Important CentOS libtiff Security Update

Metadata

high
7.5
libtiff-3.9.4-18.el6_8.i686.rpm, libtiff-3.9.4-18.el6_8.src.rpm, libtiff-3.9.4-18.el6_8.x86_64.rpm, libtiff-devel-3.9.4-18.el6_8.i686.rpm, libtiff-devel-3.9.4-18.el6_8.x86_64.rpm, libtiff-static-3.9.4-18.el6_8.i686.rpm, libtiff-static-3.9.4-18.el6_8.x86_64.rpm
CVE-2014-8127, CVE-2014-8129, CVE-2014-8130, CVE-2014-9330, CVE-2014-9655, CVE-2015-1547, CVE-2015-7554, CVE-2015-8665, CVE-2015-8668, CVE-2015-8683, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783, CVE-2015-8784, CVE-2016-3632, CVE-2016-3945, CVE-2016-3990, CVE-2016-3991, CVE-2016-5320
rhn.redhat.com, lists.centos.org
2016-08-02
2017-07-27 19:11
v3.4/main/tiff-4.0.7-r0
ALAS-2016-733
ALAS-2015-553
ALAS-2016-734
Important CentOS libtiff Security Update
CVE-2015-8781 tiff
CVE-2014-8130 tiff
CVE-2016-3990 tiff3
CVE-2016-3990 tiff
CVE-2015-8784 tiff
CVE-2015-8683 tiff3
CVE-2015-8783 tiff
CVE-2016-5320 tiff
CVE-2014-8130 tiff3
CVE-2015-8683 tiff
CVE-2015-8782 tiff
CVE-2015-7554 tiff3
CVE-2016-5320 tiff3
CVE-2016-3991 tiff3
CVE-2015-8668 tiff
CVE-2015-8782 tiff3
CVE-2015-8665 tiff
CVE-2014-8127 tiff3
CVE-2014-8127 tiff
CVE-2015-8781 tiff3
CVE-2015-7554 tiff
CVE-2015-8784 tiff3
CVE-2015-8783 tiff3
CVE-2014-9330 tiff
CVE-2014-9655 tiff
CVE-2014-8129 tiff
CVE-2016-3945 tiff
CVE-2016-3991 tiff
CVE-2016-3632 tiff
CVE-2016-3632 tiff3
CVE-2015-1547 tiff
CVE-2015-8668 tiff3
CVE-2014-9330 tiff3
CVE-2016-3945 tiff3
CVE-2014-9655 tiff3
CVE-2015-8665 tiff3
CVE-2014-8129 tiff3
CVE-2015-1547 tiff3
CVE-2014-8129
CVE-2016-3991
CVE-2014-9330
CVE-2015-7554
CVE-2015-8668
CVE-2015-1547
CVE-2015-8784
CVE-2016-3990
CVE-2016-3945
CVE-2015-8783
CVE-2014-8127
CVE-2015-8781
CVE-2015-8665
CVE-2015-8782
CVE-2016-5320
CVE-2014-8130
CVE-2015-8683
CVE-2014-9655
CVE-2016-3632
2017-04-14 09:03
2017-04-01 19:10
2017-01-05 20:14

Description


An update for libtiff is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.

Security Fix(es):

* Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files. (CVE-2014-9655, CVE-2015-1547, CVE-2015-8784, CVE-2015-8683, CVE-2015-8665, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783, CVE-2016-3990, CVE-2016-5320)

* Multiple flaws have been discovered in various libtiff tools (bmp2tiff, pal2rgb, thumbnail, tiff2bw, tiff2pdf, tiffcrop, tiffdither, tiffsplit, tiff2rgba). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool. (CVE-2014-8127, CVE-2014-8129, CVE-2014-8130, CVE-2014-9330, CVE-2015-7554, CVE-2015-8668, CVE-2016-3632, CVE-2016-3945, CVE-2016-3991)
Please see https://www.redhat.com/footer/terms-of-use.html

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
6 libtiff libtiff-3.9.4-18.el6_8.i686.rpm
libtiff libtiff-3.9.4-18.el6_8.src.rpm
libtiff libtiff-3.9.4-18.el6_8.x86_64.rpm
libtiff-devel libtiff-devel-3.9.4-18.el6_8.i686.rpm
libtiff-devel libtiff-devel-3.9.4-18.el6_8.x86_64.rpm
libtiff-static libtiff-static-3.9.4-18.el6_8.i686.rpm
libtiff-static libtiff-static-3.9.4-18.el6_8.x86_64.rpm