Detections
Analytics
SUSE SLES11 Security Update : tiff (SUSE-SU-2018:1179-1)
critical Nessus Plugin ID 109674
Language:
Synopsis
The remote SUSE host is missing one or more security updates.Description
This update for tiff fixes the following issues :- CVE-2016-9453: The t2p_readwrite_pdf_image_tile function allowed remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a JPEG file with a TIFFTAG_JPEGTABLES of length one (bsc#1011107).
- CVE-2016-5652: An exploitable heap-based buffer overflow existed in the handling of TIFF images in the TIFF2PDF tool. A crafted TIFF document can lead to a heap-based buffer overflow resulting in remote code execution.
Vulnerability can be triggered via a saved TIFF file delivered by other means (bsc#1007280).
- CVE-2017-11335: There is a heap-based buffer overflow in tools/tiff2pdf.c via a PlanarConfig=Contig image, which caused a more than one hundred bytes out-of-bounds write (related to the ZIPDecode function in tif_zip.c). A crafted input may lead to a remote denial of service attack or an arbitrary code execution attack (bsc#1048937).
- CVE-2016-9536: tools/tiff2pdf.c had an out-of-bounds write vulnerabilities in heap allocated buffers in t2p_process_jpeg_strip(). Reported as MSVR 35098, aka 't2p_process_jpeg_strip heap-buffer-overflow.' (bsc#1011845)
- CVE-2017-9935: In LibTIFF, there was a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free. Given these possibilities, it probably could cause arbitrary code execution (bsc#1046077).
- CVE-2017-17973: There is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. (bsc#1074318)
- CVE-2015-7554: The _TIFFVGetField function in tif_dir.c allowed attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via crafted field data in an extension tag in a TIFF image (bsc#960341).
- CVE-2016-5318: Stack-based buffer overflow in the
_TIFFVGetField function allowed remote attackers to crash the application via a crafted tiff (bsc#983436).
- CVE-2016-10095: Stack-based buffer overflow in the
_TIFFVGetField function in tif_dir.c allowed remote attackers to cause a denial of service (crash) via a crafted TIFF file (bsc#1017690,).
- CVE-2016-10268: tools/tiffcp.c allowed remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF image, related to 'READ of size 78490' and libtiff/tif_unix.c:115:23 (bsc#1031255)
- An overlapping of memcpy parameters was fixed which could lead to content corruption (bsc#1017691).
- Fixed an invalid memory read which could lead to a crash (bsc#1017692).
- Fixed a NULL pointer dereference in TIFFReadRawData (tiffinfo.c) that could crash the decoder (bsc#1017688).
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
Solution
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'.Alternatively you can run the command listed for your product :
SUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t patch sdksp4-tiff-13594=1
SUSE Linux Enterprise Server 11-SP4:zypper in -t patch slessp4-tiff-13594=1
SUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch dbgsp4-tiff-13594=1
See Also
https://bugzilla.suse.com/show_bug.cgi?id=1007280
https://bugzilla.suse.com/show_bug.cgi?id=1011107
https://bugzilla.suse.com/show_bug.cgi?id=1011845
https://bugzilla.suse.com/show_bug.cgi?id=1017688
https://bugzilla.suse.com/show_bug.cgi?id=1017690
https://bugzilla.suse.com/show_bug.cgi?id=1017691
https://bugzilla.suse.com/show_bug.cgi?id=1017692
https://bugzilla.suse.com/show_bug.cgi?id=1031255
https://bugzilla.suse.com/show_bug.cgi?id=1046077
https://bugzilla.suse.com/show_bug.cgi?id=1048937
https://bugzilla.suse.com/show_bug.cgi?id=1074318
https://bugzilla.suse.com/show_bug.cgi?id=960341
https://bugzilla.suse.com/show_bug.cgi?id=983436
https://www.suse.com/security/cve/CVE-2015-7554/
https://www.suse.com/security/cve/CVE-2016-10095/
https://www.suse.com/security/cve/CVE-2016-10268/
https://www.suse.com/security/cve/CVE-2016-3945/
https://www.suse.com/security/cve/CVE-2016-5318/
https://www.suse.com/security/cve/CVE-2016-5652/
https://www.suse.com/security/cve/CVE-2016-9453/
https://www.suse.com/security/cve/CVE-2016-9536/
https://www.suse.com/security/cve/CVE-2017-11335/
https://www.suse.com/security/cve/CVE-2017-17973/
Plugin Details
Severity: Critical
ID: 109674
File Name: suse_SU-2018-1179-1.nasl
Version: 1.7
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 5/10/2018
Updated: 1/19/2021
Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 5.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 8.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:novell:suse_linux:libtiff3, p-cpe:/a:novell:suse_linux:tiff, cpe:/o:novell:suse_linux:11
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 5/9/2018
Vulnerability Publication Date: 1/8/2016
Reference Information
CVE: CVE-2015-7554, CVE-2016-10095, CVE-2016-10268, CVE-2016-3945, CVE-2016-5318, CVE-2016-5652, CVE-2016-9453, CVE-2016-9536, CVE-2017-11335, CVE-2017-17973, CVE-2017-9935