Lucene search

Gentoo FoundationMGASA-2016-0405

HistoryNov 28, 2016 - 3:13 a.m.

Updated libtiff packages fix security vulnerability

2016-11-2803:13:28

Gentoo Foundation

advisories.mageia.org

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.018 Low

EPSS

Percentile

87.9%

JSON

The updated packages fix: - A regression introduced by the fix for CVE-2016-9297 (CVE-2016-9448). - An out-of-bounds Write memcpy and less bound check in tiff2pdf (CVE-2016-9453).

OSVersionArchitecturePackageVersionFilename
Mageia5noarchlibtiff< 4.0.7-1libtiff-4.0.7-1.mga5

OS	Version	Architecture	Package	Version	Filename
Mageia	5	noarch	libtiff	< 4.0.7-1	libtiff-4.0.7-1.mga5

References

openwall.com/lists/oss-security/2016/11/18/11

openwall.com/lists/oss-security/2016/11/18/15

openwall.com/lists/oss-security/2016/11/18/4

openwall.com/lists/oss-security/2016/11/19/1

bugs.mageia.org/show_bug.cgi?id=19813

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.018 Low

EPSS

Percentile

87.9%

JSON

Related for MGASA-2016-0405