USN-3212-1: LibTIFF vulnerabilities
Severity
Medium
Vendor
Canonical Ubuntu
Versions Affected
- Canonical Ubuntu 14.04
Description
It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.
Affected Cloud Foundry Products and Versions
Severity is medium unless otherwise noted.
- All versions of Cloud Foundry cflinuxfs2 prior to 1.104.0
Mitigation
OSS users are strongly encouraged to follow one of the mitigations below:
- The Cloud Foundry project recommends that Cloud Foundry deployments fun with cflinuxfs2 versions 1.104.0 or later.
References
- https://www.ubuntu.com/usn/usn-3212-1/
- CVE-2015-7554
- CVE-2015-8668
- CVE-2016-10092
- CVE-2016-10093
- CVE-2016-10094
- CVE-2016-3622
- CVE-2016-3623
- CVE-2016-3624
- CVE-2016-3632
- CVE-2016-3658
- CVE-2016-3945
- CVE-2016-3990
- CVE-2016-3991
- CVE-2016-5314
- CVE-2016-5315
- CVE-2016-5316
- CVE-2016-5317
- CVE-2016-5320
- CVE-2016-5321
- CVE-2016-5322
- CVE-2016-5323
- CVE-2016-5652
- CVE-2016-5875
- CVE-2016-6223
- CVE-2016-8331
- CVE-2016-9273
- CVE-2016-9297
- CVE-2016-9448
- CVE-2016-9453
- CVE-2016-9532
- CVE-2016-9533
- CVE-2016-9534
- CVE-2016-9535
- CVE-2016-9536
- CVE-2016-9537
- CVE-2016-9538
- CVE-2016-9539
- CVE-2016-9540
- CVE-2017-5225
