- Issued:
- 2016-08-02
- Updated:
- 2016-08-02
RHSA-2016:1547 - Security Advisory
Synopsis
Important: libtiff security update
Type/Severity
Security Advisory: Important
Topic
An update for libtiff is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.
Security Fix(es):
- Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files. (CVE-2014-9655, CVE-2015-1547, CVE-2015-8784, CVE-2015-8683, CVE-2015-8665, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783, CVE-2016-3990, CVE-2016-5320)
- Multiple flaws have been discovered in various libtiff tools (bmp2tiff, pal2rgb, thumbnail, tiff2bw, tiff2pdf, tiffcrop, tiffdither, tiffsplit, tiff2rgba). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool. (CVE-2014-8127, CVE-2014-8129, CVE-2014-8130, CVE-2014-9330, CVE-2015-7554, CVE-2015-8668, CVE-2016-3632, CVE-2016-3945, CVE-2016-3991)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running applications linked against libtiff must be restarted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux Server 6 x86_64
- Red Hat Enterprise Linux Server 6 i386
- Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
- Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
- Red Hat Enterprise Linux Workstation 6 x86_64
- Red Hat Enterprise Linux Workstation 6 i386
- Red Hat Enterprise Linux Desktop 6 x86_64
- Red Hat Enterprise Linux Desktop 6 i386
- Red Hat Enterprise Linux for IBM z Systems 6 s390x
- Red Hat Enterprise Linux for Power, big endian 6 ppc64
- Red Hat Enterprise Linux for Scientific Computing 6 x86_64
- Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6 s390x
Fixes
- BZ - 1177893 - CVE-2014-9330 libtiff: Out-of-bounds reads followed by a crash in bmp2tiff
- BZ - 1185805 - CVE-2014-8127 libtiff: out-of-bounds read with malformed TIFF image in multiple tools
- BZ - 1185815 - CVE-2014-8129 libtiff: out-of-bounds read/write with malformed TIFF image in tiff2pdf
- BZ - 1185817 - CVE-2014-8130 libtiff: divide by zero in the tiffdither tool
- BZ - 1190703 - CVE-2014-9655 libtiff: use of uninitialized memory in putcontig8bitYCbCr21tile and NeXTDecode
- BZ - 1190709 - CVE-2015-1547 libtiff: use of uninitialized memory in NeXTDecode
- BZ - 1294417 - CVE-2015-7554 libtiff: Invalid-write in _TIFFVGetField() when parsing some extension tags
- BZ - 1294425 - CVE-2015-8668 libtiff: OOB read in bmp2tiff
- BZ - 1294427 - CVE-2015-8683 libtiff: Out-of-bounds when reading CIE Lab image format files
- BZ - 1294444 - CVE-2015-8665 libtiff: Out-of-bounds read in tif_getimage.c
- BZ - 1301649 - CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 libtiff: invalid assertion
- BZ - 1301652 - CVE-2015-8784 libtiff: out-of-bound write in NeXTDecode()
- BZ - 1325093 - CVE-2016-3945 libtiff: out-of-bounds write in the tiff2rgba tool
- BZ - 1325095 - CVE-2016-3632 libtiff: out-of-bounds write in _TIFFVGetField function
- BZ - 1326246 - CVE-2016-3990 libtiff: out-of-bounds write in horizontalDifference8()
- BZ - 1326249 - CVE-2016-3991 libtiff: out-of-bounds write in loadImage() function
- BZ - 1346687 - CVE-2016-5320 libtiff: Out-of-bounds write in PixarLogDecode() function in tif_pixarlog.c
CVEs
- CVE-2014-8127
- CVE-2014-8129
- CVE-2014-8130
- CVE-2014-9330
- CVE-2014-9655
- CVE-2015-1547
- CVE-2015-7554
- CVE-2015-8665
- CVE-2015-8668
- CVE-2015-8683
- CVE-2015-8781
- CVE-2015-8782
- CVE-2015-8783
- CVE-2015-8784
- CVE-2016-3632
- CVE-2016-3945
- CVE-2016-3990
- CVE-2016-3991
- CVE-2016-5320
References
Red Hat Enterprise Linux Server 6
SRPM | |
---|---|
libtiff-3.9.4-18.el6_8.src.rpm | SHA-256: 01f51ba7654d9d86c29dfeb4901a2475b92019c557f40427b4198c62ecb37d06 |
x86_64 | |
libtiff-3.9.4-18.el6_8.i686.rpm | SHA-256: b0f900cfd24ad503ffd567e012cd0bc604bccd04e879cef075e52a3aadb81adc |
libtiff-3.9.4-18.el6_8.x86_64.rpm | SHA-256: 5b2cb1d62422bc905af65055fec52a38f72e57872558510b916ba8d939fbfdce |
libtiff-debuginfo-3.9.4-18.el6_8.i686.rpm | SHA-256: 11c1014448cc970f15064659223e59323dd51cf278e9d27c94a6fe1e50858f32 |
libtiff-debuginfo-3.9.4-18.el6_8.x86_64.rpm | SHA-256: 2571fec54c626161ba3519f329aa4c6a1cc8e7dcd84c7e235b6c67859c6b40a5 |
libtiff-debuginfo-3.9.4-18.el6_8.x86_64.rpm | SHA-256: 2571fec54c626161ba3519f329aa4c6a1cc8e7dcd84c7e235b6c67859c6b40a5 |
libtiff-devel-3.9.4-18.el6_8.i686.rpm | SHA-256: aa73cc54c65fb4fdd19073eda55e05e7bb7036bc804dc1de742cdd3922f831d1 |
libtiff-devel-3.9.4-18.el6_8.x86_64.rpm | SHA-256: 2642efecc7864cc0b3c6d7842847576c2f03817a3f0a9be99ca22f97677b1e68 |
libtiff-static-3.9.4-18.el6_8.x86_64.rpm | SHA-256: fb99e5415bb108965f4c7518f154ab318073e4aed1b66a07ed5426b2915aab3b |
i386 | |
libtiff-3.9.4-18.el6_8.i686.rpm | SHA-256: b0f900cfd24ad503ffd567e012cd0bc604bccd04e879cef075e52a3aadb81adc |
libtiff-debuginfo-3.9.4-18.el6_8.i686.rpm | SHA-256: 11c1014448cc970f15064659223e59323dd51cf278e9d27c94a6fe1e50858f32 |
libtiff-debuginfo-3.9.4-18.el6_8.i686.rpm | SHA-256: 11c1014448cc970f15064659223e59323dd51cf278e9d27c94a6fe1e50858f32 |
libtiff-devel-3.9.4-18.el6_8.i686.rpm | SHA-256: aa73cc54c65fb4fdd19073eda55e05e7bb7036bc804dc1de742cdd3922f831d1 |
libtiff-static-3.9.4-18.el6_8.i686.rpm | SHA-256: 75763e16196f534368225d4d06c06be58eac4643369877c46dd09ca9ee39f9cb |
Red Hat Enterprise Linux Server - Extended Life Cycle Support 6
SRPM | |
---|---|
libtiff-3.9.4-18.el6_8.src.rpm | SHA-256: 01f51ba7654d9d86c29dfeb4901a2475b92019c557f40427b4198c62ecb37d06 |
x86_64 | |
libtiff-3.9.4-18.el6_8.i686.rpm | SHA-256: b0f900cfd24ad503ffd567e012cd0bc604bccd04e879cef075e52a3aadb81adc |
libtiff-3.9.4-18.el6_8.x86_64.rpm | SHA-256: 5b2cb1d62422bc905af65055fec52a38f72e57872558510b916ba8d939fbfdce |
libtiff-debuginfo-3.9.4-18.el6_8.i686.rpm | SHA-256: 11c1014448cc970f15064659223e59323dd51cf278e9d27c94a6fe1e50858f32 |
libtiff-debuginfo-3.9.4-18.el6_8.x86_64.rpm | SHA-256: 2571fec54c626161ba3519f329aa4c6a1cc8e7dcd84c7e235b6c67859c6b40a5 |
libtiff-debuginfo-3.9.4-18.el6_8.x86_64.rpm | SHA-256: 2571fec54c626161ba3519f329aa4c6a1cc8e7dcd84c7e235b6c67859c6b40a5 |
libtiff-devel-3.9.4-18.el6_8.i686.rpm | SHA-256: aa73cc54c65fb4fdd19073eda55e05e7bb7036bc804dc1de742cdd3922f831d1 |
libtiff-devel-3.9.4-18.el6_8.x86_64.rpm | SHA-256: 2642efecc7864cc0b3c6d7842847576c2f03817a3f0a9be99ca22f97677b1e68 |
libtiff-static-3.9.4-18.el6_8.x86_64.rpm | SHA-256: fb99e5415bb108965f4c7518f154ab318073e4aed1b66a07ed5426b2915aab3b |
i386 | |
libtiff-3.9.4-18.el6_8.i686.rpm | SHA-256: b0f900cfd24ad503ffd567e012cd0bc604bccd04e879cef075e52a3aadb81adc |
libtiff-debuginfo-3.9.4-18.el6_8.i686.rpm | SHA-256: 11c1014448cc970f15064659223e59323dd51cf278e9d27c94a6fe1e50858f32 |
libtiff-debuginfo-3.9.4-18.el6_8.i686.rpm | SHA-256: 11c1014448cc970f15064659223e59323dd51cf278e9d27c94a6fe1e50858f32 |
libtiff-devel-3.9.4-18.el6_8.i686.rpm | SHA-256: aa73cc54c65fb4fdd19073eda55e05e7bb7036bc804dc1de742cdd3922f831d1 |
libtiff-static-3.9.4-18.el6_8.i686.rpm | SHA-256: 75763e16196f534368225d4d06c06be58eac4643369877c46dd09ca9ee39f9cb |
Red Hat Enterprise Linux Workstation 6
SRPM | |
---|---|
libtiff-3.9.4-18.el6_8.src.rpm | SHA-256: 01f51ba7654d9d86c29dfeb4901a2475b92019c557f40427b4198c62ecb37d06 |
x86_64 | |
libtiff-3.9.4-18.el6_8.i686.rpm | SHA-256: b0f900cfd24ad503ffd567e012cd0bc604bccd04e879cef075e52a3aadb81adc |
libtiff-3.9.4-18.el6_8.x86_64.rpm | SHA-256: 5b2cb1d62422bc905af65055fec52a38f72e57872558510b916ba8d939fbfdce |
libtiff-debuginfo-3.9.4-18.el6_8.i686.rpm | SHA-256: 11c1014448cc970f15064659223e59323dd51cf278e9d27c94a6fe1e50858f32 |
libtiff-debuginfo-3.9.4-18.el6_8.x86_64.rpm | SHA-256: 2571fec54c626161ba3519f329aa4c6a1cc8e7dcd84c7e235b6c67859c6b40a5 |
libtiff-debuginfo-3.9.4-18.el6_8.x86_64.rpm | SHA-256: 2571fec54c626161ba3519f329aa4c6a1cc8e7dcd84c7e235b6c67859c6b40a5 |
libtiff-devel-3.9.4-18.el6_8.i686.rpm | SHA-256: aa73cc54c65fb4fdd19073eda55e05e7bb7036bc804dc1de742cdd3922f831d1 |
libtiff-devel-3.9.4-18.el6_8.x86_64.rpm | SHA-256: 2642efecc7864cc0b3c6d7842847576c2f03817a3f0a9be99ca22f97677b1e68 |
libtiff-static-3.9.4-18.el6_8.x86_64.rpm | SHA-256: fb99e5415bb108965f4c7518f154ab318073e4aed1b66a07ed5426b2915aab3b |
i386 | |
libtiff-3.9.4-18.el6_8.i686.rpm | SHA-256: b0f900cfd24ad503ffd567e012cd0bc604bccd04e879cef075e52a3aadb81adc |
libtiff-debuginfo-3.9.4-18.el6_8.i686.rpm | SHA-256: 11c1014448cc970f15064659223e59323dd51cf278e9d27c94a6fe1e50858f32 |
libtiff-debuginfo-3.9.4-18.el6_8.i686.rpm | SHA-256: 11c1014448cc970f15064659223e59323dd51cf278e9d27c94a6fe1e50858f32 |
libtiff-devel-3.9.4-18.el6_8.i686.rpm | SHA-256: aa73cc54c65fb4fdd19073eda55e05e7bb7036bc804dc1de742cdd3922f831d1 |
libtiff-static-3.9.4-18.el6_8.i686.rpm | SHA-256: 75763e16196f534368225d4d06c06be58eac4643369877c46dd09ca9ee39f9cb |
Red Hat Enterprise Linux Desktop 6
SRPM | |
---|---|
libtiff-3.9.4-18.el6_8.src.rpm | SHA-256: 01f51ba7654d9d86c29dfeb4901a2475b92019c557f40427b4198c62ecb37d06 |
x86_64 | |
libtiff-3.9.4-18.el6_8.i686.rpm | SHA-256: b0f900cfd24ad503ffd567e012cd0bc604bccd04e879cef075e52a3aadb81adc |
libtiff-3.9.4-18.el6_8.x86_64.rpm | SHA-256: 5b2cb1d62422bc905af65055fec52a38f72e57872558510b916ba8d939fbfdce |
libtiff-debuginfo-3.9.4-18.el6_8.i686.rpm | SHA-256: 11c1014448cc970f15064659223e59323dd51cf278e9d27c94a6fe1e50858f32 |
libtiff-debuginfo-3.9.4-18.el6_8.i686.rpm | SHA-256: 11c1014448cc970f15064659223e59323dd51cf278e9d27c94a6fe1e50858f32 |
libtiff-debuginfo-3.9.4-18.el6_8.x86_64.rpm | SHA-256: 2571fec54c626161ba3519f329aa4c6a1cc8e7dcd84c7e235b6c67859c6b40a5 |
libtiff-debuginfo-3.9.4-18.el6_8.x86_64.rpm | SHA-256: 2571fec54c626161ba3519f329aa4c6a1cc8e7dcd84c7e235b6c67859c6b40a5 |
libtiff-devel-3.9.4-18.el6_8.i686.rpm | SHA-256: aa73cc54c65fb4fdd19073eda55e05e7bb7036bc804dc1de742cdd3922f831d1 |
libtiff-devel-3.9.4-18.el6_8.x86_64.rpm | SHA-256: 2642efecc7864cc0b3c6d7842847576c2f03817a3f0a9be99ca22f97677b1e68 |
libtiff-static-3.9.4-18.el6_8.x86_64.rpm | SHA-256: fb99e5415bb108965f4c7518f154ab318073e4aed1b66a07ed5426b2915aab3b |
i386 | |
libtiff-3.9.4-18.el6_8.i686.rpm | SHA-256: b0f900cfd24ad503ffd567e012cd0bc604bccd04e879cef075e52a3aadb81adc |
libtiff-debuginfo-3.9.4-18.el6_8.i686.rpm | SHA-256: 11c1014448cc970f15064659223e59323dd51cf278e9d27c94a6fe1e50858f32 |
libtiff-debuginfo-3.9.4-18.el6_8.i686.rpm | SHA-256: 11c1014448cc970f15064659223e59323dd51cf278e9d27c94a6fe1e50858f32 |
libtiff-devel-3.9.4-18.el6_8.i686.rpm | SHA-256: aa73cc54c65fb4fdd19073eda55e05e7bb7036bc804dc1de742cdd3922f831d1 |
libtiff-static-3.9.4-18.el6_8.i686.rpm | SHA-256: 75763e16196f534368225d4d06c06be58eac4643369877c46dd09ca9ee39f9cb |
Red Hat Enterprise Linux for IBM z Systems 6
SRPM | |
---|---|
libtiff-3.9.4-18.el6_8.src.rpm | SHA-256: 01f51ba7654d9d86c29dfeb4901a2475b92019c557f40427b4198c62ecb37d06 |
s390x | |
libtiff-3.9.4-18.el6_8.s390.rpm | SHA-256: 089b9a0a8dbb2d582155c794c75edd29970fe52bae0b4cf8180d89e4bbd408ee |
libtiff-3.9.4-18.el6_8.s390x.rpm | SHA-256: 4bbdf6ca62c102d442c461019a710b00fcf3ab4e47ce2e8cc8df23cc91962ef8 |
libtiff-debuginfo-3.9.4-18.el6_8.s390.rpm | SHA-256: 5522f40b8e06d97e5c3264d4da13434b456dc67031689075d5a5714679194ae9 |
libtiff-debuginfo-3.9.4-18.el6_8.s390x.rpm | SHA-256: 8323901150f1f892089e9f44db84acd1eb5f839441496ee4df71b4a1d82e2257 |
libtiff-debuginfo-3.9.4-18.el6_8.s390x.rpm | SHA-256: 8323901150f1f892089e9f44db84acd1eb5f839441496ee4df71b4a1d82e2257 |
libtiff-devel-3.9.4-18.el6_8.s390.rpm | SHA-256: e8b4650115a237d05c5206c4c2e9ee25ba75fefa4efe376dd6e41acf20d91455 |
libtiff-devel-3.9.4-18.el6_8.s390x.rpm | SHA-256: 5bd63a1d0b9f94d796abfbd2b91d831c4a12e4c71bd975dd26cfc575e2d0bd3b |
libtiff-static-3.9.4-18.el6_8.s390x.rpm | SHA-256: 5aae6ce013de8ebc11ea03ac2685f7a5a3ec8f61e64d3c0db1d44a922f5ebd65 |
Red Hat Enterprise Linux for Power, big endian 6
SRPM | |
---|---|
libtiff-3.9.4-18.el6_8.src.rpm | SHA-256: 01f51ba7654d9d86c29dfeb4901a2475b92019c557f40427b4198c62ecb37d06 |
ppc64 | |
libtiff-3.9.4-18.el6_8.ppc.rpm | SHA-256: 672edf0159917b513b502f5ac9fc2d806551f87d514ed10193108e138883d117 |
libtiff-3.9.4-18.el6_8.ppc64.rpm | SHA-256: 4b123def1d5c0caac7fd474d5e1e13f2567224955a5e85b3b38bc50e418ac589 |
libtiff-debuginfo-3.9.4-18.el6_8.ppc.rpm | SHA-256: 3928b1111d6381a4b7ecf67e683e25bf195f7c41aaedf34fa574ff1cb433386f |
libtiff-debuginfo-3.9.4-18.el6_8.ppc64.rpm | SHA-256: 4ca1ed81d7a380737f27f24ff64ac14d4c86bd88853844882f16794e97fac005 |
libtiff-debuginfo-3.9.4-18.el6_8.ppc64.rpm | SHA-256: 4ca1ed81d7a380737f27f24ff64ac14d4c86bd88853844882f16794e97fac005 |
libtiff-devel-3.9.4-18.el6_8.ppc.rpm | SHA-256: 41c57785fed0505162e350fa7bddc123abc6ba7c47653424be786507c422885c |
libtiff-devel-3.9.4-18.el6_8.ppc64.rpm | SHA-256: f96e5733b171b915441124c6292377cc7aabbfcde6afec14f0ecd4c20cc0cf41 |
libtiff-static-3.9.4-18.el6_8.ppc64.rpm | SHA-256: 12550d587b045e044a62394df207401fbdbf2c54f24484a9ac3c4be2b0cfbd24 |
Red Hat Enterprise Linux for Scientific Computing 6
SRPM | |
---|---|
libtiff-3.9.4-18.el6_8.src.rpm | SHA-256: 01f51ba7654d9d86c29dfeb4901a2475b92019c557f40427b4198c62ecb37d06 |
x86_64 | |
libtiff-3.9.4-18.el6_8.i686.rpm | SHA-256: b0f900cfd24ad503ffd567e012cd0bc604bccd04e879cef075e52a3aadb81adc |
libtiff-3.9.4-18.el6_8.x86_64.rpm | SHA-256: 5b2cb1d62422bc905af65055fec52a38f72e57872558510b916ba8d939fbfdce |
libtiff-debuginfo-3.9.4-18.el6_8.i686.rpm | SHA-256: 11c1014448cc970f15064659223e59323dd51cf278e9d27c94a6fe1e50858f32 |
libtiff-debuginfo-3.9.4-18.el6_8.i686.rpm | SHA-256: 11c1014448cc970f15064659223e59323dd51cf278e9d27c94a6fe1e50858f32 |
libtiff-debuginfo-3.9.4-18.el6_8.x86_64.rpm | SHA-256: 2571fec54c626161ba3519f329aa4c6a1cc8e7dcd84c7e235b6c67859c6b40a5 |
libtiff-debuginfo-3.9.4-18.el6_8.x86_64.rpm | SHA-256: 2571fec54c626161ba3519f329aa4c6a1cc8e7dcd84c7e235b6c67859c6b40a5 |
libtiff-devel-3.9.4-18.el6_8.i686.rpm | SHA-256: aa73cc54c65fb4fdd19073eda55e05e7bb7036bc804dc1de742cdd3922f831d1 |
libtiff-devel-3.9.4-18.el6_8.x86_64.rpm | SHA-256: 2642efecc7864cc0b3c6d7842847576c2f03817a3f0a9be99ca22f97677b1e68 |
libtiff-static-3.9.4-18.el6_8.x86_64.rpm | SHA-256: fb99e5415bb108965f4c7518f154ab318073e4aed1b66a07ed5426b2915aab3b |
Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6
SRPM | |
---|---|
libtiff-3.9.4-18.el6_8.src.rpm | SHA-256: 01f51ba7654d9d86c29dfeb4901a2475b92019c557f40427b4198c62ecb37d06 |
s390x | |
libtiff-3.9.4-18.el6_8.s390.rpm | SHA-256: 089b9a0a8dbb2d582155c794c75edd29970fe52bae0b4cf8180d89e4bbd408ee |
libtiff-3.9.4-18.el6_8.s390x.rpm | SHA-256: 4bbdf6ca62c102d442c461019a710b00fcf3ab4e47ce2e8cc8df23cc91962ef8 |
libtiff-debuginfo-3.9.4-18.el6_8.s390.rpm | SHA-256: 5522f40b8e06d97e5c3264d4da13434b456dc67031689075d5a5714679194ae9 |
libtiff-debuginfo-3.9.4-18.el6_8.s390x.rpm | SHA-256: 8323901150f1f892089e9f44db84acd1eb5f839441496ee4df71b4a1d82e2257 |
libtiff-debuginfo-3.9.4-18.el6_8.s390x.rpm | SHA-256: 8323901150f1f892089e9f44db84acd1eb5f839441496ee4df71b4a1d82e2257 |
libtiff-devel-3.9.4-18.el6_8.s390.rpm | SHA-256: e8b4650115a237d05c5206c4c2e9ee25ba75fefa4efe376dd6e41acf20d91455 |
libtiff-devel-3.9.4-18.el6_8.s390x.rpm | SHA-256: 5bd63a1d0b9f94d796abfbd2b91d831c4a12e4c71bd975dd26cfc575e2d0bd3b |
libtiff-static-3.9.4-18.el6_8.s390x.rpm | SHA-256: 5aae6ce013de8ebc11ea03ac2685f7a5a3ec8f61e64d3c0db1d44a922f5ebd65 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.