ID

VAR-201803-0099

CVE

CVE-2014-8130

TITLE

LibTIFF Vulnerable to division by zero

DESCRIPTION

The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither. LibTIFF Contains a vulnerability related to division by zero.Service operation interruption (DoS) There is a possibility of being put into a state. LibTIFF is prone to a denial-of-service vulnerability. Successful exploits may allow attackers to crash the affected application, denying service to legitimate users. A denial of service vulnerability exists in Silicon Graphics LibTiff prior to 4.0.3. ============================================================================ Ubuntu Security Notice USN-2553-2 April 01, 2015 tiff regression ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS Summary: USN-2553-1 introduced a regression in LibTIFF. One of the security fixes caused a regression when saving certain TIFF files with a Predictor tag. The problematic patch has been temporarily backed out until a more complete fix is available. We apologize for the inconvenience. Original advisory details: William Robinet discovered that LibTIFF incorrectly handled certain malformed images. (CVE-2014-8127, CVE-2014-8128, CVE-2014-8129, CVE-2014-8130) Paris Zoumpouloglou discovered that LibTIFF incorrectly handled certain malformed BMP images. (CVE-2014-9655) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.10: libtiff5 4.0.3-10ubuntu0.2 Ubuntu 14.04 LTS: libtiff5 4.0.3-7ubuntu0.3 Ubuntu 12.04 LTS: libtiff4 3.9.5-2ubuntu1.8 Ubuntu 10.04 LTS: libtiff4 3.9.2-2ubuntu0.16 In general, a standard system update will make all the necessary changes. Update: Packages for Mandriva Business Server 1 are now being provided. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8127 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8128 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8129 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8130 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9655 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1547 http://advisories.mageia.org/MGASA-2015-0112.html _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: f8727a71ac4ec2d7d4f1b633d6953822 mbs1/x86_64/lib64tiff5-4.0.4-0.1.mbs1.x86_64.rpm 32cdb5ebbe9aa26837e492bbc226f6eb mbs1/x86_64/lib64tiff-devel-4.0.4-0.1.mbs1.x86_64.rpm 917c2cf43c35469c768e62f9b670efd0 mbs1/x86_64/lib64tiff-static-devel-4.0.4-0.1.mbs1.x86_64.rpm 36ff180f975358b530230a3c0bf6ee64 mbs1/x86_64/libtiff-progs-4.0.4-0.1.mbs1.x86_64.rpm abad0883b65d252bd62ca2ea163a0754 mbs1/SRPMS/libtiff-4.0.4-0.1.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-06-30-1 iOS 8.4 iOS 8.4 is now available and addresses the following: Application Store Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious universal provisioning profile app may prevent apps from launching Description: An issue existed in the install logic for universal provisioning profile apps, which allowed a collision to occur with existing bundle IDs. This issue was addressed through improved collision checking. CVE-ID CVE-2015-3722 : Zhaofeng Chen, Hui Xue, and Tao (Lenx) Wei from FireEye, Inc. Certificate Trust Policy Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker with a privileged network position may be able to intercept network traffic Description: An intermediate certificate was incorrectly issued by the certificate authority CNNIC. This issue was addressed through the addition of a mechanism to trust only a subset of certificates issued prior to the mis-issuance of the intermediate. Further details are available at https://support.apple.com/en-us/HT204938 Certificate Trust Policy Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at https://support.apple.com/en- us/HT204132 CFNetwork HTTPAuthentication Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Following a maliciously crafted URL may lead to arbitrary code execution Description: A memory corruption issue existed in handling of certain URL credentials. This issue was addressed with improved memory handling. CVE-ID CVE-2015-3684 : Apple CoreGraphics Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in the handling of ICC profiles. These issues were addressed through improved memory handling. CVE-ID CVE-2015-3723 : chaithanya (SegFault) working with HP's Zero Day Initiative CVE-2015-3724 : WanderingGlitch of HP's Zero Day Initiative CoreText Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted text file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in the processing of text files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-1157 CVE-2015-3685 : Apple CVE-2015-3686 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-3687 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-3688 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-3689 : Apple coreTLS Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker with a privileged network position may intercept SSL/TLS connections Description: coreTLS accepted short ephemeral Diffie-Hellman (DH) keys, as used in export-strength ephemeral DH cipher suites. This issue, also known as Logjam, allowed an attacker with a privileged network position to downgrade security to 512-bit DH if the server supported an export-strength ephemeral DH cipher suite. The issue was addressed by increasing the default minimum size allowed for DH ephemeral keys to 768 bits. CVE-ID CVE-2015-4000 : The weakdh team at weakdh.org, Hanno Boeck DiskImages Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to determine kernel memory layout Description: An information disclosure issue existed in the processing of disk images. This issue was addressed through improved memory management. CVE-ID CVE-2015-3690 : Peter Rutenbar working with HP's Zero Day Initiative FontParser Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in the processing of font files. These issues were addressed through improved input validation. CVE-ID CVE-2015-3694 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-3719 : John Villamil (@day6reak), Yahoo Pentest Team ImageIO Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Processing a maliciously crafted .tiff file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of .tiff files. This issue was addressed with improved bounds checking. CVE-ID CVE-2015-3703 : Apple ImageIO Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Multiple vulnerabilities exist in libtiff, the most serious of which may lead to arbitrary code execution Description: Multiple vulnerabilities existed in libtiff versions prior to 4.0.4. They were addressed by updating libtiff to version 4.0.4. CVE-ID CVE-2014-8127 CVE-2014-8128 CVE-2014-8129 CVE-2014-8130 Kernel Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able to determine kernel memory layout Description: A memory management issue existed in the handling of HFS parameters which could have led to the disclosure of kernel memory layout. This issue was addressed through improved memory management. CVE-ID CVE-2015-3721 : Ian Beer of Google Project Zero Mail Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A maliciously crafted email can replace the message content with an arbitrary webpage when the message is viewed Description: An issue existed in the support for HTML email which allowed message content to be refreshed with an arbitrary webpage. The issue was addressed through restricted support for HTML content. CVE-ID CVE-2015-3710 : Aaron Sigel of vtty.com, Jan Soucek MobileInstallation Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious universal provisioning profile app can prevent a Watch app from launching Description: An issue existed in the install logic for universal provisioning profile apps on the Watch which allowed a collision to occur with existing bundle IDs. This issue was addressed through improved collision checking. CVE-ID CVE-2015-3725 : Zhaofeng Chen, Hui Xue, and Tao (Lenx) Wei from FireEye, Inc. Safari Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may compromise user information on the filesystem Description: A state management issue existed in Safari that allowed unprivileged origins to access contents on the filesystem. This issue was addressed through improved state management. CVE-ID CVE-2015-1155 : Joe Vennix of Rapid7 Inc. working with HP's Zero Day Initiative Safari Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to account takeover Description: An issue existed where Safari would preserve the Origin request header for cross-origin redirects, allowing malicious websites to circumvent CSRF protections. The issue was addressed through improved handling of redirects. CVE-ID CVE-2015-3658 : Brad Hill of Facebook Security Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution Description: An integer overflow existed in the Security framework code for parsing S/MIME e-mail and some other signed or encrypted objects. This issue was addressed through improved validity checking. CVE-ID CVE-2013-1741 SQLite Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution Description: Multiple buffer overflows existed in SQLite's printf implementation. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-3717 : Peter Rutenbar working with HP's Zero Day Initiative Telephony Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Maliciously crafted SIM cards may lead to arbitrary code execution Description: Multiple input validation issues existed in the parsing of SIM/UIM payloads. These issues were addressed through improved payload validation. CVE-ID CVE-2015-3726 : Matt Spisak of Endgame WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website by clicking a link may lead to user interface spoofing Description: An issue existed in the handling of the rel attribute in anchor elements. Target objects could get unauthorized access to link objects. This issue was addressed through improved link type adherence. CVE-ID CVE-2015-1156 : Zachary Durber of Moodle WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2015-1152 : Apple CVE-2015-1153 : Apple WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted webpage may lead to an unexpected application termination or arbitrary code execution Description: An insufficient comparison issue existed in SQLite authorizer which allowed invocation of arbitrary SQL functions. This issue was addressed with improved authorization checks. CVE-ID CVE-2015-3659 : Peter Rutenbar working with HP's Zero Day Initiative WebKit Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A maliciously crafted website can access the WebSQL databases of other websites Description: An issue existed in the authorization checks for renaming WebSQL tables which could have allowed a maliciously crafted website to access databases belonging to other websites. This was addressed through improved authorization checks. CVE-ID CVE-2015-3727 : Peter Rutenbar working with HP's Zero Day Initiative WiFi Connectivity Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: iOS devices may auto-associate with untrusted access points advertising a known ESSID but with a downgraded security type Description: An insufficient comparison issue existed in WiFi manager's evaluation of known access point advertisements. This issue was addressed through improved matching of security parameters. CVE-ID CVE-2015-3728 : Brian W. Gray of Carnegie Mellon University, Craig Young from TripWire Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "8.4". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJVkr+6AAoJEBcWfLTuOo7tfDwP/1db2KLgQP+Pyb6av5awgS4m hQul1ihU0JO8jAI2ww345v6jMFq7MIAs82DobbRwqtI97aTep5bieqr5qUautlFz NtC4VQ5PsAyEoTo0cOSpvFOV3av6BdwFeNTI4w39n+bvKn6YUSJD0zswknUtI/G7 lpFx/KxvKBkXBhWWCg3cyVlo3Jap88svlyh9MZ+C0BYFyjZ+ZjYMlDZ6FdzRyBxI 4RHaXUFrtMQk3JAeIadSbevOH2mUwlCB9vDmFOC5BFTrMYV8nd3gyXMy924wLQli l3gtx+Kgq3+i71Zay7HGmshv06vZop8X82fC/lNZmTQFfNABLLug0ve0tLH9+IRm 516Yb4UxUZ51Pnhbv1wvwqATGoJpK4oFXHsTx0rCVpkcxGMLmeYRyaxQYBUzh+ns +9tcuqIBsvVudY8LGAF4yUxkmt2K5N6mqu9x+KqVmiI9M7DbBoc+AUNVJpoiEGmt qB/eqkpGYKvHal3UEV6P3sSM3gBrzb5aFYNa8R31/cE8U+INeKTwd99KNoixJa9y /rNOSnuwKsuD33NFUpOJo/MW70ts3BrjN8eIvtnZ7/GHVljkQde7LCCJ2k2iQWTW lp+C5jWsR/2qXoCkG1p2oipBP/2OKo9wRzklkOo+1LJiWY18r/FlRMWqfkFUyMrK +NEpxWhe8ytzIFIkrXDt =iv++ -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: libtiff security update Advisory ID: RHSA-2016:1547-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1547.html Issue date: 2016-08-02 CVE Names: CVE-2014-8127 CVE-2014-8129 CVE-2014-8130 CVE-2014-9330 CVE-2014-9655 CVE-2015-1547 CVE-2015-7554 CVE-2015-8665 CVE-2015-8668 CVE-2015-8683 CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 CVE-2015-8784 CVE-2016-3632 CVE-2016-3945 CVE-2016-3990 CVE-2016-3991 CVE-2016-5320 ===================================================================== 1. Summary: An update for libtiff is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es): * Multiple flaws have been discovered in libtiff. (CVE-2014-9655, CVE-2015-1547, CVE-2015-8784, CVE-2015-8683, CVE-2015-8665, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783, CVE-2016-3990, CVE-2016-5320) * Multiple flaws have been discovered in various libtiff tools (bmp2tiff, pal2rgb, thumbnail, tiff2bw, tiff2pdf, tiffcrop, tiffdither, tiffsplit, tiff2rgba). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool. (CVE-2014-8127, CVE-2014-8129, CVE-2014-8130, CVE-2014-9330, CVE-2015-7554, CVE-2015-8668, CVE-2016-3632, CVE-2016-3945, CVE-2016-3991) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running applications linked against libtiff must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1177893 - CVE-2014-9330 libtiff: Out-of-bounds reads followed by a crash in bmp2tiff 1185805 - CVE-2014-8127 libtiff: out-of-bounds read with malformed TIFF image in multiple tools 1185815 - CVE-2014-8129 libtiff: out-of-bounds read/write with malformed TIFF image in tiff2pdf 1185817 - CVE-2014-8130 libtiff: divide by zero in the tiffdither tool 1190703 - CVE-2014-9655 libtiff: use of uninitialized memory in putcontig8bitYCbCr21tile and NeXTDecode 1190709 - CVE-2015-1547 libtiff: use of uninitialized memory in NeXTDecode 1294417 - CVE-2015-7554 libtiff: Invalid-write in _TIFFVGetField() when parsing some extension tags 1294425 - CVE-2015-8668 libtiff: OOB read in bmp2tiff 1294427 - CVE-2015-8683 libtiff: Out-of-bounds when reading CIE Lab image format files 1294444 - CVE-2015-8665 libtiff: Out-of-bounds read in tif_getimage.c 1301649 - CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 libtiff: invalid assertion 1301652 - CVE-2015-8784 libtiff: out-of-bound write in NeXTDecode() 1325093 - CVE-2016-3945 libtiff: out-of-bounds write in the tiff2rgba tool 1325095 - CVE-2016-3632 libtiff: out-of-bounds write in _TIFFVGetField function 1326246 - CVE-2016-3990 libtiff: out-of-bounds write in horizontalDifference8() 1326249 - CVE-2016-3991 libtiff: out-of-bounds write in loadImage() function 1346687 - CVE-2016-5320 libtiff: Out-of-bounds write in PixarLogDecode() function in tif_pixarlog.c 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: libtiff-3.9.4-18.el6_8.src.rpm i386: libtiff-3.9.4-18.el6_8.i686.rpm libtiff-debuginfo-3.9.4-18.el6_8.i686.rpm x86_64: libtiff-3.9.4-18.el6_8.i686.rpm libtiff-3.9.4-18.el6_8.x86_64.rpm libtiff-debuginfo-3.9.4-18.el6_8.i686.rpm libtiff-debuginfo-3.9.4-18.el6_8.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: libtiff-debuginfo-3.9.4-18.el6_8.i686.rpm libtiff-devel-3.9.4-18.el6_8.i686.rpm libtiff-static-3.9.4-18.el6_8.i686.rpm x86_64: libtiff-debuginfo-3.9.4-18.el6_8.i686.rpm libtiff-debuginfo-3.9.4-18.el6_8.x86_64.rpm libtiff-devel-3.9.4-18.el6_8.i686.rpm libtiff-devel-3.9.4-18.el6_8.x86_64.rpm libtiff-static-3.9.4-18.el6_8.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: libtiff-3.9.4-18.el6_8.src.rpm x86_64: libtiff-3.9.4-18.el6_8.i686.rpm libtiff-3.9.4-18.el6_8.x86_64.rpm libtiff-debuginfo-3.9.4-18.el6_8.i686.rpm libtiff-debuginfo-3.9.4-18.el6_8.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: libtiff-debuginfo-3.9.4-18.el6_8.i686.rpm libtiff-debuginfo-3.9.4-18.el6_8.x86_64.rpm libtiff-devel-3.9.4-18.el6_8.i686.rpm libtiff-devel-3.9.4-18.el6_8.x86_64.rpm libtiff-static-3.9.4-18.el6_8.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: libtiff-3.9.4-18.el6_8.src.rpm i386: libtiff-3.9.4-18.el6_8.i686.rpm libtiff-debuginfo-3.9.4-18.el6_8.i686.rpm libtiff-devel-3.9.4-18.el6_8.i686.rpm ppc64: libtiff-3.9.4-18.el6_8.ppc.rpm libtiff-3.9.4-18.el6_8.ppc64.rpm libtiff-debuginfo-3.9.4-18.el6_8.ppc.rpm libtiff-debuginfo-3.9.4-18.el6_8.ppc64.rpm libtiff-devel-3.9.4-18.el6_8.ppc.rpm libtiff-devel-3.9.4-18.el6_8.ppc64.rpm s390x: libtiff-3.9.4-18.el6_8.s390.rpm libtiff-3.9.4-18.el6_8.s390x.rpm libtiff-debuginfo-3.9.4-18.el6_8.s390.rpm libtiff-debuginfo-3.9.4-18.el6_8.s390x.rpm libtiff-devel-3.9.4-18.el6_8.s390.rpm libtiff-devel-3.9.4-18.el6_8.s390x.rpm x86_64: libtiff-3.9.4-18.el6_8.i686.rpm libtiff-3.9.4-18.el6_8.x86_64.rpm libtiff-debuginfo-3.9.4-18.el6_8.i686.rpm libtiff-debuginfo-3.9.4-18.el6_8.x86_64.rpm libtiff-devel-3.9.4-18.el6_8.i686.rpm libtiff-devel-3.9.4-18.el6_8.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: libtiff-debuginfo-3.9.4-18.el6_8.i686.rpm libtiff-static-3.9.4-18.el6_8.i686.rpm ppc64: libtiff-debuginfo-3.9.4-18.el6_8.ppc64.rpm libtiff-static-3.9.4-18.el6_8.ppc64.rpm s390x: libtiff-debuginfo-3.9.4-18.el6_8.s390x.rpm libtiff-static-3.9.4-18.el6_8.s390x.rpm x86_64: libtiff-debuginfo-3.9.4-18.el6_8.x86_64.rpm libtiff-static-3.9.4-18.el6_8.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: libtiff-3.9.4-18.el6_8.src.rpm i386: libtiff-3.9.4-18.el6_8.i686.rpm libtiff-debuginfo-3.9.4-18.el6_8.i686.rpm libtiff-devel-3.9.4-18.el6_8.i686.rpm x86_64: libtiff-3.9.4-18.el6_8.i686.rpm libtiff-3.9.4-18.el6_8.x86_64.rpm libtiff-debuginfo-3.9.4-18.el6_8.i686.rpm libtiff-debuginfo-3.9.4-18.el6_8.x86_64.rpm libtiff-devel-3.9.4-18.el6_8.i686.rpm libtiff-devel-3.9.4-18.el6_8.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: libtiff-debuginfo-3.9.4-18.el6_8.i686.rpm libtiff-static-3.9.4-18.el6_8.i686.rpm x86_64: libtiff-debuginfo-3.9.4-18.el6_8.x86_64.rpm libtiff-static-3.9.4-18.el6_8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-8127 https://access.redhat.com/security/cve/CVE-2014-8129 https://access.redhat.com/security/cve/CVE-2014-8130 https://access.redhat.com/security/cve/CVE-2014-9330 https://access.redhat.com/security/cve/CVE-2014-9655 https://access.redhat.com/security/cve/CVE-2015-1547 https://access.redhat.com/security/cve/CVE-2015-7554 https://access.redhat.com/security/cve/CVE-2015-8665 https://access.redhat.com/security/cve/CVE-2015-8668 https://access.redhat.com/security/cve/CVE-2015-8683 https://access.redhat.com/security/cve/CVE-2015-8781 https://access.redhat.com/security/cve/CVE-2015-8782 https://access.redhat.com/security/cve/CVE-2015-8783 https://access.redhat.com/security/cve/CVE-2015-8784 https://access.redhat.com/security/cve/CVE-2016-3632 https://access.redhat.com/security/cve/CVE-2016-3945 https://access.redhat.com/security/cve/CVE-2016-3990 https://access.redhat.com/security/cve/CVE-2016-3991 https://access.redhat.com/security/cve/CVE-2016-5320 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

lack of information

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

William Robinet and american fuzzy lop

SOURCES

LAST UPDATE DATE

2024-11-11T22:33:08.723000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE