Twenty Year Anniversary

Gentoo Linux Security Advisory 201709-27

Gentoo Linux Security Advisory 201709-27
Posted Sep 27, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201709-27 - Multiple vulnerabilities have been found in LibTIFF, the worst of which could result in the execution of arbitrary code. Versions less than 4.0.8 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2016-10267, CVE-2016-10268, CVE-2017-5225, CVE-2017-5563, CVE-2017-7592, CVE-2017-7593, CVE-2017-7594, CVE-2017-7595, CVE-2017-7596, CVE-2017-7597, CVE-2017-7598, CVE-2017-7599, CVE-2017-7600, CVE-2017-7601, CVE-2017-7602, CVE-2017-9403
MD5 | e3b57bec14aec9a7eeae3c7bcd071dd0

Gentoo Linux Security Advisory 201709-27

Change Mirror Download
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201709-27
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: LibTIFF: Multiple vulnerabilities
Date: September 26, 2017
Bugs: #610330, #614020, #614022, #617996, #617998, #618610, #624602
ID: 201709-27

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in LibTIFF, the worst of which
could result in the execution of arbitrary code.

Background
==========

The TIFF library contains encoding and decoding routines for the Tag
Image File Format. It is called by numerous programs, including GNOME
and KDE applications, to interpret TIFF images.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 media-libs/tiff < 4.0.8 >= 4.0.8

Description
===========

Multiple vulnerabilities have been discovered in LibTIFF. Please review
the referenced CVE identifiers for details.

Impact
======

A remote attacker, by enticing the user to process a specially crafted
TIFF file, could possibly execute arbitrary code with the privileges of
the process, cause a Denial of Service condition, obtain sensitive
information, or have other unspecified impacts.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All LibTIFF users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/tiff-4.0.8"

Packages which depend on this library may need to be recompiled. Tools
such as revdep-rebuild may assist in identifying some of these
packages.

References
==========

[ 1 ] CVE-2016-10267
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10267
[ 2 ] CVE-2016-10268
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10268
[ 3 ] CVE-2017-5225
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5225
[ 4 ] CVE-2017-5563
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5563
[ 5 ] CVE-2017-7592
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7592
[ 6 ] CVE-2017-7593
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7593
[ 7 ] CVE-2017-7594
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7594
[ 8 ] CVE-2017-7595
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7595
[ 9 ] CVE-2017-7596
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7596
[ 10 ] CVE-2017-7597
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7597
[ 11 ] CVE-2017-7598
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7598
[ 12 ] CVE-2017-7599
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7599
[ 13 ] CVE-2017-7600
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7600
[ 14 ] CVE-2017-7601
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7601
[ 15 ] CVE-2017-7602
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7602
[ 16 ] CVE-2017-9403
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9403

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/201709-27

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2017 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

August 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    19 Files
  • 2
    Aug 2nd
    17 Files
  • 3
    Aug 3rd
    16 Files
  • 4
    Aug 4th
    1 Files
  • 5
    Aug 5th
    1 Files
  • 6
    Aug 6th
    19 Files
  • 7
    Aug 7th
    15 Files
  • 8
    Aug 8th
    9 Files
  • 9
    Aug 9th
    7 Files
  • 10
    Aug 10th
    10 Files
  • 11
    Aug 11th
    1 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    14 Files
  • 14
    Aug 14th
    18 Files
  • 15
    Aug 15th
    38 Files
  • 16
    Aug 16th
    16 Files
  • 17
    Aug 17th
    22 Files
  • 18
    Aug 18th
    3 Files
  • 19
    Aug 19th
    3 Files
  • 20
    Aug 20th
    21 Files
  • 21
    Aug 21st
    7 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close