library.

agent/severity
agent/type
agent/last-modified-date
agent/first-publish-date
agent/references
agent/title
agent/description
agent/event
agent/trending
agent/source
agent/softwarecombine
agent/tags
collector/usn
source/Ubuntu
agent/software-canonical-lookup-request
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu openssh client
version/ubuntu openssh client/18.10
version/ubuntu openssh client/18.04
version/ubuntu openssh client/16.04
version/ubuntu openssh client/14.04

Frequently Asked Questions

What is the severity of USN-3864-1?
The vulnerability USN-3864-1 is classified as critical due to its potential for denial of service or arbitrary code execution.
How do I fix USN-3864-1?
To fix USN-3864-1, upgrade the affected libtiff packages to the versions provided in the Ubuntu security advisory.
Which versions of Ubuntu are affected by USN-3864-1?
USN-3864-1 affects Ubuntu versions 14.04, 16.04, 18.04, and 18.10.
What type of attack does USN-3864-1 enable?
USN-3864-1 enables remote attackers to cause a denial of service or potentially execute arbitrary code via specially crafted images.
What is the background of the vulnerability USN-3864-1?
USN-3864-1 is related to inadequate handling of malformed images by the LibTIFF library.

USN-3864-1: LibTIFF vulnerabilities

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

Frequently Asked Questions

What is the severity of USN-3864-1?

How do I fix USN-3864-1?

Which versions of Ubuntu are affected by USN-3864-1?

What type of attack does USN-3864-1 enable?

What is the background of the vulnerability USN-3864-1?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of USN-3864-1?

How do I fix USN-3864-1?

Which versions of Ubuntu are affected by USN-3864-1?

What type of attack does USN-3864-1 enable?

What is the background of the vulnerability USN-3864-1?