Alerts This Week
Warning Icon 1 684
Alerts This Week
Warning Icon 1 684

Fedora 25: libtiff Security Advisory for Critical Threats

fedora
Calendar Grey April 14, 2017
Dist Fedora Esm H88
Essential enhancements for libtiff to tackle various security vulnerabilities, promoting more secure handling of TIFF image files in Fedora.
Security fix for: * **CVE-2017-7592** * **CVE-2017-7593** * **CVE-2017-7594** * **CVE-2017-7595** * **CVE-2017-7596** * **CVE-2017-7597** * **CVE-2017-7598** * **CVE-2017-7599** * ...

Summary

The libtiff package contains a library of functions for manipulating

TIFF (Tagged Image File Format) image format files. TIFF is a widely

used file format for bitmapped images. TIFF files usually end in the

.tif extension and they are often quite large.

The libtiff package should be installed if you need to manipulate TIFF

format image files.

Security fix for: * **CVE-2017-7592** * **CVE-2017-7593** * **CVE-2017-7594** *

**CVE-2017-7595** * **CVE-2017-7596** * **CVE-2017-7597** * **CVE-2017-7598** *

**CVE-2017-7599** * **CVE-2017-7600** * **CVE-2017-7601** * **CVE-2017-7602**

[ 1 ] Bug #1441263 - CVE-2017-7602 libtiff: Signed integer overflow in tif_read.c

https://bugzilla.redhat.com/show_bug.cgi?id=1441263

[ 2 ] Bug #1441261 - CVE-2017-7601 libtiff: Signed integer overflow in tif_jpeg.c

https://bugzilla.redhat.com/show_bug.cgi?id=1441261

[ 3 ] Bug #1441260 - CVE-2017-7600 libtiff: Unsigned char out of range in tif_dirwrite.c

https://bugzilla.redhat.com/show_bug.cgi?id=1441260

[ 4 ] Bug #1441259 - CVE-2017-7599 libtiff: Unsigned short out of range in tif_dirwrite.c

https://bugzilla.redhat.com/show_bug.cgi?id=1441259

[ 5 ] Bug #1441254 - CVE-2017-7598 libtiff: Divide-by-zero in tif_dirread.c

https://bugzilla.redhat.com/show_bug.cgi?id=1441254

[ 6 ] Bug #1441252 - CVE-2017-7597 libtiff: Float out of range issue in tif_dirread.c

https://bugzilla.redhat.com/show_bug.cgi?id=1441252

[ 7 ] Bug #1441250 - CVE-2017-7596 libtiff: Float out of range issue in tif_dir.c

https://bugzilla.redhat.com/show_bug.cgi?id=1441250

[ 8 ] Bug #1441248 - CVE-2017-7595 libtiff: Divide-by-zero in JPEGSetupEncode (tiff_jpeg.c)

https://bugzilla.redhat.com/show_bug.cgi?id=1441248

[ 9 ] Bug #1441247 - CVE-2017-7594 libtiff: Memory leak in OJPEGReadHeaderInfoSecTablesDcTable function

https://bugzilla.redhat.com/show_bug.cgi?id=1441247

[ 10 ] Bug #1441246 - CVE-2017-7593 libtiff: tif_rawdata not properly initialized in tif_read.c

https://bugzilla.redhat.com/show_bug.cgi?id=1441246

[ 11 ] Bug #1441240 - CVE-2017-7592 libtiff: Left shift of unsigned char without a cast

https://bugzilla.redhat.com/show_bug.cgi?id=1441240

su -c 'dnf upgrade libtiff' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Topics%20covered

Topics Covered

security advisory critical issue software update Fedora security fix libtiff image format

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 25
Version: 4.0.7
Release: 5.fc25
URL: http://www.simplesystems.org/libtiff/
Summary: Library of functions for manipulating TIFF format image files

Topics%20covered

Topics Covered

security advisory critical issue software update Fedora security fix libtiff image format

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here