Описание
ELSA-2016-1546: libtiff security update (IMPORTANT)
[4.0.3-25]
- Add patches for CVEs: CVE-2015-7554, CVE-2015-8683, CVE-2015-8665, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783, CVE-2015-8784
- Related: #1299920
[4.0.3-24]
- Update patches for CVEs: CVE-2014-8127, CVE-2014-8130
- Related: #1299920
[4.0.3-23]
- Update patches: CVE-2014-9330, CVE-2014-8127, CVE-2014-8129 CVE-2014-8130
- Related: #1299920
[4.0.3-22]
- Update patch for CVE-2015-8668
- Related: #1299920
[4.0.3-21]
- Remove patches for CVEs: CVE-2014-8127, CVE-2014-8129, CVE-2014-8130, CVE-2014-9330, CVE-2015-7554, CVE-2015-8665, CVE-2015-8683, CVE-2015-8781, CVE-2015-8784
- Add patches for CVEs: CVE-2016-3632, CVE-2016-3945, CVE-2016-3990, CVE-2016-3991, CVE-2016-5320
- Update patches for CVEs: CVE-2014-9655, CVE-2015-1547, CVE-2015-8668
- Related: #1299920
[4.0.3-20]
- CVE-2014-8127 should contain only two fixes
- Related: #1299920
[4.0.3-19]
- Revert previous patch CVE-2014-8127
- Related: #1299920
[4.0.3-18]
- Fix patch CVE-2014-8127. Wrongly applied
- Related: #1299920
[4.0.3-17]
- Fix patch CVE-2015-8668. Wrongly applied by me
- Related: #1299920
[4.0.3-16]
- Fixed patches on preview CVEs
- Related: #1299920
[4.0.3-15]
- This resolves several CVEs
- CVE-2014-8127, CVE-2014-8129, CVE-2014-8130
- CVE-2014-9330, CVE-2014-9655, CVE-2015-8781
- CVE-2015-8784, CVE-2015-1547, CVE-2015-8683
- CVE-2015-8665, CVE-2015-7554, CVE-2015-8668
- Resolves: #1299920
Обновленные пакеты
Oracle Linux 7
Oracle Linux x86_64
libtiff
4.0.3-25.el7_2
libtiff-devel
4.0.3-25.el7_2
libtiff-static
4.0.3-25.el7_2
libtiff-tools
4.0.3-25.el7_2
Ссылки на источники
Связанные уязвимости
LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tif_next.c in the tiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool.
LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tif_next.c in the tiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool.
LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tif_next.c in the tiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool.
LibTIFF 4.0.3 allows remote attackers to cause a denial of service (ou ...