Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2016-911.NASL
HistoryJul 28, 2016 - 12:00 a.m.

openSUSE Security Update : tiff (openSUSE-2016-911)

2016-07-2800:00:00
This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
15
JSON

This update for tiff fixes the following issues :

Security issues fixed :

  • CVE-2016-5314: Fixed an out-of-bounds write in PixarLogDecode() function (boo#984831)

  • CVE-2016-5316: Fixed an out-of-bounds read in PixarLogCleanup() function in tif_pixarlog.c (boo#984837)

  • CVE-2016-5317: Fixed an out-of-bounds write in PixarLogDecode() function in libtiff.so (boo#984842)

  • CVE-2016-5320: Fixed an out-of-bounds write in PixarLogDecode() function in tif_pixarlog.c (boo#984808)

  • CVE-2016-5875: Fixed a heap-based buffer overflow when using the PixarLog compressionformat (boo#987351)

Bugs fixed :

  • boo#964225: Fixed writes for invalid images (upstream bug #2522)
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2016-911.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(92597);
  script_version("2.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2016-5314", "CVE-2016-5316", "CVE-2016-5317", "CVE-2016-5320", "CVE-2016-5875");

  script_name(english:"openSUSE Security Update : tiff (openSUSE-2016-911)");
  script_summary(english:"Check for the openSUSE-2016-911 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for tiff fixes the following issues :

Security issues fixed :

  - CVE-2016-5314: Fixed an out-of-bounds write in
    PixarLogDecode() function (boo#984831)

  - CVE-2016-5316: Fixed an out-of-bounds read in
    PixarLogCleanup() function in tif_pixarlog.c
    (boo#984837)

  - CVE-2016-5317: Fixed an out-of-bounds write in
    PixarLogDecode() function in libtiff.so (boo#984842)

  - CVE-2016-5320: Fixed an out-of-bounds write in
    PixarLogDecode() function in tif_pixarlog.c (boo#984808)

  - CVE-2016-5875: Fixed a heap-based buffer overflow when
    using the PixarLog compressionformat (boo#987351)

Bugs fixed :

  - boo#964225: Fixed writes for invalid images (upstream
    bug #2522)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=964225"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=984808"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=984831"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=984837"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=984842"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=987351"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected tiff packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtiff-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtiff-devel-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtiff5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtiff5-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtiff5-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtiff5-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tiff");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tiff-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tiff-debugsource");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2");

  script_set_attribute(attribute:"patch_publication_date", value:"2016/07/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/07/28");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE13.2", reference:"libtiff-devel-4.0.6-10.26.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libtiff5-4.0.6-10.26.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libtiff5-debuginfo-4.0.6-10.26.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"tiff-4.0.6-10.26.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"tiff-debuginfo-4.0.6-10.26.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"tiff-debugsource-4.0.6-10.26.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libtiff-devel-32bit-4.0.6-10.26.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libtiff5-32bit-4.0.6-10.26.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libtiff5-debuginfo-32bit-4.0.6-10.26.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libtiff-devel-32bit / libtiff-devel / libtiff5-32bit / libtiff5 / etc");
}
VendorProductVersionCPE
novellopensuselibtiff-develp-cpe:/a:novell:opensuse:libtiff-devel
novellopensuselibtiff-devel-32bitp-cpe:/a:novell:opensuse:libtiff-devel-32bit
novellopensuselibtiff5p-cpe:/a:novell:opensuse:libtiff5
novellopensuselibtiff5-32bitp-cpe:/a:novell:opensuse:libtiff5-32bit
novellopensuselibtiff5-debuginfop-cpe:/a:novell:opensuse:libtiff5-debuginfo
novellopensuselibtiff5-debuginfo-32bitp-cpe:/a:novell:opensuse:libtiff5-debuginfo-32bit
novellopensusetiffp-cpe:/a:novell:opensuse:tiff
novellopensusetiff-debuginfop-cpe:/a:novell:opensuse:tiff-debuginfo
novellopensusetiff-debugsourcep-cpe:/a:novell:opensuse:tiff-debugsource
novellopensuse13.2cpe:/o:novell:opensuse:13.2

Related

redhatcve 5
nessus 30
freebsd 1
openvas 20
debian 3
osv 6
ubuntucve 4
prion 6
alpinelinux 5
cve 6
f5 1
debiancve 3
veracode 2
mageia 1
seebug 1
talos 1
threatpost 1
cloudfoundry 1
ubuntu 1
archlinux 2
gentoo 1
amazon 2
kitploit 1
slackware 1
rosalinux 1
suse 1
ibm 2
centos 2
redhat 2
oraclelinux 2
redhatcve
redhatcve
CVE-2016-5875
2016-10-28 07:47:23
CVE-2016-5320
2016-06-15 08:18:35
CVE-2016-5316
2016-06-15 08:19:06
nessus
nessus
FreeBSD : tiff -- buffer overflow (0ab66088-4aa5-11e6-a7bd-14dae9d210b8)
2016-07-18 00:00:00
openSUSE Security Update : tiff (openSUSE-2016-1089)
2016-09-19 00:00:00
SUSE SLED12 / SLES12 Security Update : tiff (SUSE-SU-2016:2271-1)
2016-09-12 00:00:00
freebsd
freebsd
tiff -- buffer overflow
2016-06-28 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2016:2271-1)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:2527-1)
2021-06-09 00:00:00
Debian: Security Advisory (DLA-606-1)
2023-03-08 00:00:00
debian
debian
[SECURITY] [DLA 606-1] tiff security update
2016-08-30 22:21:03
[SECURITY] [DLA 610-1] tiff3 security update
2016-09-04 22:05:02
[SECURITY] [DSA 3762-1] tiff security update
2017-01-13 15:45:41
osv
osv
CVE-2016-5320
2018-03-12 02:29:00
CVE-2016-5875
2018-03-12 02:29:00
CVE-2016-5316
2017-01-20 15:59:00
ubuntucve
ubuntucve
CVE-2016-5317
2017-01-20 00:00:00
CVE-2016-5316
2017-01-20 00:00:00
CVE-2016-5314
2016-06-15 00:00:00
prion
prion
Design/Logic Flaw
2018-03-12 02:29:00
Design/Logic Flaw
2018-03-12 02:29:00
Design/Logic Flaw
2017-01-20 15:59:00
alpinelinux
alpinelinux
CVE-2016-5320
2018-03-12 02:29:00
CVE-2016-5875
2018-03-12 02:29:00
CVE-2016-5316
2017-01-20 15:59:00
cve
cve
CVE-2016-5875
2018-03-12 02:29:00
CVE-2016-5320
2018-03-12 02:29:00
CVE-2016-5316
2017-01-20 15:59:00
f5
f5
K89096577 : LibTIFF vulnerabilities CVE-2016-5314 and CVE-2015-8784
2016-11-08 00:00:00
debiancve
debiancve
CVE-2016-5316
2017-01-20 15:59:00
CVE-2016-5317
2017-01-20 15:59:00
CVE-2016-5314
2018-03-12 02:29:00
veracode
veracode
Denial Of Service (DoS)
2018-04-25 09:05:08
Denial Of Service (DoS)
2018-07-24 08:05:53
mageia
mageia
The updated packages fix libtiff security vulnerabilities
2016-10-21 01:35:16
seebug
seebug
LibTIFF PixarLogDecode Remote Code Execution Vulnerability(CVE-2016-5875)
2017-10-12 00:00:00
talos
talos
LibTIFF PixarLogDecode Remote Code Execution Vulnerability
2016-10-25 00:00:00
threatpost
threatpost
Remote Code Execution Vulnerabilities Plague LibTIFF Library
2016-10-26 12:34:20
cloudfoundry
cloudfoundry
USN-3212-1: LibTIFF vulnerabilities | Cloud Foundry
2017-03-17 00:00:00
ubuntu
ubuntu
LibTIFF vulnerabilities
2017-02-27 00:00:00
archlinux
archlinux
[ASA-201611-27] lib32-libtiff: multiple issues
2016-11-25 00:00:00
[ASA-201611-26] libtiff: multiple issues
2016-11-25 00:00:00
gentoo
gentoo
libTIFF: Multiple vulnerabilities
2017-01-09 00:00:00
amazon
amazon
Important: compat-libtiff3
2016-08-17 13:30:00
Important: libtiff
2016-08-17 13:30:00
kitploit
kitploit
arch-audit - An utility like pkg-audit for Arch Linux
2016-10-15 14:30:00
slackware
slackware
[slackware-security] libtiff
2017-04-08 20:11:36
rosalinux
rosalinux
Advisory ROSA-SA-2021-1896
2021-07-02 17:18:37
suse
suse
Security update for tiff (important)
2016-12-07 15:08:51
ibm
ibm
Security Bulletin: Multiple vulnerabilities in libtiff affect PowerKVM
2018-06-18 01:33:05
Security Bulletin: Libtiff vulnerabilities affect IBM SmartClound Entry
2020-07-19 00:49:12
centos
centos
libtiff security update
2016-08-02 21:57:58
libtiff security update
2016-08-02 15:06:00
redhat
redhat
(RHSA-2016:1546) Important: libtiff security update
2016-08-02 14:26:49
(RHSA-2016:1547) Important: libtiff security update
2016-08-02 14:27:54
oraclelinux
oraclelinux
libtiff security update
2016-08-02 00:00:00
libtiff security update
2016-08-02 00:00:00
JSON
Related for OPENSUSE-2016-911.NASL
redhatcve5nessus30freebsd1openvas20debian3osv6ubuntucve4prion6alpinelinux5cve6f51debiancve3veracode2mageia1seebug1talos1threatpost1cloudfoundry1ubuntu1archlinux2gentoo1amazon2kitploit1slackware1rosalinux1suse1ibm2centos2redhat2oraclelinux2