Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.1440 IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in libTIFF 29 April 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM PureFlex System IBM Flex System Publisher: IBM Operating System: Network Appliance Impact/Access: Denial of Service -- Remote with User Interaction Execute Arbitrary Code/Commands -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2018-18661 CVE-2018-16429 CVE-2018-12900 CVE-2017-17942 CVE-2017-9147 CVE-2017-9117 CVE-2016-9273 CVE-2016-5319 CVE-2016-3621 CVE-2016-3620 CVE-2016-3619 CVE-2015-8870 Reference: ESB-2017.1680 ESB-2017.0304 ESB-2017.0114 ESB-2017.0534.2 Original Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10882120 http://www.ibm.com/support/docview.wss?uid=ibm10882114 Comment: This bulletin contains two (2) IBM security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in libTIFF Product: PureFlex System & Flex System Component: IBM Dynamic System Analysis (DSA) Preboot Software version: All Versions Operating system(s): Firmware Reference #: 0882120 Security Bulletin Summary IBM Dynamic System Analysis (DSA) Preboot has addressed the following vulnerabilities in libTIFF. Vulnerability Details CVEID: CVE-2018-18661 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by a NULL pointer dereference in the LZWDecode function in tif_lzw.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. CVSS Base Score: 3.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 152035 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) CVEID: CVE-2018-12900 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by a heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. CVSS Base Score: 5.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 145464 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) CVEID: CVE-2017-9147 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by an invalid read in the _TIFFVGetField function. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could exploit this vulnerability to cause the application to crash. CVSS Base Score: 3.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 127484 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) CVEID: CVE-2017-9117 DESCRIPTION: LibTIFF is vulnerable to a heap-based buffer overflow, caused by the processing of BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input. By using a specially crafted BMP image, attacker could overflow a buffer in bmp2tiff and execute arbitrary code on the system. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 126280 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) CVEID: CVE-2017-17942 DESCRIPTION: LibTIFF is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the function PackBitsEncode in tif_packbits.c. A local attacker could overflow a buffer and execute arbitrary code on the system. CVSS Base Score: 5.9 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 136935 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) CVEID: CVE-2016-9273 DESCRIPTION: LibTIFF is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by tiffsplit. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and cause the application to crash. CVSS Base Score: 6.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 122213 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) CVEID: CVE-2016-5319 DESCRIPTION: libTIFF is vulnerable to a denial of service, caused by a heap-based buffer overflow in tif_packbits.c. By persuading a victim to open a specially-crafted bmp file, a remote attacker could exploit this vulnerability to cause the application to crash. CVSS Base Score: 5.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 125599 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) CVEID: CVE-2016-3621 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by an out-of-bounds read in the LZWEncode function in tif_lzw.c. By persuading a victim to open a specially crafted BMP file, a remote attacker could exploit this vulnerability to cause a denial of service. CVSS Base Score: 4.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 112049 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) CVEID: CVE-2016-3620 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by an out-of-bounds read in the ZIPEncode function in tif_zip.c. By persuading a victim to open a specially crafted BMP file, a remote attacker could exploit this vulnerability to cause a denial of service. CVSS Base Score: 4.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 112048 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) CVEID: CVE-2016-3619 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by an out-of-bounds read in the bmp2tiff function DumpModeEncode. By persuading a victim to open a specially crafted BMP file, a remote attacker could exploit this vulnerability to cause a denial of service. CVSS Base Score: 4.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 112019 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) CVEID: CVE-2015-8870 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by an integer overflow in tools/bmp2tiff.c. By using a specially-crafted BMP file, an attacker could exploit this vulnerability to cause the a denial of service, or obtain sensitive information from the process memory. CVSS Base Score: 5.4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 120073 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L) Affected Products and Versions Product Affected Version IBM Dynamic System Analysis (DSA) Preboot 9.6 Remediation/Fixes Firmware fix versions are available on Fix Central: http://www.ibm.com/support/ fixcentral/ Product Fix Version IBM Dynamic System Analysis (DSA) Preboot dsyte2z-9.65 (ibm_fw_dsa_dsyte2z-9.65_anyos_32-64) Workarounds and Mitigations None Change History 23 April 2019: Initial version published ============================================================================== IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerability GNU C Library (CVE-2018-16429) Product: PureFlex System & Flex System Component: IBM Dynamic System Analysis (DSA) Preboot Software version: All Versions Operating system(s): Firmware Reference #: 0882114 Security Bulletin Summary IBM Dynamic System Analysis (DSA) Preboot has addressed the following vulnerability in GNU C Library. Vulnerability Details CVEID: CVE-2018-16429 DESCRIPTION: GNOME GLib is vulnerable to a denial of service, caused by an out-of-bounds read in g_markup_parse_context_parse() in gmarkup.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. CVSS Base Score: 3.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 149332 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) Affected Products and Versions Product Affected Version IBM Dynamic System Analysis (DSA) Preboot 9.6 Remediation/Fixes Firmware fix versions are available on Fix Central: http://www.ibm.com/support/ fixcentral/ Product Fix Version IBM Dynamic System Analysis (DSA) Preboot dsyte2z-9.65 (ibm_fw_dsa_dsyte2z-9.65_anyos_32-64) Workarounds and Mitigations None Change History 23 April 2019: Initial version published - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXMZxlWaOgq3Tt24GAQjklhAA2NMRxDVj7A42cGI+5AUQ3C7QMbqzLUU/ /C8ItMkSjc1tTcpxLeoDcs6eIKfLudXuE0x0pxgYiBAcTTHaZwTbBv73xC68s/h8 HTa5OEdvjsc+qBs7wkdRMObkJ86shuFzPaXi/Je2JRsgcORoqE9Q9SYlj53Aw9AB P+SvrON4E8/GaMo/6NJLy6o93H88GBnhRIbdbj8L+MX/3CMRnV64b3f9LJXhNceD LfuDtL5GhrOROJoTGMslANaVel7ifslFbOPfAaoN6b28ncaPrACjX0C/p1Ydyk18 VHD3qUCs3rNg+C3a+XLkcJq3J2Dnq4MRxfznJgJESJ5TwvOt5L7HGNG+Jl/KxDhT ORScS6Ebo4fnuBLxJCFEXY8ghzXIPPBkRrn0qHaHylkJbi4ATSwWq2Wegwmqo7Q6 sOkEAgMuBx/rnC01OeOkW/GwVjpdwFv2rwYVBKWDHpqR6vz64zSGWwuukURlNBuZ sWWJwNGOVsKayhSXhE2LUQZeJtFBsp3Y6YwXP/BojlGvnCa5hKrDGE2qJkhFO4P7 OSpddAscg97ul6sA7D4p2834DSChqOlz07Hz0Hvg9Yy0FnuYuUdjO0Szj25uDz/K rtRXgoUANIsPz5OBD8CWgT8Qbs6bS6dmWFrI3E8Z66FW7i97tCAO4LIzoXq2qsgR 9XB/uCHud7M= =71zl -----END PGP SIGNATURE-----