openSUSE Security Update : tiff (openSUSE-2017-515)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for tiff fixes the following issues :

Security issues fixed :

- CVE-2016-10272: LibTIFF 4.0.7 allows remote attackers to
cause a denial of service (heap-based buffer overflow)
or possibly have unspecified other impact via a crafted
TIFF image, related to 'WRITE of size 2048' and
libtiff/tif_next.c:64:9 (bsc#1031247).

- CVE-2016-10271: tools/tiffcrop.c in LibTIFF 4.0.7 allows
remote attackers to cause a denial of service
(heap-based buffer over-read and buffer overflow) or
possibly have unspecified other impact via a crafted
TIFF image, related to 'READ of size 1' and
libtiff/tif_fax3.c:413:13 (bsc#1031249).

- CVE-2016-10270: LibTIFF 4.0.7 allows remote attackers to
cause a denial of service (heap-based buffer over-read)
or possibly have unspecified other impact via a crafted
TIFF image, related to 'READ of size 8' and
libtiff/tif_read.c:523:22 (bsc#1031250).

- CVE-2016-10269: LibTIFF 4.0.7 allows remote attackers to
cause a denial of service (heap-based buffer over-read)
or possibly have unspecified other impact via a crafted
TIFF image, related to 'READ of size 512' and
libtiff/tif_unix.c:340:2 (bsc#1031254).

- CVE-2016-10268: tools/tiffcp.c in LibTIFF 4.0.7 allows
remote attackers to cause a denial of service (integer
underflow and heap-based buffer under-read) or possibly
have unspecified other impact via a crafted TIFF image,
related to 'READ of size 78490' and
libtiff/tif_unix.c:115:23 (bsc#1031255).

- CVE-2016-10267: LibTIFF 4.0.7 allows remote attackers to
cause a denial of service (divide-by-zero error and
application crash) via a crafted TIFF image, related to
libtiff/tif_ojpeg.c:816:8 (bsc#1031262).

- CVE-2016-10266: LibTIFF 4.0.7 allows remote attackers to
cause a denial of service (divide-by-zero error and
application crash) via a crafted TIFF image, related to
libtiff/tif_read.c:351:22. (bsc#1031263).

This update was imported from the SUSE:SLE-12:Update update project.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1031247
https://bugzilla.opensuse.org/show_bug.cgi?id=1031249
https://bugzilla.opensuse.org/show_bug.cgi?id=1031250
https://bugzilla.opensuse.org/show_bug.cgi?id=1031254
https://bugzilla.opensuse.org/show_bug.cgi?id=1031255
https://bugzilla.opensuse.org/show_bug.cgi?id=1031262
https://bugzilla.opensuse.org/show_bug.cgi?id=1031263

Solution :

Update the affected tiff packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 99704 ()

Bugtraq ID:

CVE ID: CVE-2016-10266
CVE-2016-10267
CVE-2016-10268
CVE-2016-10269
CVE-2016-10270
CVE-2016-10271
CVE-2016-10272

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now