SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   LibTIFF Vendors:   libtiff.org
(Oracle Issues Fix for Oracle Linux) LibTIFF Integer Overflow in bmp2tiff Lets Remote Users Deny Service
SecurityTracker Alert ID:  1036504
SecurityTracker URL:  http://securitytracker.com/id/1036504
CVE Reference:   CVE-2014-9330   (Links to External Site)
Date:  Aug 2 2016
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 4.0.3; possibly prior versions
Description:   A vulnerability was reported in LibTIFF. A remote user can cause denial of service conditions.

A remote user can send a specially crafted BMP image that, when processed by the library, will trigger an integer overflow in bmp2tiff and cause the target application to crash.

Paris Zoumpouloglou of Project Zero labs reported this vulnerability.

Impact:   A remote user can cause the target application to crash.
Solution:   Oracle has issued a fix.

The Oracle Linux advisory is available at:

http://linux.oracle.com/errata/ELSA-2016-1547.html

Vendor URL:  linux.oracle.com/errata/ELSA-2016-1547.html (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Oracle)
Underlying OS Comments:  6

Message History:   This archive entry is a follow-up to the message listed below.
Dec 24 2014 LibTIFF Integer Overflow in bmp2tiff Lets Remote Users Deny Service



 Source Message Contents

Subject:  [El-errata] ELSA-2016-1547 Important: Oracle Linux 6 libtiff security update

Oracle Linux Security Advisory ELSA-2016-1547

http://linux.oracle.com/errata/ELSA-2016-1547.html

The following updated rpms for Oracle Linux 6 have been uploaded to the 
Unbreakable Linux Network:

i386:
libtiff-3.9.4-18.el6_8.i686.rpm
libtiff-devel-3.9.4-18.el6_8.i686.rpm
libtiff-static-3.9.4-18.el6_8.i686.rpm

x86_64:
libtiff-3.9.4-18.el6_8.i686.rpm
libtiff-3.9.4-18.el6_8.x86_64.rpm
libtiff-devel-3.9.4-18.el6_8.i686.rpm
libtiff-devel-3.9.4-18.el6_8.x86_64.rpm
libtiff-static-3.9.4-18.el6_8.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/libtiff-3.9.4-18.el6_8.src.rpm



Description of changes:

[3.9.4-18]
- Update patch for CVE-2014-8127
- Related: #1335099

[3.9.4-17]
- Fix patches for CVE-2016-3990 and CVE-2016-5320
- Related: #1335099

[3.9.4-16]
- Add patches for CVEs:
- CVE-2016-3632 CVE-2016-3945 CVE-2016-3990
- CVE-2016-3991 CVE-2016-5320
- Related: #1335099

[3.9.4-15]
- Update patch for CVE-2014-8129
- Related: #1335099

[3.9.4-14]
- Merge previously released fixes for CVEs:
- CVE-2013-1960 CVE-2013-1961 CVE-2013-4231
- CVE-2013-4232 CVE-2013-4243 CVE-2013-4244
- Resolves: #1335099

[3.9.4-13]
- Patch typos in CVE-2014-8127
- Related: #1299919

[3.9.4-12]
- Fix CVE-2014-8127 and CVE-2015-8668 patches
- Related: #1299919

[3.9.4-11]
- Fixed patches on preview CVEs
- Related: #1299919


_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC