SOL35155453 - Multiple LibTIFF vulnerabilities

2016-11-08T00:00:00
ID SOL35155453
Type f5
Reporter f5
Modified 2016-11-08T00:00:00

Description

Vulnerability Recommended Actions

If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.

Mitigation

To mitigate the risk posed by this vulnerability, you can ensure that TIFF file processing via BIG-IP AAM or WebAccelerator policies is disabled, or ensure that TIFF files processed by BIG-IP AAM and WebAccelerator cannot be modified by attackers.

Impact of action: Performing the suggested mitigation should not have a negative impact on your system.

For more information about disabling image optimization, refer to:

  • BIG-IP AAM: The Accelerating Images with Image Optimization chapter of the _BIG-IP Acceleration Implementations _guide
  • BIG-IP WebAccelerator: The Accelerating Images with Image Optimization chapter of the _BIG-IP WebAccelerator System Implementations _guide

Note: For information about how to locate F5 product guides, refer to SOL12453464: Finding product documentation on AskF5.

Supplemental Information

  • SOL9970: Subscribing to email notifications regarding F5 products
  • SOL9957: Creating a custom RSS feed to view new and updated documents
  • SOL4602: Overview of the F5 security vulnerability response policy
  • SOL4918: Overview of the F5 critical issue hotfix policy
  • SOL167: Downloading software and firmware from F5
  • SOL13123: Managing BIG-IP product hotfixes (11.x - 12.x)
  • SOL9502: BIG-IP hotfix matrix