libtiff-4.0.3-27.el7

エラータID: AXSA:2017-1282:01

Release date: 
Wednesday, February 1, 2017 - 14:52
Subject: 
libtiff-4.0.3-27.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

The libtiff package contains a library of functions for manipulating
TIFF (Tagged Image File Format) image format files. TIFF is a widely
used file format for bitmapped images. TIFF files usually end in the
.tif extension and they are often quite large.

The libtiff package should be installed if you need to manipulate TIFF
format image files.

Security issues fixed with this release:

CVE-2015-8870
Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows
remote attackers to cause a denial of service (heap-based buffer
over-read), or possibly obtain sensitive information from process
memory, via crafted width and length values in RLE4 or RLE8 data in a
BMP file.
CVE-2016-5652
An exploitable heap-based buffer overflow exists in the handling of
TIFF images in LibTIFF's TIFF2PDF tool. A crafted TIFF document can
lead to a heap-based buffer overflow resulting in remote code
execution. Vulnerability can be triggered via a saved TIFF file
delivered by other means.
CVE-2016-9533
tif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities
in heap allocated buffers. Reported as MSVR 35094, aka "PixarLog
horizontalDifference heap-buffer-overflow."
CVE-2016-9534
tif_write.c in libtiff 4.0.6 has an issue in the error code path of
TIFFFlushData1() that didn't reset the tif_rawcc and tif_rawcp members.
Reported as MSVR 35095, aka "TIFFFlushData1 heap-buffer-overflow."
CVE-2016-9535
tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that
can lead to assertion failures in debug mode, or buffer overflows in
release mode, when dealing with unusual tile size like YCbCr with
subsampling. Reported as MSVR 35105, aka "Predictor
heap-buffer-overflow."
CVE-2016-9536
tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write
vulnerabilities in heap allocated buffers in t2p_process_jpeg_strip().
Reported as MSVR 35098, aka "t2p_process_jpeg_strip
heap-buffer-overflow."
CVE-2016-9537
tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds write
vulnerabilities in buffers. Reported as MSVR 35093, MSVR 35096, and
MSVR 35097.
CVE-2016-9540
tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled
images with odd tile width versus image width. Reported as MSVR 35103,
aka "cpStripToTile heap-buffer-overflow."

Solution: 

Update packages.

CVEs: 
CVE-2015-8870
Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows remote attackers to cause a denial of service (heap-based buffer over-read), or possibly obtain sensitive information from process memory, via crafted width and length values in RLE4 or RLE8 data in a BMP file.
CVE-2016-5652
An exploitable heap-based buffer overflow exists in the handling of TIFF images in LibTIFF's TIFF2PDF tool. A crafted TIFF document can lead to a heap-based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved TIFF file delivered by other means.
CVE-2016-9533
tif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers. Reported as MSVR 35094, aka "PixarLog horizontalDifference heap-buffer-overflow."
CVE-2016-9534
tif_write.c in libtiff 4.0.6 has an issue in the error code path of TIFFFlushData1() that didn't reset the tif_rawcc and tif_rawcp members. Reported as MSVR 35095, aka "TIFFFlushData1 heap-buffer-overflow."
CVE-2016-9535
tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow."
CVE-2016-9536
tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers in t2p_process_jpeg_strip(). Reported as MSVR 35098, aka "t2p_process_jpeg_strip heap-buffer-overflow."
CVE-2016-9537
tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in buffers. Reported as MSVR 35093, MSVR 35096, and MSVR 35097.
CVE-2016-9540
tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled images with odd tile width versus image width. Reported as MSVR 35103, aka "cpStripToTile heap-buffer-overflow."
Additional Info: 

N/A

Download: 

SRPMS
  1. libtiff-4.0.3-27.el7.src.rpm
    MD5: 6da0a04cce6b8973f79420e5a390ff19
    SHA-256: 4e9d68a0c56ffe999c54fdd628842005fb3b2945cb262d0fc8c49f9c21eb18f0
    Size: 2.01 MB

Asianux Server 7 for x86_64
  1. libtiff-4.0.3-27.el7.x86_64.rpm
    MD5: 0a5cfecf0bf59e7037f726a5f5f15f0b
    SHA-256: 5f3074a771bd469c64c56a299d0b134b6ac324787168149ed26990e7fbfe8431
    Size: 168.71 kB
  2. libtiff-devel-4.0.3-27.el7.x86_64.rpm
    MD5: 81c05867602fbaef0e1500f1e5fbbd3a
    SHA-256: 16d4a5c2602f3f6e745d5348a3fbcd242c0e5ab467af6bc2e6d101bbfb57dc32
    Size: 471.84 kB
  3. libtiff-4.0.3-27.el7.i686.rpm
    MD5: b3bfbc254e5c85faaa01d67153c64f47
    SHA-256: 64c8c10eb4f8d6b35e9ddeb0dac11e92a460ead6a28a2af5b3d637deea6e1db5
    Size: 171.38 kB
  4. libtiff-devel-4.0.3-27.el7.i686.rpm
    MD5: 21681ca791c4305308cce7d661f24e3c
    SHA-256: e3addc414671a64fb85ccd985c4d41480c21743c46a0256e73c63a8425fa4a93
    Size: 471.87 kB