libtiff-3.9.4-21.AXS4

エラータID: AXSA:2017-1285:01

Release date: 
Monday, February 6, 2017 - 09:39
Subject: 
libtiff-3.9.4-21.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
Moderate
Description: 

The libtiff package contains a library of functions for manipulating
TIFF (Tagged Image File Format) image format files. TIFF is a widely
used file format for bitmapped images. TIFF files usually end in the
.tif extension and they are often quite large.

The libtiff package should be installed if you need to manipulate TIFF
format image files.

Security issues fixed with this release:

CVE-2015-8870
Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows
remote attackers to cause a denial of service (heap-based buffer
over-read), or possibly obtain sensitive information from process
memory, via crafted width and length values in RLE4 or RLE8 data in a
BMP file.
CVE-2016-5652
An exploitable heap-based buffer overflow exists in the handling of
TIFF images in LibTIFF's TIFF2PDF tool. A crafted TIFF document can
lead to a heap-based buffer overflow resulting in remote code
execution. Vulnerability can be triggered via a saved TIFF file
delivered by other means.
CVE-2016-9533
tif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities
in heap allocated buffers. Reported as MSVR 35094, aka "PixarLog
horizontalDifference heap-buffer-overflow."
CVE-2016-9534
tif_write.c in libtiff 4.0.6 has an issue in the error code path of
TIFFFlushData1() that didn't reset the tif_rawcc and tif_rawcp members.
Reported as MSVR 35095, aka "TIFFFlushData1 heap-buffer-overflow."
CVE-2016-9535
tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that
can lead to assertion failures in debug mode, or buffer overflows in
release mode, when dealing with unusual tile size like YCbCr with
subsampling. Reported as MSVR 35105, aka "Predictor
heap-buffer-overflow."
CVE-2016-9536
tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write
vulnerabilities in heap allocated buffers in t2p_process_jpeg_strip().
Reported as MSVR 35098, aka "t2p_process_jpeg_strip
heap-buffer-overflow."
CVE-2016-9537
tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds write
vulnerabilities in buffers. Reported as MSVR 35093, MSVR 35096, and
MSVR 35097.
CVE-2016-9540
tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled
images with odd tile width versus image width. Reported as MSVR 35103,
aka "cpStripToTile heap-buffer-overflow."

Solution: 

Update packages.

CVEs: 
CVE-2015-8870
Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows remote attackers to cause a denial of service (heap-based buffer over-read), or possibly obtain sensitive information from process memory, via crafted width and length values in RLE4 or RLE8 data in a BMP file.
CVE-2016-5652
An exploitable heap-based buffer overflow exists in the handling of TIFF images in LibTIFF's TIFF2PDF tool. A crafted TIFF document can lead to a heap-based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved TIFF file delivered by other means.
CVE-2016-9533
tif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers. Reported as MSVR 35094, aka "PixarLog horizontalDifference heap-buffer-overflow."
CVE-2016-9534
tif_write.c in libtiff 4.0.6 has an issue in the error code path of TIFFFlushData1() that didn't reset the tif_rawcc and tif_rawcp members. Reported as MSVR 35095, aka "TIFFFlushData1 heap-buffer-overflow."
CVE-2016-9535
tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow."
CVE-2016-9536
tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers in t2p_process_jpeg_strip(). Reported as MSVR 35098, aka "t2p_process_jpeg_strip heap-buffer-overflow."
CVE-2016-9537
tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in buffers. Reported as MSVR 35093, MSVR 35096, and MSVR 35097.
CVE-2016-9540
tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled images with odd tile width versus image width. Reported as MSVR 35103, aka "cpStripToTile heap-buffer-overflow."
Additional Info: 

N/A

Download: 

SRPMS
  1. libtiff-3.9.4-21.AXS4.src.rpm
    MD5: c89f6b538f529733b6e0e8d350d45fe4
    SHA-256: cefbd5d271d6812bd19743a716802478e9933c70780d4dbe8b7c0b8b4d1a7a92
    Size: 1.43 MB

Asianux Server 4 for x86
  1. libtiff-3.9.4-21.AXS4.i686.rpm
    MD5: 4fee6a48ad282a47ac07c1c1138f4dce
    SHA-256: 359ff281ee05a4e304e029d2c35eccfa544397e8dcf2c656091093117a10dfcb
    Size: 341.73 kB
  2. libtiff-devel-3.9.4-21.AXS4.i686.rpm
    MD5: 4df660c05bc781a331f190ee5fe22c2f
    SHA-256: 3b93a973b14b36ba8f75cfa45282fdfafa47e3e6622813a92fc474684c4792a0
    Size: 469.55 kB

Asianux Server 4 for x86_64
  1. libtiff-3.9.4-21.AXS4.x86_64.rpm
    MD5: e19a006d541ee30529abe932e9b3267d
    SHA-256: 600d388f9ab2dcd94429ec37622c05ed2725f7b988f370f279e2602d9f17767f
    Size: 345.17 kB
  2. libtiff-devel-3.9.4-21.AXS4.x86_64.rpm
    MD5: c380bd1915590f7e80c2999c526f8ede
    SHA-256: 79d54926839c9728e68060eb8c57cdfa79556cb23e436022b8de1840c527ff4b
    Size: 469.12 kB
  3. libtiff-3.9.4-21.AXS4.i686.rpm
    MD5: 4fee6a48ad282a47ac07c1c1138f4dce
    SHA-256: 359ff281ee05a4e304e029d2c35eccfa544397e8dcf2c656091093117a10dfcb
    Size: 341.73 kB
  4. libtiff-devel-3.9.4-21.AXS4.i686.rpm
    MD5: 4df660c05bc781a331f190ee5fe22c2f
    SHA-256: 3b93a973b14b36ba8f75cfa45282fdfafa47e3e6622813a92fc474684c4792a0
    Size: 469.55 kB