What is the severity of USN-3906-1?

USN-3906-1 is classified as a high-severity vulnerability that can lead to denial of service or arbitrary code execution.

How do I fix USN-3906-1?

To fix USN-3906-1, upgrade the affected packages to the recommended versions specified in the Ubuntu security notice.

What systems are affected by USN-3906-1?

USN-3906-1 affects various versions of Ubuntu, specifically 14.04, 16.04, 18.04, and 18.10 with specific versions of libtiff-tools and libtiff5.

What type of vulnerabilities does USN-3906-1 involve?

USN-3906-1 involves vulnerabilities due to improper handling of malformed images in the LibTIFF library.

Can USN-3906-1 be exploited remotely?

Yes, USN-3906-1 can be exploited remotely if a user is tricked into opening a specially crafted image.

Vulnerability/
USN-3906-1

12/3/2019

USN-3906-1: LibTIFF vulnerabilities

First published: Tue Mar 12 2019(Updated: )

It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.

Affected Software	Affected Version	How to fix
All of
ubuntu/libtiff-tools	<4.0.9-6ubuntu0.2	4.0.9-6ubuntu0.2
Ubuntu OpenSSH Client	=18.10
All of
ubuntu/libtiff5	<4.0.9-6ubuntu0.2	4.0.9-6ubuntu0.2
Ubuntu OpenSSH Client	=18.10
All of
ubuntu/libtiff-tools	<4.0.9-5ubuntu0.2	4.0.9-5ubuntu0.2
Ubuntu OpenSSH Client	=18.04
All of
ubuntu/libtiff5	<4.0.9-5ubuntu0.2	4.0.9-5ubuntu0.2
Ubuntu OpenSSH Client	=18.04
All of
ubuntu/libtiff-tools	<4.0.6-1ubuntu0.6	4.0.6-1ubuntu0.6
Ubuntu OpenSSH Client	=16.04
All of
ubuntu/libtiff5	<4.0.6-1ubuntu0.6	4.0.6-1ubuntu0.6
Ubuntu OpenSSH Client	=16.04
All of
ubuntu/libtiff-tools	<4.0.3-7ubuntu0.11	4.0.3-7ubuntu0.11
Ubuntu OpenSSH Client	=14.04
All of
ubuntu/libtiff5	<4.0.3-7ubuntu0.11	4.0.3-7ubuntu0.11
Ubuntu OpenSSH Client	=14.04

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

What is the severity of USN-3906-1?
USN-3906-1 is classified as a high-severity vulnerability that can lead to denial of service or arbitrary code execution.
How do I fix USN-3906-1?
To fix USN-3906-1, upgrade the affected packages to the recommended versions specified in the Ubuntu security notice.
What systems are affected by USN-3906-1?
USN-3906-1 affects various versions of Ubuntu, specifically 14.04, 16.04, 18.04, and 18.10 with specific versions of libtiff-tools and libtiff5.
What type of vulnerabilities does USN-3906-1 involve?
USN-3906-1 involves vulnerabilities due to improper handling of malformed images in the LibTIFF library.
Can USN-3906-1 be exploited remotely?
Yes, USN-3906-1 can be exploited remotely if a user is tricked into opening a specially crafted image.

agent/severity
agent/references
agent/type
agent/last-modified-date
agent/title
agent/description
agent/first-publish-date
agent/trending
agent/source
agent/event
agent/softwarecombine
agent/tags
collector/usn
source/Ubuntu
agent/software-canonical-lookup-request
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu openssh client
version/ubuntu openssh client/18.10
version/ubuntu openssh client/18.04
version/ubuntu openssh client/16.04
version/ubuntu openssh client/14.04

Frequently Asked Questions

What is the severity of USN-3906-1?
USN-3906-1 is classified as a high-severity vulnerability that can lead to denial of service or arbitrary code execution.
How do I fix USN-3906-1?
To fix USN-3906-1, upgrade the affected packages to the recommended versions specified in the Ubuntu security notice.
What systems are affected by USN-3906-1?
USN-3906-1 affects various versions of Ubuntu, specifically 14.04, 16.04, 18.04, and 18.10 with specific versions of libtiff-tools and libtiff5.
What type of vulnerabilities does USN-3906-1 involve?
USN-3906-1 involves vulnerabilities due to improper handling of malformed images in the LibTIFF library.
Can USN-3906-1 be exploited remotely?
Yes, USN-3906-1 can be exploited remotely if a user is tricked into opening a specially crafted image.

USN-3906-1: LibTIFF vulnerabilities

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

Frequently Asked Questions

What is the severity of USN-3906-1?

How do I fix USN-3906-1?

What systems are affected by USN-3906-1?

What type of vulnerabilities does USN-3906-1 involve?

Can USN-3906-1 be exploited remotely?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of USN-3906-1?

How do I fix USN-3906-1?

What systems are affected by USN-3906-1?

What type of vulnerabilities does USN-3906-1 involve?

Can USN-3906-1 be exploited remotely?