安全公告详情

NS-SA-2019-0227

2019-12-27 14:15:31

简介

moderate: libjpeg-turbo/libtiff security update

严重级别

moderate

主题

An update for libjpeg-turbo/libtiff is now available for NewStart CGSL MAIN 5.05/CGSL CORE 5.05.
NewStart Security has rated this update as having a security impact of moderate. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

libjpeg-turbo: The turbojpeg package contains the TurboJPEG shared library.
libtiff: The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if you need to manipulate TIFF format image files.


Security Fix(es):
libjpeg-turbo: The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file.(CVE-2016-3616)
libjpeg-turbo: 9c has a large loop because read_pixel in rdtarga.c mishandles EOF.(CVE-2018-11813)
libjpeg-turbo: An out-of-bound read vulnerability has been discovered in libjpeg-turbo when reading one row of pixels of a PGM file. An attacker could use this flaw to crash the application and cause a denial of service.(CVE-2018-11213)
libjpeg-turbo: An out-of-bounds read vulnerability has been discovered in libjpeg-turbo when reading one row of pixels of a PPM file. An attacker could use this flaw to crash the application and cause a denial of service.(CVE-2018-11214)
libjpeg-turbo: A divide by zero vulnerability has been discovered in libjpeg-turbo in alloc_sarray function of jmemmgr.c file. An attacker could use this vulnerability to cause a denial of service via a crafted file.(CVE-2018-11212)
libjpeg-turbo: _8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries.(CVE-2018-14498)
libjpeg-turbo: bugfix
libtiff: Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted GIF file.(CVE-2016-3186)
libtiff: Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file.(CVE-2018-12900)
libtiff: The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726.(CVE-2018-10963)
libtiff: An integer overflow has been discovered in libtiff in TIFFSetupStrips:tif_write.c, which could lead to a heap-based buffer overflow in TIFFWriteScanline:tif_write.c. An attacker may use this vulnerability to corrupt memory or cause Denial of Service.(CVE-2018-10779)
libtiff: In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps.(CVE-2018-8905)
libtiff: A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.)(CVE-2018-7456)
libtiff: An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file.(CVE-2018-17100)
libtiff: An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file.(CVE-2018-17101)
libtiff: LibTIFF 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write.(CVE-2018-18557)
libtiff: An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c.(CVE-2018-18661)
libtiff: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 5.05.F7.

影响组件

  • libjpeg-turbo
  • libtiff

影响产品

  • CGSL MAIN 5.05
  • CGSL CORE 5.05

更新包

{"fix":[{"product":"CGSL MAIN 5.05","pkgs":[{"binary":["turbojpeg-1.2.90-8.el7.x86_64.rpm","turbojpeg-devel-1.2.90-8.el7.x86_64.rpm","libjpeg-turbo-1.2.90-8.el7.x86_64.rpm","libjpeg-turbo-debuginfo-1.2.90-8.el7.x86_64.rpm","libjpeg-turbo-devel-1.2.90-8.el7.x86_64.rpm","libjpeg-turbo-static-1.2.90-8.el7.x86_64.rpm","libjpeg-turbo-utils-1.2.90-8.el7.x86_64.rpm"],"source":"libjpeg-turbo-1.2.90-8.el7.src.rpm"},{"binary":["libtiff-4.0.3-32.el7.x86_64.rpm","libtiff-debuginfo-4.0.3-32.el7.x86_64.rpm","libtiff-devel-4.0.3-32.el7.x86_64.rpm","libtiff-static-4.0.3-32.el7.x86_64.rpm","libtiff-tools-4.0.3-32.el7.x86_64.rpm"],"source":"libtiff-4.0.3-32.el7.src.rpm"}]},{"product":"CGSL CORE 5.05","pkgs":[{"binary":["turbojpeg-1.2.90-8.el7.x86_64.rpm","turbojpeg-devel-1.2.90-8.el7.x86_64.rpm","libjpeg-turbo-1.2.90-8.el7.x86_64.rpm","libjpeg-turbo-debuginfo-1.2.90-8.el7.x86_64.rpm","libjpeg-turbo-devel-1.2.90-8.el7.x86_64.rpm","libjpeg-turbo-static-1.2.90-8.el7.x86_64.rpm","libjpeg-turbo-utils-1.2.90-8.el7.x86_64.rpm"],"source":"libjpeg-turbo-1.2.90-8.el7.src.rpm"},{"binary":["libtiff-4.0.3-32.el7.x86_64.rpm","libtiff-debuginfo-4.0.3-32.el7.x86_64.rpm","libtiff-devel-4.0.3-32.el7.x86_64.rpm","libtiff-static-4.0.3-32.el7.x86_64.rpm","libtiff-tools-4.0.3-32.el7.x86_64.rpm"],"source":"libtiff-4.0.3-32.el7.src.rpm"}]}]}

CVE

参考