SUSE SLES11 Security Update : tiff (SUSE-SU-2018:1472-1)

Medium Nessus Plugin ID 110258

Synopsis

The remote SUSE host is missing one or more security updates.

Description

This update for tiff fixes the following issues: Security issues fixed :

- CVE-2016-5315: The setByteArray function in tif_dir.c allowed remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image.
(bsc#984809)

- CVE-2016-10267: LibTIFF allowed remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_ojpeg.c:816:8. (bsc#1017694)

- CVE-2016-10269: LibTIFF allowed remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to 'READ of size 512' and libtiff/tif_unix.c:340:2. (bsc#1031254)

- CVE-2016-10270: LibTIFF allowed remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to 'READ of size 8' and libtiff/tif_read.c:523:22. (bsc#1031250)

- CVE-2017-18013: In LibTIFF, there was a NULL pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash.
(bsc#1074317)

- CVE-2017-7593: tif_read.c did not ensure that tif_rawdata is properly initialized, which might have allowed remote attackers to obtain sensitive information from process memory via a crafted image. (bsc#1033129)

- CVE-2017-7595: The JPEGSetupEncode function in tiff_jpeg.c allowed remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image. (bsc#1033127)

- CVE-2017-7596: LibTIFF had an 'outside the range of representable values of type float' undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033126)

- CVE-2017-7597: tif_dirread.c had an 'outside the range of representable values of type float' undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033120)

- CVE-2017-7599: LibTIFF had an 'outside the range of representable values of type short' undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033113)

- CVE-2017-7600: LibTIFF had an 'outside the range of representable values of type unsigned char' undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033112)

- CVE-2017-7601: LibTIFF had a 'shift exponent too large for 64-bit type long' undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033111)

- CVE-2017-7602: LibTIFF had a signed integer overflow, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
(bsc#1033109)

- Multiple divide by zero issues

- CVE-2016-5314: Buffer overflow in the PixarLogDecode function in tif_pixarlog.c allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr. (bsc#987351 bsc#984808 bsc#984831)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t patch sdksp4-tiff-13631=1

SUSE Linux Enterprise Server 11-SP4:zypper in -t patch slessp4-tiff-13631=1

SUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch dbgsp4-tiff-13631=1

See Also

https://bugzilla.suse.com/show_bug.cgi?id=1017694

https://bugzilla.suse.com/show_bug.cgi?id=1031250

https://bugzilla.suse.com/show_bug.cgi?id=1031254

https://bugzilla.suse.com/show_bug.cgi?id=1033109

https://bugzilla.suse.com/show_bug.cgi?id=1033111

https://bugzilla.suse.com/show_bug.cgi?id=1033112

https://bugzilla.suse.com/show_bug.cgi?id=1033113

https://bugzilla.suse.com/show_bug.cgi?id=1033120

https://bugzilla.suse.com/show_bug.cgi?id=1033126

https://bugzilla.suse.com/show_bug.cgi?id=1033127

https://bugzilla.suse.com/show_bug.cgi?id=1033129

https://bugzilla.suse.com/show_bug.cgi?id=1074317

https://bugzilla.suse.com/show_bug.cgi?id=984808

https://bugzilla.suse.com/show_bug.cgi?id=984809

https://bugzilla.suse.com/show_bug.cgi?id=984831

https://bugzilla.suse.com/show_bug.cgi?id=987351

https://www.suse.com/security/cve/CVE-2016-10267/

https://www.suse.com/security/cve/CVE-2016-10269/

https://www.suse.com/security/cve/CVE-2016-10270/

https://www.suse.com/security/cve/CVE-2016-5314/

https://www.suse.com/security/cve/CVE-2016-5315/

https://www.suse.com/security/cve/CVE-2017-18013/

https://www.suse.com/security/cve/CVE-2017-7593/

https://www.suse.com/security/cve/CVE-2017-7595/

https://www.suse.com/security/cve/CVE-2017-7596/

https://www.suse.com/security/cve/CVE-2017-7597/

https://www.suse.com/security/cve/CVE-2017-7599/

https://www.suse.com/security/cve/CVE-2017-7600/

https://www.suse.com/security/cve/CVE-2017-7601/

https://www.suse.com/security/cve/CVE-2017-7602/

http://www.nessus.org/u?f76228cb

Plugin Details

Severity: Medium

ID: 110258

File Name: suse_SU-2018-1472-1.nasl

Version: 1.5

Type: local

Agent: unix

Published: 2018/05/31

Updated: 2019/09/10

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:libtiff3, p-cpe:/a:novell:suse_linux:tiff, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2018/05/30

Vulnerability Publication Date: 2017/03/07

Reference Information

CVE: CVE-2016-10267, CVE-2016-10269, CVE-2016-10270, CVE-2016-5314, CVE-2016-5315, CVE-2017-18013, CVE-2017-7593, CVE-2017-7595, CVE-2017-7596, CVE-2017-7597, CVE-2017-7599, CVE-2017-7600, CVE-2017-7601, CVE-2017-7602