AXSA:2019-4119:01

Release date: 
Tuesday, August 20, 2019 - 01:39
Subject: 
compat-libtiff3-3.9.4-12.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Low
Description: 

The compat-libtiff3 package provides libtiff 3, an older version of libtiff library for manipulating TIFF (Tagged Image File Format) image format files.

Security Fix(es):

* libtiff: NULL pointer dereference in tif_print.c:TIFFPrintDirectory() causes a denial of service (CVE-2018-7456)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2018-7456
A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.)

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. compat-libtiff3-3.9.4-12.el7.src.rpm
    MD5: a533c5bf75d22b85f83af000f1244b5d
    SHA-256: a8f3cbb610ec931d3a66dd5623701cb7f435ac35100e788a9be0e9ba9c0789a1
    Size: 1.40 MB

Asianux Server 7 for x86_64
  1. compat-libtiff3-3.9.4-12.el7.x86_64.rpm
    MD5: cd26515bd2d0e2d6614a3470a7c1a18d
    SHA-256: 857b3ae0af342b9bd124a9cebf4808c2ab554cb91372884dc887f3e2fda7a9a4
    Size: 133.94 kB
  2. compat-libtiff3-3.9.4-12.el7.i686.rpm
    MD5: e4dea01ac43b55beafedfd9530dc5c08
    SHA-256: 31ea511188a12fb47e08bc4f4bb58bb6295331fbed5db4f89b95b87085136b9e
    Size: 132.01 kB
Copyright© 2007-2015 Asianux. All rights reserved.