SUSE SLES11 Security Update : tiff (SUSE-SU-2018:1179-1)

critical Nessus Plugin ID 109674

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

This update for tiff fixes the following issues :

- CVE-2016-9453: The t2p_readwrite_pdf_image_tile function allowed remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a JPEG file with a TIFFTAG_JPEGTABLES of length one (bsc#1011107).

- CVE-2016-5652: An exploitable heap-based buffer overflow existed in the handling of TIFF images in the TIFF2PDF tool. A crafted TIFF document can lead to a heap-based buffer overflow resulting in remote code execution.
Vulnerability can be triggered via a saved TIFF file delivered by other means (bsc#1007280).

- CVE-2017-11335: There is a heap-based buffer overflow in tools/tiff2pdf.c via a PlanarConfig=Contig image, which caused a more than one hundred bytes out-of-bounds write (related to the ZIPDecode function in tif_zip.c). A crafted input may lead to a remote denial of service attack or an arbitrary code execution attack (bsc#1048937).

- CVE-2016-9536: tools/tiff2pdf.c had an out-of-bounds write vulnerabilities in heap allocated buffers in t2p_process_jpeg_strip(). Reported as MSVR 35098, aka 't2p_process_jpeg_strip heap-buffer-overflow.' (bsc#1011845)

- CVE-2017-9935: In LibTIFF, there was a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free. Given these possibilities, it probably could cause arbitrary code execution (bsc#1046077).

- CVE-2017-17973: There is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. (bsc#1074318)

- CVE-2015-7554: The _TIFFVGetField function in tif_dir.c allowed attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via crafted field data in an extension tag in a TIFF image (bsc#960341).

- CVE-2016-5318: Stack-based buffer overflow in the
_TIFFVGetField function allowed remote attackers to crash the application via a crafted tiff (bsc#983436).

- CVE-2016-10095: Stack-based buffer overflow in the
_TIFFVGetField function in tif_dir.c allowed remote attackers to cause a denial of service (crash) via a crafted TIFF file (bsc#1017690,).

- CVE-2016-10268: tools/tiffcp.c allowed remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF image, related to 'READ of size 78490' and libtiff/tif_unix.c:115:23 (bsc#1031255)

- An overlapping of memcpy parameters was fixed which could lead to content corruption (bsc#1017691).

- Fixed an invalid memory read which could lead to a crash (bsc#1017692).

- Fixed a NULL pointer dereference in TIFFReadRawData (tiffinfo.c) that could crash the decoder (bsc#1017688).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t patch sdksp4-tiff-13594=1

SUSE Linux Enterprise Server 11-SP4:zypper in -t patch slessp4-tiff-13594=1

SUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch dbgsp4-tiff-13594=1

See Also

https://bugzilla.suse.com/show_bug.cgi?id=1007280

https://bugzilla.suse.com/show_bug.cgi?id=1011107

https://bugzilla.suse.com/show_bug.cgi?id=1011845

https://bugzilla.suse.com/show_bug.cgi?id=1017688

https://bugzilla.suse.com/show_bug.cgi?id=1017690

https://bugzilla.suse.com/show_bug.cgi?id=1017691

https://bugzilla.suse.com/show_bug.cgi?id=1017692

https://bugzilla.suse.com/show_bug.cgi?id=1031255

https://bugzilla.suse.com/show_bug.cgi?id=1046077

https://bugzilla.suse.com/show_bug.cgi?id=1048937

https://bugzilla.suse.com/show_bug.cgi?id=1074318

https://bugzilla.suse.com/show_bug.cgi?id=960341

https://bugzilla.suse.com/show_bug.cgi?id=983436

https://www.suse.com/security/cve/CVE-2015-7554/

https://www.suse.com/security/cve/CVE-2016-10095/

https://www.suse.com/security/cve/CVE-2016-10268/

https://www.suse.com/security/cve/CVE-2016-3945/

https://www.suse.com/security/cve/CVE-2016-5318/

https://www.suse.com/security/cve/CVE-2016-5652/

https://www.suse.com/security/cve/CVE-2016-9453/

https://www.suse.com/security/cve/CVE-2016-9536/

https://www.suse.com/security/cve/CVE-2017-11335/

https://www.suse.com/security/cve/CVE-2017-17973/

https://www.suse.com/security/cve/CVE-2017-9935/

http://www.nessus.org/u?1e4baba2

Plugin Details

Severity: Critical

ID: 109674

File Name: suse_SU-2018-1179-1.nasl

Version: 1.8

Type: local

Agent: unix

Published: 5/10/2018

Updated: 10/10/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2016-9536

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:libtiff3, cpe:/o:novell:suse_linux:11, p-cpe:/a:novell:suse_linux:tiff

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/9/2018

Vulnerability Publication Date: 1/8/2016

Reference Information

CVE: CVE-2015-7554, CVE-2016-10095, CVE-2016-10268, CVE-2016-3945, CVE-2016-5318, CVE-2016-5652, CVE-2016-9453, CVE-2016-9536, CVE-2017-11335, CVE-2017-17973, CVE-2017-9935