USN-3906-1: LibTIFF vulnerabilities | Cloud Foundry

2019-03-21T00:00:00
ID CFOUNDRY:417EF7E80F130AEB92D7C1BE6AE5436F
Type cloudfoundry
Reporter Cloud Foundry
Modified 2019-03-21T00:00:00

Description

Severity

Low

Vendor

Canonical Ubuntu

Versions Affected

  • Canonical Ubuntu 14.04
  • Canonical Ubuntu 18.04

Description

It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.

CVEs contained in this USN include: CVE-2018-10779, CVE-2018-12900, CVE-2018-17000, CVE-2018-19210, CVE-2019-6128, CVE-2019-7663

Affected Cloud Foundry Products and Versions

Severity is low unless otherwise noted.

  • All versions of Cloud Foundry cflinuxfs2 prior to 1.274.0
  • All versions of Cloud Foundry cflinuxfs3 prior to 0.71.0

Mitigation

Users of affected products are strongly encouraged to follow one of the mitigations below:

  • The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 version 1.274.0 or later.
  • The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs3 version 0.71.0 or later.

References