EulerOS 2.0 SP1 : compat-libtiff3 (EulerOS-SA-2017-1044)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote EulerOS host is missing multiple security updates.

Description :

According to the versions of the compat-libtiff3 package installed,
the EulerOS installation on the remote host is affected by the
following vulnerabilities :

- The (1) putcontig8bitYCbCr21tile function in
tif_getimage.c or (2) NeXTDecode function in tif_next.c
in LibTIFF allows remote attackers to cause a denial of
service (uninitialized memory access) via a crafted
TIFF image, as demonstrated by libtiff-cvs-1.tif and
libtiff-cvs-2.tif.(CVE-2014-8127,CVE-2014-8129,CVE-2014
-8130,CVE-2014-9655)

- A flaw was discovered in the bmp2tiff utility. By
tricking a user into processing a specially crafted
file, a remote attacker could exploit this flaw to
cause a crash or memory corruption and, possibly,
execute arbitrary code with the privileges of the user
running the libtiff
tool.(CVE-2014-9330,CVE-2015-7554,CVE-2015-8668,CVE-201
5-8665,CVE-2015-8781,CVE-2016-3632,CVE-2016-3945,CVE-20
16-3990,CVE-2016-3991,CVE-2016-5320,CVE-2016-5652,CVE-2
015-8683)

- tools/tiffcp.c in libtiff has an out-of-bounds write on
tiled images with odd tile width versus image width.
Reported as MSVR 35103, aka 'cpStripToTile
heap-buffer-overflow.'(CVE-2016-9540)

- tif_predict.h and tif_predict.c in libtiff have
assertions that can lead to assertion failures in debug
mode, or buffer overflows in release mode, when dealing
with unusual tile size like YCbCr with subsampling.
Reported as MSVR 35105, aka 'Predictor
heap-buffer-overflow.'(CVE-2016-9535,CVE-2016-9533,CVE-
2016-9534,CVE-2016-9536,CVE-2016-9537)

- The NeXTDecode function in tif_next.c in LibTIFF allows
remote attackers to cause a denial of service
(uninitialized memory access) via a crafted TIFF image,
as demonstrated by libtiff5.tif.(CVE-2015-1547)

- The NeXTDecode function in tif_next.c in LibTIFF allows
remote attackers to cause a denial of service
(out-of-bounds write) via a crafted TIFF image, as
demonstrated by libtiff5.tif.(CVE-2015-8784)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://www.nessus.org/u?a2ee1bff

Solution :

Update the affected compat-libtiff3 packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.0
(CVSS2#E:U/RL:OF/RC:UC)
Public Exploit Available : false