Описание
ELSA-2016-1547: libtiff security update (IMPORTANT)
[3.9.4-18]
- Update patch for CVE-2014-8127
- Related: #1335099
[3.9.4-17]
- Fix patches for CVE-2016-3990 and CVE-2016-5320
- Related: #1335099
[3.9.4-16]
- Add patches for CVEs:
- CVE-2016-3632 CVE-2016-3945 CVE-2016-3990
- CVE-2016-3991 CVE-2016-5320
- Related: #1335099
[3.9.4-15]
- Update patch for CVE-2014-8129
- Related: #1335099
[3.9.4-14]
- Merge previously released fixes for CVEs:
- CVE-2013-1960 CVE-2013-1961 CVE-2013-4231
- CVE-2013-4232 CVE-2013-4243 CVE-2013-4244
- Resolves: #1335099
[3.9.4-13]
- Patch typos in CVE-2014-8127
- Related: #1299919
[3.9.4-12]
- Fix CVE-2014-8127 and CVE-2015-8668 patches
- Related: #1299919
[3.9.4-11]
- Fixed patches on preview CVEs
- Related: #1299919
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
libtiff
3.9.4-18.el6_8
libtiff-devel
3.9.4-18.el6_8
libtiff-static
3.9.4-18.el6_8
Oracle Linux i686
libtiff
3.9.4-18.el6_8
libtiff-devel
3.9.4-18.el6_8
libtiff-static
3.9.4-18.el6_8
Oracle Linux sparc64
libtiff
3.9.4-18.el6_8
Ссылки на источники
Связанные уязвимости
The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff-cvs-1.tif and libtiff-cvs-2.tif.
The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff-cvs-1.tif and libtiff-cvs-2.tif.
The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff-cvs-1.tif and libtiff-cvs-2.tif.
The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeX ...