ESB-2018.1914 - [Debian] TIFF: Multiple vulnerabilities 2018-07-03

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.1914
                       tiff update comes to Debian 8
                                3 July 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           TIFF
Publisher:         Debian
Operating System:  Debian GNU/Linux 8
Impact/Access:     Denial of Service -- Remote with User Interaction
                   Reduced Security  -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-10963 CVE-2018-8905 CVE-2018-7456
                   CVE-2018-5784 CVE-2017-18013 CVE-2017-13726
                   CVE-2017-11613  

Reference:         ESB-2018.1662
                   ESB-2018.0800

Original Bulletin: 
   https://lists.debian.org/debian-lts-announce/2018/07/msg00002.html

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : tiff
Version        : 4.0.3-12.3+deb8u6
CVE ID         : CVE-2017-11613 CVE-2018-5784 CVE-2018-7456
                 CVE-2018-8905 CVE-2018-10963
Debian Bug     : 869823 898348 890441 891288 893806

Several issues were discovered in TIFF, the Tag Image File Format
library, that allowed remote attackers to cause a denial-of-service or
other unspecified impact via a crafted image file.

CVE-2017-11613: DoS vulnerability
    A crafted input will lead to a denial of service attack. During the
    TIFFOpen process, td_imagelength is not checked. The value of
    td_imagelength can be directly controlled by an input file. In the
    ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc
    function is called based on td_imagelength. If the value of
    td_imagelength is set close to the amount of system memory, it will
    hang the system or trigger the OOM killer.

CVE-2018-10963: DoS vulnerability
    The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF
    allows remote attackers to cause a denial of service (assertion
    failure and application crash) via a crafted file, a different
    vulnerability than CVE-2017-13726.

CVE-2018-5784: DoS vulnerability
    In LibTIFF, there is an uncontrolled resource consumption in the
    TIFFSetDirectory function of tif_dir.c. Remote attackers could
    leverage this vulnerability to cause a denial of service via a
    crafted tif file.
    This occurs because the declared number of directory entries is not
    validated against the actual number of directory entries.

CVE-2018-7456: NULL Pointer Dereference
    A NULL Pointer Dereference occurs in the function TIFFPrintDirectory
    in tif_print.c in LibTIFF when using the tiffinfo tool to print
    crafted TIFF information, a different vulnerability than
    CVE-2017-18013. (This affects an earlier part of the
    TIFFPrintDirectory function that was not addressed by the
    CVE-2017-18013 patch.)

CVE-2018-8905: Heap-based buffer overflow
    In LibTIFF, a heap-based buffer overflow occurs in the function
    LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as
    demonstrated by tiff2ps.

For Debian 8 "Jessie", these problems have been fixed in version
4.0.3-12.3+deb8u6.

We recommend that you upgrade your tiff packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAls6O4dfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeQ6AhAAh8ft5iIBkGbNw6oaijIXkD7q03dNdrLykXKiAotg5VYxO8aOV1gFdsw8
f/c1F4wUhaTnxv1AIAPzYbJPezt7wuihlQ3JkdjZuIaUS+30b9+ytPlYI5+4irao
kQQQklI1cG8z0MHPp7KXmy7cHAKtsSJ6IP9T8InWWSz3FQZBi+Z3bCy9Qk7XK91R
wj4c1cgzV0C/tRfErbAMJBW7e/pf+IlS7t+tSmL4OergLLoSr6a+eXXgE3kkoGWd
quKB+7qh6IbBVUBm001AS5cT7VdxAAqemjk13uOuekyOItsxDblCST2WgfVdCv8R
Bh+jWqte6Su/aXp986IZLAey+METNJK81KD6aNcIsrlJO4H+5Yr3n1+V+ggdYgZz
Y+sxEnMv1fo1PI1dmPSrrEmS+NZ0IeguuZ8Pc/XLw9YlIHjuWM4zpU6mM4qWEFUq
q49UqFjWcqV/K+0FPJRkOidsXZo7+YmGaIUO5xi07U7EZVWM4z7hLYl528wX6D06
8VdVvqFfA4/xsjcsasExDXubdWzFf/Aj9XJVh5DCZNjzST3s1QRtLV8uuvGVhKQc
f0vj7ai6KzwfMfLUXadKvUakKmXR96EW3BidIyQUxNTgAX0lKvobCBm4KATqOfDl
9rTPQdhRIBbV8B/XyvPGRI/gHuumyK95HGyoKit0ppRo5DrRdvA=
=nbS2
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWzrMO2aOgq3Tt24GAQhcaQ/+JIcZoOUXCqltfzOYlj9hsSRPtdSlscey
euzgy3LNgptiIAvRd/On/3LzFCVe45M/LJDYjr07PEQxWkAIOgIOIb2TnA8mQysL
boh84CVw7RnyUUqVsboghG5rC5YnL8Wy+GJXMypRAiqz/jl3MLjd4g7mAYqC15MJ
qcoE2GKUxVLr/7efbzObEUNVGTjOAKakpsezNGWc84I/jw1hDmZeECIg1FKcXO2v
1zRAlQzjSi10E7YVH1ZYq3nZqcI8zpo1vHGTlZZqgI2BR0AhV6I65OP8delZjL8O
0TzCxnL9tXJJySLYbIlUMSb8YNSXYkDQFxMqELyiZocbFSZHFQ4c8Tx8cCrkVBQC
NIctg0LVSlwUe+ziBVvVOkZ0SNP4ZbGS0xjKlNUQltTkAKXCd3KseMkmqZmaM1MU
xOBB+7uDwcI8xPXRevoOEJwtm6xgY/whmUUSsurgZZoVBx7oimMn8TyLG/xMIFW9
nf7Kv3RKY77snYuxCwKZaCfzy3VA/u0TZXQeo3wSQR7jhH3YRory93w+YLp4qBZR
4NtCI9I/deMnmiPSe6tfxDhezM85a4q1bZD+xVnBJy+XnFoeUymUGYQe6d6Z02jR
0WjNLqjE9Kz78pj+Ma45b1atlw9J1IgYtUeytaAku7pOca66SEl3zHMqXD/BPqqI
TdntdSplBXs=
=BAGb
-----END PGP SIGNATURE-----

« Back to bulletins