Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Scientific Linux 7: SLSA-2016:1546-1 Critical: LibTiff Remote Exploitation

Calendar Aug 03, 2016 User Avatar LinuxSecurity Advisories
1 - 2 min read
Scientific Large Esm H500
Topics%20covered

Topics Covered

security advisory remote execution important attack libtiff crash scientific linux
Important: libtiff security update 
Date: Wed, 3 Aug 2016 17:10:14 -0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Important: libtiff on SL7.x x86_64
MIME-Version: 1.0
Message-ID: <20160803171014.30302.90206@slpackages.fnal.gov>

Synopsis: Important: libtiff security update
Advisory ID: SLSA-2016:1546-1
Issue Date: 2016-08-02
CVE Numbers: CVE-2014-9330
 CVE-2014-8127
 CVE-2014-8129
 CVE-2014-8130
 CVE-2014-9655
 CVE-2015-1547
 CVE-2015-7554
 CVE-2015-8668
 CVE-2015-8683
 CVE-2015-8665
 CVE-2015-8781
 CVE-2015-8782
 CVE-2015-8783
 CVE-2015-8784
 CVE-2016-3945
 CVE-2016-3632
 CVE-2016-3990
 CVE-2016-3991
 CVE-2016-5320
--

Security Fix(es):

* Multiple flaws have been discovered in libtiff. A remote attacker could
exploit these flaws to cause a crash or memory corruption and, possibly,
execute arbitrary code by tricking an application linked against libtiff
into processing specially crafted files. (CVE-2014-9655, CVE-2015-1547,
CVE-2015-8784, CVE-2015-8683, CVE-2015-8665, CVE-2015-8781, CVE-2015-8782,
CVE-2015-8783, CVE-2016-3990, CVE-2016-5320)

* Multiple flaws have been discovered in various libtiff tools (bmp2tiff,
pal2rgb, thumbnail, tiff2bw, tiff2pdf, tiffcrop, tiffdither, tiffsplit,
tiff2rgba). By tricking a user into processing a specially crafted file, a
remote attacker could exploit these flaws to cause a crash or memory
corruption and, possibly, execute arbitrary code with the privileges of
the user running the libtiff tool. (CVE-2014-8127, CVE-2014-8129,
CVE-2014-8130, CVE-2014-9330, CVE-2015-7554, CVE-2015-8668, CVE-2016-3632,
CVE-2016-3945, CVE-2016-3991)
--

SL7
 x86_64
 libtiff-4.0.3-25.el7_2.i686.rpm
 libtiff-4.0.3-25.el7_2.x86_64.rpm
 libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm
 libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm
 libtiff-devel-4.0.3-25.el7_2.i686.rpm
 libtiff-devel-4.0.3-25.el7_2.x86_64.rpm
 libtiff-static-4.0.3-25.el7_2.i686.rpm
 libtiff-static-4.0.3-25.el7_2.x86_64.rpm
 libtiff-tools-4.0.3-25.el7_2.x86_64.rpm

- Scientific Linux Development Team

Related News

Your message here