Ubuntu alert USN-8345-1 (gdal)
| From: | noreply+usn-bot--- via ubuntu-security-announce <ubuntu-security-announce@lists.ubuntu.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-8345-1] GDAL vulnerability | |
| Date: | Fri, 29 May 2026 18:29:45 +0000 | |
| Message-ID: | <E1wT1xp-0000Xm-Pj@lists.ubuntu.com> | |
| Cc: | noreply+usn-bot@canonical.com |
========================================================================== Ubuntu Security Notice USN-8345-1 May 28, 2026 gdal vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: GDAL could be made to crash or run programs if it received specially crafted input. Software Description: - gdal: Geospatial Data Abstraction Library Details: It was discovered that the vendored LibTIFF in GDAL incorrectly handled memory when parsing malformed TIFF image metadata. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information, or execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS gdal-bin 1.11.3+dfsg-3ubuntu0.1~esm1 Available with Ubuntu Pro libgdal-dev 1.11.3+dfsg-3ubuntu0.1~esm1 Available with Ubuntu Pro libgdal-java 1.11.3+dfsg-3ubuntu0.1~esm1 Available with Ubuntu Pro libgdal-perl 1.11.3+dfsg-3ubuntu0.1~esm1 Available with Ubuntu Pro libgdal1i 1.11.3+dfsg-3ubuntu0.1~esm1 Available with Ubuntu Pro python-gdal 1.11.3+dfsg-3ubuntu0.1~esm1 Available with Ubuntu Pro python3-gdal 1.11.3+dfsg-3ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 14.04 LTS gdal-bin 1.10.1+dfsg-5ubuntu1+esm2 Available with Ubuntu Pro libgdal-dev 1.10.1+dfsg-5ubuntu1+esm2 Available with Ubuntu Pro libgdal-java 1.10.1+dfsg-5ubuntu1+esm2 Available with Ubuntu Pro libgdal-perl 1.10.1+dfsg-5ubuntu1+esm2 Available with Ubuntu Pro libgdal1h 1.10.1+dfsg-5ubuntu1+esm2 Available with Ubuntu Pro python-gdal 1.10.1+dfsg-5ubuntu1+esm2 Available with Ubuntu Pro python3-gdal 1.10.1+dfsg-5ubuntu1+esm2 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8345-1 CVE-2025-9900
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmoZ1BYACgkQcpJm3tlz hgHxjQ/6AjtyWk+1240xytCv1l8oPwPLXWbKRUkCQtrUWnnWphJaXHs7D34Koq9e MlaBrOjZKpX9LphoZa6DDoAnUV3RKJk8eU0Lf2ZYfMSuEnb2wDFmqnRY682epFus WKJTtzXzkipMFhPAd9a5f0XIfgfWV4pi1gf+O+B55GQ3Y94FGvRu2pdi/jz13hD5 wLTp0KzwxRMrKejSqMb2Xy9XpNetewuvuIHGk8mo+mZ0A6Exi/5boToVZVLja38f g6rXAfdpdl4EgwNsyCzpr2MBrQ4e0lNz4aevPfQ7YAWWmIzy3lOITcJ7PDU9X5bW 0+N+m1eHwChm/I0WcWJOhgFXygS81PsXGN6l6T1OoA/EeNtDYasMZY2U6xqPI9CY kkSIVOQATDce+uBKs3V8KLKIz+VTepa3h7v3NYRGtBzKuj8+7vanWMkpEvnSNaZp ZLATuBwCPB85LKhGmDFMVW9M/7MDVSwYeoUOKDJ2jhFwCFX1BJ5N+HF76+wnHXDg 7t4CM6C85crhBP7hLMs/Z4GSNEKYQXP2UHKxoHBU/JjqvzwZgF74t56y5rwyqxgK ap5zhdkmVytt8IinaHJs2Hz9BVzKfAsRqM2VDzbsOHZSoc68LRxd3JwgOoRDgDIE m90Rw4Ls6O6sVdrJ7CuXw6mUQG7ANo+aEBhQRfPI8C/Rp6mAbps= =SynH -----END PGP SIGNATURE-----