[ubuntu/jammy-security] tiff 4.3.0-6ubuntu0.8 (Accepted)
Rodrigo Figueiredo Zaiden
rodrigo.zaiden at canonical.com
Tue Feb 27 18:24:59 UTC 2024
tiff (4.3.0-6ubuntu0.8) jammy-security; urgency=medium
* SECURITY UPDATE: heap based buffer overflow
- debian/patches/CVE-2023-6228.patch: add check for codec configuration
in tools/tiffcp.c.
- CVE-2023-6228
* SECURITY UPDATE: memory exhaustion
- debian/patches/CVE-2023-6277-1.patch: add multiple checks for requested
memory being greater than filesize in libtiff/tif_dirread.c.
- debian/patches/CVE-2023-6277-2.patch: add an extra check for above
condition, to only do it for a defined large request in
libtiff/tif_dirread.c.
- debian/patches/CVE-2023-6277-3.patch: remove one of the checks in
libtiff/tif_dirread.c.
- debian/patches/CVE-2023-6277-4.patch: add the extra check, to only do
it for a defined large request in more methods in libtiff/tif_dirread.c.
- CVE-2023-6277
* SECURITY UPDATE: segmentation fault
- debian/patches/CVE-2023-52356.patch: add row and column check based
on image sizes in libtiff/tif_getimage.c.
- CVE-2023-52356
Date: 2024-02-16 22:35:09.939507+00:00
Changed-By: Rodrigo Figueiredo Zaiden <rodrigo.zaiden at canonical.com>
https://launchpad.net/ubuntu/+source/tiff/4.3.0-6ubuntu0.8
-------------- next part --------------
Sorry, changesfile not available.
More information about the jammy-changes
mailing list