This repository has been archived by the owner on Mar 16, 2022. It is now read-only.
1.274.0
cf-buildpacks-eng
released this
12 Mar 20:21
·
12 commits
to master
since this release
Notably, this release addresses:
USN-3906-1 USN-3906-1: LibTIFF vulnerabilities:
- CVE-2018-10779: TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based bufferover-read, as demonstrated by bmp2tiff.
- CVE-2018-12900: Heap-based buffer overflow in the cpSeparateBufToContigBuf function intiffcp.c in LibTIFF 4.0.9 allows remote attackers to cause a denial ofservice (crash) or possibly have unspecified other impact via a craftedTIFF file.
- CVE-2018-17000: A NULL pointer dereference in the function _TIFFmemcmp at tif_unix.c(called from TIFFWriteDirectoryTagTransferfunction) in LibTIFF 4.0.9 allowsan attacker to cause a denial-of-service through a crafted tiff file. Thisvulnerability can be triggered by the executable tiffcp.
- CVE-2018-19210: In LibTIFF 4.0.9, there is a NULL pointer dereference in theTIFFWriteDirectorySec function in tif_dirwrite.c that will lead to a denialof service attack, as demonstrated by tiffset.
- CVE-2019-6128: The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak,as demonstrated by pal2rgb.
- CVE-2019-7663: An Invalid Address dereference was discovered inTIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remoteattackers could leverage this vulnerability to cause a denial-of-servicevia a crafted tiff file. This is different from CVE-2018-12900.
-ii libtiff5:amd64 4.0.3-7ubuntu0.10 amd64 Tag Image File Format (TIFF) library
-ii libtiff5-dev:amd64 4.0.3-7ubuntu0.10 amd64 Tag Image File Format library (TIFF), development files
-ii libtiffxx5:amd64 4.0.3-7ubuntu0.10 amd64 Tag Image File Format (TIFF) library -- C++ interface
+ii libtiff5:amd64 4.0.3-7ubuntu0.11 amd64 Tag Image File Format (TIFF) library
+ii libtiff5-dev:amd64 4.0.3-7ubuntu0.11 amd64 Tag Image File Format library (TIFF), development files
+ii libtiffxx5:amd64 4.0.3-7ubuntu0.11 amd64 Tag Image File Format (TIFF) library -- C++ interface