LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

SCIENTIFIC-LINUX-ERRATA Archives

August 2016

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-ERRATA Home
	SCIENTIFIC-LINUX-ERRATA August 2016

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Security ERRATA Important: libtiff on SL7.x x86_64
From:	Pat Riehecky <[log in to unmask]>
Reply To:	[log in to unmask]
Date:	Wed, 3 Aug 2016 17:10:14 -0000
Content-Type:	text/plain
Parts/Attachments:	text/plain (57 lines)

Synopsis:          Important: libtiff security update

Advisory ID:       SLSA-2016:1546-1

Issue Date:        2016-08-02

CVE Numbers:       CVE-2014-9330

                   CVE-2014-8127

                   CVE-2014-8129

                   CVE-2014-8130

                   CVE-2014-9655

                   CVE-2015-1547

                   CVE-2015-7554

                   CVE-2015-8668

                   CVE-2015-8683

                   CVE-2015-8665

                   CVE-2015-8781

                   CVE-2015-8782

                   CVE-2015-8783

                   CVE-2015-8784

                   CVE-2016-3945

                   CVE-2016-3632

                   CVE-2016-3990

                   CVE-2016-3991

                   CVE-2016-5320

--



Security Fix(es):



* Multiple flaws have been discovered in libtiff. A remote attacker could

exploit these flaws to cause a crash or memory corruption and, possibly,

execute arbitrary code by tricking an application linked against libtiff

into processing specially crafted files. (CVE-2014-9655, CVE-2015-1547,

CVE-2015-8784, CVE-2015-8683, CVE-2015-8665, CVE-2015-8781, CVE-2015-8782,

CVE-2015-8783, CVE-2016-3990, CVE-2016-5320)



* Multiple flaws have been discovered in various libtiff tools (bmp2tiff,

pal2rgb, thumbnail, tiff2bw, tiff2pdf, tiffcrop, tiffdither, tiffsplit,

tiff2rgba). By tricking a user into processing a specially crafted file, a

remote attacker could exploit these flaws to cause a crash or memory

corruption and, possibly, execute arbitrary code with the privileges of

the user running the libtiff tool. (CVE-2014-8127, CVE-2014-8129,

CVE-2014-8130, CVE-2014-9330, CVE-2015-7554, CVE-2015-8668, CVE-2016-3632,

CVE-2016-3945, CVE-2016-3991)

--



SL7

  x86_64

    libtiff-4.0.3-25.el7_2.i686.rpm

    libtiff-4.0.3-25.el7_2.x86_64.rpm

    libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm

    libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm

    libtiff-devel-4.0.3-25.el7_2.i686.rpm

    libtiff-devel-4.0.3-25.el7_2.x86_64.rpm

    libtiff-static-4.0.3-25.el7_2.i686.rpm

    libtiff-static-4.0.3-25.el7_2.x86_64.rpm

    libtiff-tools-4.0.3-25.el7_2.x86_64.rpm



- Scientific Linux Development Team

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV