Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.1914 tiff update comes to Debian 8 3 July 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: TIFF Publisher: Debian Operating System: Debian GNU/Linux 8 Impact/Access: Denial of Service -- Remote with User Interaction Reduced Security -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2018-10963 CVE-2018-8905 CVE-2018-7456 CVE-2018-5784 CVE-2017-18013 CVE-2017-13726 CVE-2017-11613 Reference: ESB-2018.1662 ESB-2018.0800 Original Bulletin: https://lists.debian.org/debian-lts-announce/2018/07/msg00002.html - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : tiff Version : 4.0.3-12.3+deb8u6 CVE ID : CVE-2017-11613 CVE-2018-5784 CVE-2018-7456 CVE-2018-8905 CVE-2018-10963 Debian Bug : 869823 898348 890441 891288 893806 Several issues were discovered in TIFF, the Tag Image File Format library, that allowed remote attackers to cause a denial-of-service or other unspecified impact via a crafted image file. CVE-2017-11613: DoS vulnerability A crafted input will lead to a denial of service attack. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In the ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called based on td_imagelength. If the value of td_imagelength is set close to the amount of system memory, it will hang the system or trigger the OOM killer. CVE-2018-10963: DoS vulnerability The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726. CVE-2018-5784: DoS vulnerability In LibTIFF, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file. This occurs because the declared number of directory entries is not validated against the actual number of directory entries. CVE-2018-7456: NULL Pointer Dereference A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.) CVE-2018-8905: Heap-based buffer overflow In LibTIFF, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps. For Debian 8 "Jessie", these problems have been fixed in version 4.0.3-12.3+deb8u6. We recommend that you upgrade your tiff packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAls6O4dfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeQ6AhAAh8ft5iIBkGbNw6oaijIXkD7q03dNdrLykXKiAotg5VYxO8aOV1gFdsw8 f/c1F4wUhaTnxv1AIAPzYbJPezt7wuihlQ3JkdjZuIaUS+30b9+ytPlYI5+4irao kQQQklI1cG8z0MHPp7KXmy7cHAKtsSJ6IP9T8InWWSz3FQZBi+Z3bCy9Qk7XK91R wj4c1cgzV0C/tRfErbAMJBW7e/pf+IlS7t+tSmL4OergLLoSr6a+eXXgE3kkoGWd quKB+7qh6IbBVUBm001AS5cT7VdxAAqemjk13uOuekyOItsxDblCST2WgfVdCv8R Bh+jWqte6Su/aXp986IZLAey+METNJK81KD6aNcIsrlJO4H+5Yr3n1+V+ggdYgZz Y+sxEnMv1fo1PI1dmPSrrEmS+NZ0IeguuZ8Pc/XLw9YlIHjuWM4zpU6mM4qWEFUq q49UqFjWcqV/K+0FPJRkOidsXZo7+YmGaIUO5xi07U7EZVWM4z7hLYl528wX6D06 8VdVvqFfA4/xsjcsasExDXubdWzFf/Aj9XJVh5DCZNjzST3s1QRtLV8uuvGVhKQc f0vj7ai6KzwfMfLUXadKvUakKmXR96EW3BidIyQUxNTgAX0lKvobCBm4KATqOfDl 9rTPQdhRIBbV8B/XyvPGRI/gHuumyK95HGyoKit0ppRo5DrRdvA= =nbS2 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWzrMO2aOgq3Tt24GAQhcaQ/+JIcZoOUXCqltfzOYlj9hsSRPtdSlscey euzgy3LNgptiIAvRd/On/3LzFCVe45M/LJDYjr07PEQxWkAIOgIOIb2TnA8mQysL boh84CVw7RnyUUqVsboghG5rC5YnL8Wy+GJXMypRAiqz/jl3MLjd4g7mAYqC15MJ qcoE2GKUxVLr/7efbzObEUNVGTjOAKakpsezNGWc84I/jw1hDmZeECIg1FKcXO2v 1zRAlQzjSi10E7YVH1ZYq3nZqcI8zpo1vHGTlZZqgI2BR0AhV6I65OP8delZjL8O 0TzCxnL9tXJJySLYbIlUMSb8YNSXYkDQFxMqELyiZocbFSZHFQ4c8Tx8cCrkVBQC NIctg0LVSlwUe+ziBVvVOkZ0SNP4ZbGS0xjKlNUQltTkAKXCd3KseMkmqZmaM1MU xOBB+7uDwcI8xPXRevoOEJwtm6xgY/whmUUSsurgZZoVBx7oimMn8TyLG/xMIFW9 nf7Kv3RKY77snYuxCwKZaCfzy3VA/u0TZXQeo3wSQR7jhH3YRory93w+YLp4qBZR 4NtCI9I/deMnmiPSe6tfxDhezM85a4q1bZD+xVnBJy+XnFoeUymUGYQe6d6Z02jR 0WjNLqjE9Kz78pj+Ma45b1atlw9J1IgYtUeytaAku7pOca66SEl3zHMqXD/BPqqI TdntdSplBXs= =BAGb -----END PGP SIGNATURE-----