0.30.0
·
337 commits
to main
since this release
Notably, this release addresses:
USN-5619-1 USN-5619-1: LibTIFF vulnerabilities:
- CVE-2020-19131: Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "invertImage()" function in the component "tiffcrop".
- CVE-2020-19144: Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the 'in _TIFFmemcpy' funtion in the component 'tif_unix.c'.
- CVE-2022-1354: A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffinfo tool, triggering a heap buffer overflow issue and causing a crash that leads to a denial of service.
- CVE-2022-1355: A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash that leads to a denial of service.
- CVE-2022-2058: Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.
- CVE-2020-19144: Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the 'in _TIFFmemcpy' funtion in the component 'tif_unix.c'.
- CVE-2022-1354: A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffinfo tool, triggering a heap buffer overflow issue and causing a crash that leads to a denial of service.
- CVE-2022-2056: Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.
- CVE-2022-2058: Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.
- CVE-2022-2057: Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.
- CVE-2020-19131: Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "invertImage()" function in the component "tiffcrop".
- CVE-2022-1355: A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash that leads to a denial of service.
-ii gcc-12-base:amd64 12-20220319-1ubuntu1 amd64 GCC, the GNU Compiler Collection (base package)
+ii gcc-12-base:amd64 12.1.0-2ubuntu1~22.04 amd64 GCC, the GNU Compiler Collection (base package)
-ii libatomic1:amd64 12-20220319-1ubuntu1 amd64 support library providing __atomic built-in functions
+ii libatomic1:amd64 12.1.0-2ubuntu1~22.04 amd64 support library providing __atomic built-in functions
-ii libcc1-0:amd64 12-20220319-1ubuntu1 amd64 GCC cc1 plugin for GDB
+ii libcc1-0:amd64 12.1.0-2ubuntu1~22.04 amd64 GCC cc1 plugin for GDB
-ii libgcc-s1:amd64 12-20220319-1ubuntu1 amd64 GCC support library
+ii libgcc-s1:amd64 12.1.0-2ubuntu1~22.04 amd64 GCC support library
-ii libgfortran5:amd64 12-20220319-1ubuntu1 amd64 Runtime library for GNU Fortran applications
+ii libgfortran5:amd64 12.1.0-2ubuntu1~22.04 amd64 Runtime library for GNU Fortran applications
-ii libgomp1:amd64 12-20220319-1ubuntu1 amd64 GCC OpenMP (GOMP) support library
+ii libgomp1:amd64 12.1.0-2ubuntu1~22.04 amd64 GCC OpenMP (GOMP) support library
-ii libitm1:amd64 12-20220319-1ubuntu1 amd64 GNU Transactional Memory Library
+ii libitm1:amd64 12.1.0-2ubuntu1~22.04 amd64 GNU Transactional Memory Library
-ii liblsan0:amd64 12-20220319-1ubuntu1 amd64 LeakSanitizer -- a memory leak detector (runtime)
+ii liblsan0:amd64 12.1.0-2ubuntu1~22.04 amd64 LeakSanitizer -- a memory leak detector (runtime)
-ii libquadmath0:amd64 12-20220319-1ubuntu1 amd64 GCC Quad-Precision Math Library
+ii libquadmath0:amd64 12.1.0-2ubuntu1~22.04 amd64 GCC Quad-Precision Math Library
-ii libstdc++6:amd64 12-20220319-1ubuntu1 amd64 GNU Standard C++ Library v3
+ii libstdc++6:amd64 12.1.0-2ubuntu1~22.04 amd64 GNU Standard C++ Library v3
-ii libtiff-dev:amd64 4.3.0-6 amd64 Tag Image File Format library (TIFF), development files
-ii libtiff5:amd64 4.3.0-6 amd64 Tag Image File Format (TIFF) library
-ii libtiffxx5:amd64 4.3.0-6 amd64 Tag Image File Format (TIFF) library -- C++ interface
+ii libtiff-dev:amd64 4.3.0-6ubuntu0.1 amd64 Tag Image File Format library (TIFF), development files
+ii libtiff5:amd64 4.3.0-6ubuntu0.1 amd64 Tag Image File Format (TIFF) library
+ii libtiffxx5:amd64 4.3.0-6ubuntu0.1 amd64 Tag Image File Format (TIFF) library -- C++ interface
-ii libubsan1:amd64 12-20220319-1ubuntu1 amd64 UBSan -- undefined behaviour sanitizer (runtime)
+ii libubsan1:amd64 12.1.0-2ubuntu1~22.04 amd64 UBSan -- undefined behaviour sanitizer (runtime)
-ii vim-common 2:8.2.3995-1ubuntu2 all Vi IMproved - Common files
-ii vim-tiny 2:8.2.3995-1ubuntu2 amd64 Vi IMproved - enhanced vi editor - compact version
+ii vim-common 2:8.2.3995-1ubuntu2.1 all Vi IMproved - Common files
+ii vim-tiny 2:8.2.3995-1ubuntu2.1 amd64 Vi IMproved - enhanced vi editor - compact version
-ii xxd 2:8.2.3995-1ubuntu2 amd64 tool to make (or reverse) a hex dump
+ii xxd 2:8.2.3995-1ubuntu2.1 amd64 tool to make (or reverse) a hex dump