1.78.0

Notably, this release addresses:

USN-6644-2 USN-6644-2: LibTIFF vulnerabilities:

• CVE-2023-52356: A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.
• CVE-2023-6228: An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash.
• CVE-2023-6277: An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.
• CVE-2023-52356: A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.
• CVE-2023-6228: An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash.
• CVE-2023-6277: An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.

-ii  libtiff-dev:amd64 4.3.0-6ubuntu0.7  amd64  Tag Image File Format library (TIFF), development files
-ii  libtiff5:amd64    4.3.0-6ubuntu0.7  amd64  Tag Image File Format (TIFF) library
-ii  libtiffxx5:amd64  4.3.0-6ubuntu0.7  amd64  Tag Image File Format (TIFF) library -- C++ interface
+ii  libtiff-dev:amd64 4.3.0-6ubuntu0.8  amd64  Tag Image File Format library (TIFF), development files
+ii  libtiff5:amd64    4.3.0-6ubuntu0.8  amd64  Tag Image File Format (TIFF) library
+ii  libtiffxx5:amd64  4.3.0-6ubuntu0.8  amd64  Tag Image File Format (TIFF) library -- C++ interface