Red Hat Product Errata RHSA-2016:1547 - Security Advisory

Issued:: 2016-08-02
Updated:: 2016-08-02

RHSA-2016:1547 - Security Advisory

Overview
Updated Packages

Synopsis

Important: libtiff security update

Type/Severity

Security Advisory: Important

Topic

An update for libtiff is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.

Security Fix(es):

Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files. (CVE-2014-9655, CVE-2015-1547, CVE-2015-8784, CVE-2015-8683, CVE-2015-8665, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783, CVE-2016-3990, CVE-2016-5320)
Multiple flaws have been discovered in various libtiff tools (bmp2tiff, pal2rgb, thumbnail, tiff2bw, tiff2pdf, tiffcrop, tiffdither, tiffsplit, tiff2rgba). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool. (CVE-2014-8127, CVE-2014-8129, CVE-2014-8130, CVE-2014-9330, CVE-2015-7554, CVE-2015-8668, CVE-2016-3632, CVE-2016-3945, CVE-2016-3991)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running applications linked against libtiff must be restarted for this update to take effect.

Affected Products

Red Hat Enterprise Linux Server 6 x86_64
Red Hat Enterprise Linux Server 6 i386
Red Hat Enterprise Linux Workstation 6 x86_64
Red Hat Enterprise Linux Workstation 6 i386
Red Hat Enterprise Linux Desktop 6 x86_64
Red Hat Enterprise Linux Desktop 6 i386
Red Hat Enterprise Linux for IBM z Systems 6 s390x
Red Hat Enterprise Linux for Power, big endian 6 ppc64
Red Hat Enterprise Linux for Scientific Computing 6 x86_64

Fixes

BZ - 1177893 - CVE-2014-9330 libtiff: Out-of-bounds reads followed by a crash in bmp2tiff
BZ - 1185805 - CVE-2014-8127 libtiff: out-of-bounds read with malformed TIFF image in multiple tools
BZ - 1185815 - CVE-2014-8129 libtiff: out-of-bounds read/write with malformed TIFF image in tiff2pdf
BZ - 1185817 - CVE-2014-8130 libtiff: divide by zero in the tiffdither tool
BZ - 1190703 - CVE-2014-9655 libtiff: use of uninitialized memory in putcontig8bitYCbCr21tile and NeXTDecode
BZ - 1190709 - CVE-2015-1547 libtiff: use of uninitialized memory in NeXTDecode
BZ - 1294417 - CVE-2015-7554 libtiff: Invalid-write in _TIFFVGetField() when parsing some extension tags
BZ - 1294425 - CVE-2015-8668 libtiff: OOB read in bmp2tiff
BZ - 1294427 - CVE-2015-8683 libtiff: Out-of-bounds when reading CIE Lab image format files
BZ - 1294444 - CVE-2015-8665 libtiff: Out-of-bounds read in tif_getimage.c
BZ - 1301649 - CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 libtiff: invalid assertion
BZ - 1301652 - CVE-2015-8784 libtiff: out-of-bound write in NeXTDecode()
BZ - 1325093 - CVE-2016-3945 libtiff: out-of-bounds write in the tiff2rgba tool
BZ - 1325095 - CVE-2016-3632 libtiff: out-of-bounds write in _TIFFVGetField function
BZ - 1326246 - CVE-2016-3990 libtiff: out-of-bounds write in horizontalDifference8()
BZ - 1326249 - CVE-2016-3991 libtiff: out-of-bounds write in loadImage() function
BZ - 1346687 - CVE-2016-5320 libtiff: Out-of-bounds write in PixarLogDecode() function in tif_pixarlog.c

CVEs

References

http://www.redhat.com/security/updates/classification/#normal

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 6

SRPM
libtiff-3.9.4-18.el6_8.src.rpm	SHA-256: 01f51ba7654d9d86c29dfeb4901a2475b92019c557f40427b4198c62ecb37d06
x86_64
libtiff-3.9.4-18.el6_8.i686.rpm	SHA-256: b0f900cfd24ad503ffd567e012cd0bc604bccd04e879cef075e52a3aadb81adc
libtiff-3.9.4-18.el6_8.x86_64.rpm	SHA-256: 5b2cb1d62422bc905af65055fec52a38f72e57872558510b916ba8d939fbfdce
libtiff-debuginfo-3.9.4-18.el6_8.i686.rpm	SHA-256: 11c1014448cc970f15064659223e59323dd51cf278e9d27c94a6fe1e50858f32
libtiff-debuginfo-3.9.4-18.el6_8.x86_64.rpm	SHA-256: 2571fec54c626161ba3519f329aa4c6a1cc8e7dcd84c7e235b6c67859c6b40a5
libtiff-debuginfo-3.9.4-18.el6_8.x86_64.rpm	SHA-256: 2571fec54c626161ba3519f329aa4c6a1cc8e7dcd84c7e235b6c67859c6b40a5
libtiff-devel-3.9.4-18.el6_8.i686.rpm	SHA-256: aa73cc54c65fb4fdd19073eda55e05e7bb7036bc804dc1de742cdd3922f831d1
libtiff-devel-3.9.4-18.el6_8.x86_64.rpm	SHA-256: 2642efecc7864cc0b3c6d7842847576c2f03817a3f0a9be99ca22f97677b1e68
libtiff-static-3.9.4-18.el6_8.x86_64.rpm	SHA-256: fb99e5415bb108965f4c7518f154ab318073e4aed1b66a07ed5426b2915aab3b
i386
libtiff-3.9.4-18.el6_8.i686.rpm	SHA-256: b0f900cfd24ad503ffd567e012cd0bc604bccd04e879cef075e52a3aadb81adc
libtiff-debuginfo-3.9.4-18.el6_8.i686.rpm	SHA-256: 11c1014448cc970f15064659223e59323dd51cf278e9d27c94a6fe1e50858f32
libtiff-debuginfo-3.9.4-18.el6_8.i686.rpm	SHA-256: 11c1014448cc970f15064659223e59323dd51cf278e9d27c94a6fe1e50858f32
libtiff-devel-3.9.4-18.el6_8.i686.rpm	SHA-256: aa73cc54c65fb4fdd19073eda55e05e7bb7036bc804dc1de742cdd3922f831d1
libtiff-static-3.9.4-18.el6_8.i686.rpm	SHA-256: 75763e16196f534368225d4d06c06be58eac4643369877c46dd09ca9ee39f9cb

Red Hat Enterprise Linux Workstation 6

SRPM
libtiff-3.9.4-18.el6_8.src.rpm	SHA-256: 01f51ba7654d9d86c29dfeb4901a2475b92019c557f40427b4198c62ecb37d06
x86_64
libtiff-3.9.4-18.el6_8.i686.rpm	SHA-256: b0f900cfd24ad503ffd567e012cd0bc604bccd04e879cef075e52a3aadb81adc
libtiff-3.9.4-18.el6_8.x86_64.rpm	SHA-256: 5b2cb1d62422bc905af65055fec52a38f72e57872558510b916ba8d939fbfdce
libtiff-debuginfo-3.9.4-18.el6_8.i686.rpm	SHA-256: 11c1014448cc970f15064659223e59323dd51cf278e9d27c94a6fe1e50858f32
libtiff-debuginfo-3.9.4-18.el6_8.x86_64.rpm	SHA-256: 2571fec54c626161ba3519f329aa4c6a1cc8e7dcd84c7e235b6c67859c6b40a5
libtiff-debuginfo-3.9.4-18.el6_8.x86_64.rpm	SHA-256: 2571fec54c626161ba3519f329aa4c6a1cc8e7dcd84c7e235b6c67859c6b40a5
libtiff-devel-3.9.4-18.el6_8.i686.rpm	SHA-256: aa73cc54c65fb4fdd19073eda55e05e7bb7036bc804dc1de742cdd3922f831d1
libtiff-devel-3.9.4-18.el6_8.x86_64.rpm	SHA-256: 2642efecc7864cc0b3c6d7842847576c2f03817a3f0a9be99ca22f97677b1e68
libtiff-static-3.9.4-18.el6_8.x86_64.rpm	SHA-256: fb99e5415bb108965f4c7518f154ab318073e4aed1b66a07ed5426b2915aab3b
i386
libtiff-3.9.4-18.el6_8.i686.rpm	SHA-256: b0f900cfd24ad503ffd567e012cd0bc604bccd04e879cef075e52a3aadb81adc
libtiff-debuginfo-3.9.4-18.el6_8.i686.rpm	SHA-256: 11c1014448cc970f15064659223e59323dd51cf278e9d27c94a6fe1e50858f32
libtiff-debuginfo-3.9.4-18.el6_8.i686.rpm	SHA-256: 11c1014448cc970f15064659223e59323dd51cf278e9d27c94a6fe1e50858f32
libtiff-devel-3.9.4-18.el6_8.i686.rpm	SHA-256: aa73cc54c65fb4fdd19073eda55e05e7bb7036bc804dc1de742cdd3922f831d1
libtiff-static-3.9.4-18.el6_8.i686.rpm	SHA-256: 75763e16196f534368225d4d06c06be58eac4643369877c46dd09ca9ee39f9cb

Red Hat Enterprise Linux Desktop 6

SRPM
libtiff-3.9.4-18.el6_8.src.rpm	SHA-256: 01f51ba7654d9d86c29dfeb4901a2475b92019c557f40427b4198c62ecb37d06
x86_64
libtiff-3.9.4-18.el6_8.i686.rpm	SHA-256: b0f900cfd24ad503ffd567e012cd0bc604bccd04e879cef075e52a3aadb81adc
libtiff-3.9.4-18.el6_8.x86_64.rpm	SHA-256: 5b2cb1d62422bc905af65055fec52a38f72e57872558510b916ba8d939fbfdce
libtiff-debuginfo-3.9.4-18.el6_8.i686.rpm	SHA-256: 11c1014448cc970f15064659223e59323dd51cf278e9d27c94a6fe1e50858f32
libtiff-debuginfo-3.9.4-18.el6_8.i686.rpm	SHA-256: 11c1014448cc970f15064659223e59323dd51cf278e9d27c94a6fe1e50858f32
libtiff-debuginfo-3.9.4-18.el6_8.x86_64.rpm	SHA-256: 2571fec54c626161ba3519f329aa4c6a1cc8e7dcd84c7e235b6c67859c6b40a5
libtiff-debuginfo-3.9.4-18.el6_8.x86_64.rpm	SHA-256: 2571fec54c626161ba3519f329aa4c6a1cc8e7dcd84c7e235b6c67859c6b40a5
libtiff-devel-3.9.4-18.el6_8.i686.rpm	SHA-256: aa73cc54c65fb4fdd19073eda55e05e7bb7036bc804dc1de742cdd3922f831d1
libtiff-devel-3.9.4-18.el6_8.x86_64.rpm	SHA-256: 2642efecc7864cc0b3c6d7842847576c2f03817a3f0a9be99ca22f97677b1e68
libtiff-static-3.9.4-18.el6_8.x86_64.rpm	SHA-256: fb99e5415bb108965f4c7518f154ab318073e4aed1b66a07ed5426b2915aab3b
i386
libtiff-3.9.4-18.el6_8.i686.rpm	SHA-256: b0f900cfd24ad503ffd567e012cd0bc604bccd04e879cef075e52a3aadb81adc
libtiff-debuginfo-3.9.4-18.el6_8.i686.rpm	SHA-256: 11c1014448cc970f15064659223e59323dd51cf278e9d27c94a6fe1e50858f32
libtiff-debuginfo-3.9.4-18.el6_8.i686.rpm	SHA-256: 11c1014448cc970f15064659223e59323dd51cf278e9d27c94a6fe1e50858f32
libtiff-devel-3.9.4-18.el6_8.i686.rpm	SHA-256: aa73cc54c65fb4fdd19073eda55e05e7bb7036bc804dc1de742cdd3922f831d1
libtiff-static-3.9.4-18.el6_8.i686.rpm	SHA-256: 75763e16196f534368225d4d06c06be58eac4643369877c46dd09ca9ee39f9cb

Red Hat Enterprise Linux for IBM z Systems 6

SRPM
libtiff-3.9.4-18.el6_8.src.rpm	SHA-256: 01f51ba7654d9d86c29dfeb4901a2475b92019c557f40427b4198c62ecb37d06
s390x
libtiff-3.9.4-18.el6_8.s390.rpm	SHA-256: 089b9a0a8dbb2d582155c794c75edd29970fe52bae0b4cf8180d89e4bbd408ee
libtiff-3.9.4-18.el6_8.s390x.rpm	SHA-256: 4bbdf6ca62c102d442c461019a710b00fcf3ab4e47ce2e8cc8df23cc91962ef8
libtiff-debuginfo-3.9.4-18.el6_8.s390.rpm	SHA-256: 5522f40b8e06d97e5c3264d4da13434b456dc67031689075d5a5714679194ae9
libtiff-debuginfo-3.9.4-18.el6_8.s390x.rpm	SHA-256: 8323901150f1f892089e9f44db84acd1eb5f839441496ee4df71b4a1d82e2257
libtiff-debuginfo-3.9.4-18.el6_8.s390x.rpm	SHA-256: 8323901150f1f892089e9f44db84acd1eb5f839441496ee4df71b4a1d82e2257
libtiff-devel-3.9.4-18.el6_8.s390.rpm	SHA-256: e8b4650115a237d05c5206c4c2e9ee25ba75fefa4efe376dd6e41acf20d91455
libtiff-devel-3.9.4-18.el6_8.s390x.rpm	SHA-256: 5bd63a1d0b9f94d796abfbd2b91d831c4a12e4c71bd975dd26cfc575e2d0bd3b
libtiff-static-3.9.4-18.el6_8.s390x.rpm	SHA-256: 5aae6ce013de8ebc11ea03ac2685f7a5a3ec8f61e64d3c0db1d44a922f5ebd65

Red Hat Enterprise Linux for Power, big endian 6

SRPM
libtiff-3.9.4-18.el6_8.src.rpm	SHA-256: 01f51ba7654d9d86c29dfeb4901a2475b92019c557f40427b4198c62ecb37d06
ppc64
libtiff-3.9.4-18.el6_8.ppc.rpm	SHA-256: 672edf0159917b513b502f5ac9fc2d806551f87d514ed10193108e138883d117
libtiff-3.9.4-18.el6_8.ppc64.rpm	SHA-256: 4b123def1d5c0caac7fd474d5e1e13f2567224955a5e85b3b38bc50e418ac589
libtiff-debuginfo-3.9.4-18.el6_8.ppc.rpm	SHA-256: 3928b1111d6381a4b7ecf67e683e25bf195f7c41aaedf34fa574ff1cb433386f
libtiff-debuginfo-3.9.4-18.el6_8.ppc64.rpm	SHA-256: 4ca1ed81d7a380737f27f24ff64ac14d4c86bd88853844882f16794e97fac005
libtiff-debuginfo-3.9.4-18.el6_8.ppc64.rpm	SHA-256: 4ca1ed81d7a380737f27f24ff64ac14d4c86bd88853844882f16794e97fac005
libtiff-devel-3.9.4-18.el6_8.ppc.rpm	SHA-256: 41c57785fed0505162e350fa7bddc123abc6ba7c47653424be786507c422885c
libtiff-devel-3.9.4-18.el6_8.ppc64.rpm	SHA-256: f96e5733b171b915441124c6292377cc7aabbfcde6afec14f0ecd4c20cc0cf41
libtiff-static-3.9.4-18.el6_8.ppc64.rpm	SHA-256: 12550d587b045e044a62394df207401fbdbf2c54f24484a9ac3c4be2b0cfbd24

Red Hat Enterprise Linux for Scientific Computing 6

SRPM
libtiff-3.9.4-18.el6_8.src.rpm	SHA-256: 01f51ba7654d9d86c29dfeb4901a2475b92019c557f40427b4198c62ecb37d06
x86_64
libtiff-3.9.4-18.el6_8.i686.rpm	SHA-256: b0f900cfd24ad503ffd567e012cd0bc604bccd04e879cef075e52a3aadb81adc
libtiff-3.9.4-18.el6_8.x86_64.rpm	SHA-256: 5b2cb1d62422bc905af65055fec52a38f72e57872558510b916ba8d939fbfdce
libtiff-debuginfo-3.9.4-18.el6_8.i686.rpm	SHA-256: 11c1014448cc970f15064659223e59323dd51cf278e9d27c94a6fe1e50858f32
libtiff-debuginfo-3.9.4-18.el6_8.i686.rpm	SHA-256: 11c1014448cc970f15064659223e59323dd51cf278e9d27c94a6fe1e50858f32
libtiff-debuginfo-3.9.4-18.el6_8.x86_64.rpm	SHA-256: 2571fec54c626161ba3519f329aa4c6a1cc8e7dcd84c7e235b6c67859c6b40a5
libtiff-debuginfo-3.9.4-18.el6_8.x86_64.rpm	SHA-256: 2571fec54c626161ba3519f329aa4c6a1cc8e7dcd84c7e235b6c67859c6b40a5
libtiff-devel-3.9.4-18.el6_8.i686.rpm	SHA-256: aa73cc54c65fb4fdd19073eda55e05e7bb7036bc804dc1de742cdd3922f831d1
libtiff-devel-3.9.4-18.el6_8.x86_64.rpm	SHA-256: 2642efecc7864cc0b3c6d7842847576c2f03817a3f0a9be99ca22f97677b1e68
libtiff-static-3.9.4-18.el6_8.x86_64.rpm	SHA-256: fb99e5415bb108965f4c7518f154ab318073e4aed1b66a07ed5426b2915aab3b

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories