libtiff-3.9.4-18.AXS4

エラータID: AXSA:2016-585:01

Release date: 
Tuesday, August 2, 2016 - 23:03
Subject: 
libtiff-3.9.4-18.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

The libtiff package contains a library of functions for manipulating
TIFF (Tagged Image File Format) image format files. TIFF is a widely
used file format for bitmapped images. TIFF files usually end in the
.tif extension and they are often quite large.

The libtiff package should be installed if you need to manipulate TIFF
format image files.

Security issues fixed with this release:

CVE-2014-8127
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2014-8129
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2014-8130
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2014-9330
Integer overflow in tif_packbits.c in bmp2tif in libtiff 4.0.3 allows
remote attackers to cause a denial of service (crash) via crafted BMP
image, related to dimensions, which triggers an out-of-bounds read.
CVE-2014-9655
The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2)
NeXTDecode function in tif_next.c in LibTIFF allows remote attackers
to cause a denial of service (uninitialized memory access) via a
crafted TIFF image, as demonstrated by libtiff-cvs-1.tif and
libtiff-cvs-2.tif.
CVE-2015-1547
The NeXTDecode function in tif_next.c in LibTIFF allows remote
attackers to cause a denial of service (uninitialized memory access)
via a crafted TIFF image, as demonstrated by libtiff5.tif.
CVE-2015-7554
The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows
attackers to cause a denial of service (invalid memory write and
crash) or possibly have unspecified other impact via crafted field
data in an extension tag in a TIFF image.
CVE-2015-8665
tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a
denial of service (out-of-bounds read) via the SamplesPerPixel tag in
a TIFF image.
CVE-2015-8668
Heap-based buffer overflow in the PackBitsPreEncode function in
tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote
attackers to execute arbitrary code or cause a denial of service via a
large width field in a BMP image.
CVE-2015-8683
The putcontig8bitCIELab function in tif_getimage.c in LibTIFF 4.0.6
allows remote attackers to cause a denial of service (out-of-bounds
read) via a packed TIFF image.
CVE-2015-8781
tif_luv.c in libtiff allows attackers to cause a denial of service
(out-of-bounds write) via an invalid number of samples per pixel in a
LogL compressed TIFF image, a different vulnerability than
CVE-2015-8782.
CVE-2015-8782
tif_luv.c in libtiff allows attackers to cause a denial of service
(out-of-bounds writes) via a crafted TIFF image, a different
vulnerability than CVE-2015-8781.
CVE-2015-8783
tif_luv.c in libtiff allows attackers to cause a denial of service
(out-of-bounds reads) via a crafted TIFF image.
CVE-2015-8784
The NeXTDecode function in tif_next.c in LibTIFF allows remote
attackers to cause a denial of service (out-of-bounds write) via a
crafted TIFF image, as demonstrated by libtiff5.tif.
CVE-2016-3632
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-3945
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-3990
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-3991
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-5320
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.

Solution: 

Update packages.

CVEs: 
CVE-2014-8127
LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tif_next.c in the tiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool.
CVE-2014-8129
LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in tiff2pdf.c.
CVE-2014-8130
The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither.
CVE-2014-9330
Integer overflow in tif_packbits.c in bmp2tif in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) via crafted BMP image, related to dimensions, which triggers an out-of-bounds read.
CVE-2014-9655
The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff-cvs-1.tif and libtiff-cvs-2.tif.
CVE-2015-1547
The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff5.tif.
CVE-2015-7554
The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via crafted field data in an extension tag in a TIFF image.
CVE-2015-8665
tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via the SamplesPerPixel tag in a TIFF image.
CVE-2015-8668
Heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via a large width field in a BMP image.
CVE-2015-8683
The putcontig8bitCIELab function in tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a packed TIFF image.
CVE-2015-8781
tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds write) via an invalid number of samples per pixel in a LogL compressed TIFF image, a different vulnerability than CVE-2015-8782.
CVE-2015-8782
tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds writes) via a crafted TIFF image, a different vulnerability than CVE-2015-8781.
CVE-2015-8783
tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds reads) via a crafted TIFF image.
CVE-2015-8784
The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image, as demonstrated by libtiff5.tif.
CVE-2016-3632
The _TIFFVGetField function in tif_dirinfo.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image.
CVE-2016-3945
Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile functions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when -b mode is enabled, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image, which triggers an out-of-bounds write.
CVE-2016-3990
Heap-based buffer overflow in the horizontalDifference8 function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image to tiffcp.
CVE-2016-3991
Heap-based buffer overflow in the loadImage function in the tiffcrop tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image with zero tiles.
CVE-2016-5320
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-5314. Reason: This candidate is a reservation duplicate of CVE-2016-5314. Notes: All CVE users should reference CVE-2016-5314 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Additional Info: 

N/A

Download: 

SRPMS
  1. libtiff-3.9.4-18.AXS4.src.rpm
    MD5: 98e56baa8e003055a9236d10e1aa4fb7
    SHA-256: df2acd71cb10deec630716e55dfc84239d7a8cbf9bfba6c955c002f78ab6da77
    Size: 1.42 MB

Asianux Server 4 for x86
  1. libtiff-3.9.4-18.AXS4.i686.rpm
    MD5: 82595a3db5db8aace0c70dccb10966e1
    SHA-256: d451108e28d6a6a58ed07efae3b6fab05df00b45523ebc753959ad0a887dfbf5
    Size: 341.12 kB
  2. libtiff-devel-3.9.4-18.AXS4.i686.rpm
    MD5: b40301c4c26a6cb611861cc5acdb2e66
    SHA-256: 83dee186d40ab4ba001101ae9822862febb4abe26d7359beec5de76107419b0e
    Size: 469.15 kB

Asianux Server 4 for x86_64
  1. libtiff-3.9.4-18.AXS4.x86_64.rpm
    MD5: 06220137ace1b670a91ebb431d759c55
    SHA-256: 79a84965a8570fd7bb30b8d500dee6f1f38392156d659febcab819e5f9ea03a5
    Size: 344.25 kB
  2. libtiff-devel-3.9.4-18.AXS4.x86_64.rpm
    MD5: 7524ddd3a8011a4a11a5747dbb2667ef
    SHA-256: b30e5ad65e10c0b756ec00ce037d6e45f69e4674b05d064838aad6fc59bb9202
    Size: 468.73 kB
  3. libtiff-3.9.4-18.AXS4.i686.rpm
    MD5: 82595a3db5db8aace0c70dccb10966e1
    SHA-256: d451108e28d6a6a58ed07efae3b6fab05df00b45523ebc753959ad0a887dfbf5
    Size: 341.12 kB
  4. libtiff-devel-3.9.4-18.AXS4.i686.rpm
    MD5: b40301c4c26a6cb611861cc5acdb2e66
    SHA-256: 83dee186d40ab4ba001101ae9822862febb4abe26d7359beec5de76107419b0e
    Size: 469.15 kB