Test ID:	1.3.6.1.4.1.25623.1.0.882532
Category:	CentOS Local Security Checks
Title:	CentOS Update for libtiff CESA-2016:1546 centos7
Summary:	Check the version of libtiff
Description:	Summary: Check the version of libtiff Vulnerability Insight: The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es): * Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files. (CVE-2014-9655, CVE-2015-1547, CVE-2015-8784, CVE-2015-8683, CVE-2015-8665, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783, CVE-2016-3990, CVE-2016-5320) * Multiple flaws have been discovered in various libtiff tools (bmp2tiff, pal2rgb, thumbnail, tiff2bw, tiff2pdf, tiffcrop, tiffdither, tiffsplit, tiff2rgba). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool. (CVE-2014-8127, CVE-2014-8129, CVE-2014-8130, CVE-2014-9330, CVE-2015-7554, CVE-2015-8668, CVE-2016-3632, CVE-2016-3945, CVE-2016-3991) Affected Software/OS: libtiff on CentOS 7 Solution: Please Install the Updated Packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-8127 1032760 http://www.securitytracker.com/id/1032760 72323 http://www.securityfocus.com/bid/72323 DSA-3273 http://www.debian.org/security/2015/dsa-3273 GLSA-201701-16 https://security.gentoo.org/glsa/201701-16 RHSA-2016:1546 http://rhn.redhat.com/errata/RHSA-2016-1546.html RHSA-2016:1547 http://rhn.redhat.com/errata/RHSA-2016-1547.html [oss-security] 20150124 Multiple vulnerabilities in LibTIFF and associated tools http://www.openwall.com/lists/oss-security/2015/01/24/15 http://bugzilla.maptools.org/show_bug.cgi?id=2484 http://bugzilla.maptools.org/show_bug.cgi?id=2485 http://bugzilla.maptools.org/show_bug.cgi?id=2486 http://bugzilla.maptools.org/show_bug.cgi?id=2496 http://bugzilla.maptools.org/show_bug.cgi?id=2497 http://bugzilla.maptools.org/show_bug.cgi?id=2500 http://www.conostix.com/pub/adv/CVE-2014-8127-LibTIFF-Out-of-bounds_Reads.txt openSUSE-SU-2015:0450 http://lists.opensuse.org/opensuse-updates/2015-03/msg00022.html Common Vulnerability Exposure (CVE) ID: CVE-2014-8129 72352 http://www.securityfocus.com/bid/72352 APPLE-SA-2015-06-30-1 http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html APPLE-SA-2015-06-30-2 http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html https://www.debian.org/security/2015/dsa-3273 http://openwall.com/lists/oss-security/2015/01/24/15 http://bugzilla.maptools.org/show_bug.cgi?id=2487 http://bugzilla.maptools.org/show_bug.cgi?id=2488 http://support.apple.com/kb/HT204941 http://support.apple.com/kb/HT204942 http://www.conostix.com/pub/adv/CVE-2014-8129-LibTIFF-Out-of-bounds_Reads_and_Writes.txt https://bugzilla.redhat.com/show_bug.cgi?id=1185815 Common Vulnerability Exposure (CVE) ID: CVE-2014-8130 72353 http://www.securityfocus.com/bid/72353 http://bugzilla.maptools.org/show_bug.cgi?id=2483 http://www.conostix.com/pub/adv/CVE-2014-8130-LibTIFF-Division_By_Zero.txt https://bugzilla.redhat.com/show_bug.cgi?id=1185817 https://github.com/vadz/libtiff/commit/3c5eb8b1be544e41d2c336191bc4936300ad7543 Common Vulnerability Exposure (CVE) ID: CVE-2014-9330 BugTraq ID: 71789 http://www.securityfocus.com/bid/71789 Debian Security Information: DSA-3273 (Google Search) http://seclists.org/fulldisclosure/2014/Dec/97 RedHat Security Advisories: RHSA-2016:1546 RedHat Security Advisories: RHSA-2016:1547 http://www.securitytracker.com/id/1031442 Common Vulnerability Exposure (CVE) ID: CVE-2014-9655 Debian Security Information: DSA-3467 (Google Search) http://www.debian.org/security/2016/dsa-3467 http://openwall.com/lists/oss-security/2015/02/07/5 Common Vulnerability Exposure (CVE) ID: CVE-2015-1547 BugTraq ID: 73438 http://www.securityfocus.com/bid/73438 http://openwall.com/lists/oss-security/2015/01/24/16 Common Vulnerability Exposure (CVE) ID: CVE-2015-7554 20151226 libtiff: invalid write (CVE-2015-7554) http://seclists.org/fulldisclosure/2015/Dec/119 http://www.securityfocus.com/archive/1/537205/100/0/threaded 79699 http://www.securityfocus.com/bid/79699 [oss-security] 20151226 libtiff: invalid write (CVE-2015-7554) http://www.openwall.com/lists/oss-security/2015/12/26/7 http://packetstormsecurity.com/files/135078/libtiff-4.0.6-Invalid-Write.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html openSUSE-SU-2016:0212 http://lists.opensuse.org/opensuse-updates/2016-01/msg00078.html openSUSE-SU-2016:0215 http://lists.opensuse.org/opensuse-updates/2016-01/msg00081.html openSUSE-SU-2016:0252 http://lists.opensuse.org/opensuse-updates/2016-01/msg00100.html Common Vulnerability Exposure (CVE) ID: CVE-2015-8665 BugTraq ID: 79728 http://www.securityfocus.com/bid/79728 http://www.openwall.com/lists/oss-security/2015/12/24/2 http://www.openwall.com/lists/oss-security/2015/12/24/4 http://www.securitytracker.com/id/1035508 http://www.ubuntu.com/usn/USN-2939-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-8668 Bugtraq: 20151228 libtiff bmp file Heap Overflow (CVE-2015-8668) (Google Search) http://www.securityfocus.com/archive/1/537208/100/0/threaded http://packetstormsecurity.com/files/135080/libtiff-4.0.6-Heap-Overflow.html Common Vulnerability Exposure (CVE) ID: CVE-2015-8683 BugTraq ID: 79718 http://www.securityfocus.com/bid/79718 http://www.openwall.com/lists/oss-security/2015/12/25/1 http://www.openwall.com/lists/oss-security/2015/12/26/1 Common Vulnerability Exposure (CVE) ID: CVE-2015-8781 BugTraq ID: 81730 http://www.securityfocus.com/bid/81730 http://www.openwall.com/lists/oss-security/2016/01/24/3 http://www.openwall.com/lists/oss-security/2016/01/24/7 SuSE Security Announcement: openSUSE-SU-2016:0405 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-02/msg00058.html SuSE Security Announcement: openSUSE-SU-2016:0414 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-02/msg00064.html Common Vulnerability Exposure (CVE) ID: CVE-2015-8782 Common Vulnerability Exposure (CVE) ID: CVE-2015-8783 Common Vulnerability Exposure (CVE) ID: CVE-2015-8784 BugTraq ID: 81696 http://www.securityfocus.com/bid/81696 http://www.openwall.com/lists/oss-security/2016/01/24/4 http://www.openwall.com/lists/oss-security/2016/01/24/8 Common Vulnerability Exposure (CVE) ID: CVE-2016-3632 BugTraq ID: 85953 http://www.securityfocus.com/bid/85953 BugTraq ID: 85960 http://www.securityfocus.com/bid/85960 http://www.openwall.com/lists/oss-security/2016/04/08/9 Common Vulnerability Exposure (CVE) ID: CVE-2016-3945 Debian Security Information: DSA-3762 (Google Search) http://www.debian.org/security/2017/dsa-3762 http://www.openwall.com/lists/oss-security/2016/04/08/6 SuSE Security Announcement: openSUSE-SU-2016:2275 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-09/msg00039.html Common Vulnerability Exposure (CVE) ID: CVE-2016-3990 BugTraq ID: 86000 http://www.securityfocus.com/bid/86000 http://www.openwall.com/lists/oss-security/2016/04/12/2 Common Vulnerability Exposure (CVE) ID: CVE-2016-3991 BugTraq ID: 85996 http://www.securityfocus.com/bid/85996 http://www.openwall.com/lists/oss-security/2016/04/12/3 Common Vulnerability Exposure (CVE) ID: CVE-2016-5320
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.