SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   LibTIFF Vendors:   libtiff.org
(Oracle Issues Fix for Oracle Linux) LibTIFF Integer Overflow in bmp2tiff Lets Remote Users Deny Service
SecurityTracker Alert ID:  1036505
SecurityTracker URL:  http://securitytracker.com/id/1036505
CVE Reference:   CVE-2014-9330   (Links to External Site)
Date:  Aug 2 2016
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 4.0.3; possibly prior versions
Description:   A vulnerability was reported in LibTIFF. A remote user can cause denial of service conditions.

A remote user can send a specially crafted BMP image that, when processed by the library, will trigger an integer overflow in bmp2tiff and cause the target application to crash.

Paris Zoumpouloglou of Project Zero labs reported this vulnerability.

Impact:   A remote user can cause the target application to crash.
Solution:   Oracle has issued a fix.

The Oracle Linux advisory is available at:

http://linux.oracle.com/errata/ELSA-2016-1546.html

Vendor URL:  linux.oracle.com/errata/ELSA-2016-1546.html (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Oracle)
Underlying OS Comments:  7

Message History:   This archive entry is a follow-up to the message listed below.
Dec 24 2014 LibTIFF Integer Overflow in bmp2tiff Lets Remote Users Deny Service



 Source Message Contents

Subject:  [El-errata] ELSA-2016-1546 Important: Oracle Linux 7 libtiff security update

Oracle Linux Security Advisory ELSA-2016-1546

http://linux.oracle.com/errata/ELSA-2016-1546.html

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
libtiff-4.0.3-25.el7_2.i686.rpm
libtiff-4.0.3-25.el7_2.x86_64.rpm
libtiff-devel-4.0.3-25.el7_2.i686.rpm
libtiff-devel-4.0.3-25.el7_2.x86_64.rpm
libtiff-static-4.0.3-25.el7_2.i686.rpm
libtiff-static-4.0.3-25.el7_2.x86_64.rpm
libtiff-tools-4.0.3-25.el7_2.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/libtiff-4.0.3-25.el7_2.src.rpm



Description of changes:

[4.0.3-25]
- Add patches for CVEs:
   CVE-2015-7554, CVE-2015-8683, CVE-2015-8665,
   CVE-2015-8781, CVE-2015-8782, CVE-2015-8783,
   CVE-2015-8784
- Related: #1299920

[4.0.3-24]
- Update patches for CVEs:
   CVE-2014-8127, CVE-2014-8130
- Related: #1299920

[4.0.3-23]
- Update patches:
   CVE-2014-9330, CVE-2014-8127, CVE-2014-8129
   CVE-2014-8130
- Related: #1299920

[4.0.3-22]
- Update patch for CVE-2015-8668
- Related: #1299920

[4.0.3-21]
- Remove patches for CVEs:
   CVE-2014-8127, CVE-2014-8129, CVE-2014-8130,
   CVE-2014-9330, CVE-2015-7554, CVE-2015-8665,
   CVE-2015-8683, CVE-2015-8781, CVE-2015-8784
- Add patches for CVEs:
   CVE-2016-3632, CVE-2016-3945, CVE-2016-3990,
   CVE-2016-3991, CVE-2016-5320
- Update patches for CVEs:
   CVE-2014-9655, CVE-2015-1547, CVE-2015-8668
- Related: #1299920

[4.0.3-20]
- CVE-2014-8127 should contain only two fixes
- Related: #1299920

[4.0.3-19]
- Revert previous patch CVE-2014-8127
- Related: #1299920

[4.0.3-18]
- Fix patch CVE-2014-8127. Wrongly applied
- Related: #1299920

[4.0.3-17]
- Fix patch CVE-2015-8668. Wrongly applied by me
- Related: #1299920

[4.0.3-16]
- Fixed patches on preview CVEs
- Related: #1299920

[4.0.3-15]
- This resolves several CVEs
- CVE-2014-8127, CVE-2014-8129, CVE-2014-8130
- CVE-2014-9330, CVE-2014-9655, CVE-2015-8781
- CVE-2015-8784, CVE-2015-1547, CVE-2015-8683
- CVE-2015-8665, CVE-2015-7554, CVE-2015-8668
- Resolves: #1299920


_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC