SOL35155453 - Multiple LibTIFF vulnerabilities

Vulnerability Recommended Actions

If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in theVersions known to be not vulnerable column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.

Mitigation

To mitigate the risk posed by this vulnerability, you can ensure that TIFF file processing via BIG-IP AAM or WebAccelerator policies is disabled, or ensure that TIFF files processed by BIG-IP AAM and WebAccelerator cannot be modified by attackers.

Impact of action: Performing the suggested mitigation should not have a negative impact on your system.

For more information about disabling image optimization, refer to:

• BIG-IP AAM: The Accelerating Images with Image Optimization chapter of the _BIG-IP Acceleration Implementations _guide
• BIG-IP WebAccelerator: The Accelerating Images with Image Optimization chapter of the _BIG-IP WebAccelerator System Implementations _guide

Note: For information about how to locate F5 product guides, refer to SOL12453464: Finding product documentation on AskF5.

Supplemental Information

• SOL9970: Subscribing to email notifications regarding F5 products
• SOL9957: Creating a custom RSS feed to view new and updated documents
• SOL4602: Overview of the F5 security vulnerability response policy
• SOL4918: Overview of the F5 critical issue hotfix policy
• SOL167: Downloading software and firmware from F5
• SOL13123: Managing BIG-IP product hotfixes (11.x - 12.x)
• SOL9502: BIG-IP hotfix matrix