Details
Wouter Hanegraaff discovered that the TIFF library did not
sufficiently validate the "YCbCr subsampling" value in TIFF image
headers. Decoding a malicious image with a zero value resulted in an
arithmetic exception, which caused the program that uses the TIFF
library to crash. This leads to a Denial of Service in server
applications that use libtiff (like the CUPS printing system) and can
cause data loss in, for example, the Evolution email client.
Wouter Hanegraaff discovered that the TIFF library did not
sufficiently validate the "YCbCr subsampling" value in TIFF image
headers. Decoding a malicious image with a zero value resulted in an
arithmetic exception, which caused the program that uses the TIFF
library to crash. This leads to a Denial of Service in server
applications that use libtiff (like the CUPS printing system) and can
cause data loss in, for example, the Evolution email client.
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.