AXSA:2019-4119:01

リリース日: 
2019/08/20 Tuesday - 01:39
題名: 
compat-libtiff3-3.9.4-12.el7
影響のあるチャネル: 
Asianux Server 7 for x86_64
Severity: 
Low
Description: 

The compat-libtiff3 package provides libtiff 3, an older version of libtiff library for manipulating TIFF (Tagged Image File Format) image format files.

Security Fix(es):

* libtiff: NULL pointer dereference in tif_print.c:TIFFPrintDirectory() causes a denial of service (CVE-2018-7456)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 7.7 Release Notes linked from the References section.

CVE-2018-7456
A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.)

解決策: 

Update packages.

追加情報: 

N/A

ダウンロード: 

SRPMS
1. compat-libtiff3-3.9.4-12.el7.src.rpm
md5sum: a533c5bf75d22b85f83af000f1244b5d
sha256sum: a8f3cbb610ec931d3a66dd5623701cb7f435ac35100e788a9be0e9ba9c0789a1
Size: 1,433 Kb

Asianux Server 7.0 for x86_64
1. compat-libtiff3-3.9.4-12.el7.x86_64.rpm
md5sum: cd26515bd2d0e2d6614a3470a7c1a18d
sha256sum: 857b3ae0af342b9bd124a9cebf4808c2ab554cb91372884dc887f3e2fda7a9a4
Size: 134 Kb
2. compat-libtiff3-3.9.4-12.el7.i686.rpm
md5sum: e4dea01ac43b55beafedfd9530dc5c08
sha256sum: 31ea511188a12fb47e08bc4f4bb58bb6295331fbed5db4f89b95b87085136b9e
Size: 132 Kb
Copyright© 2007-2015 Asianux. All rights reserved.