Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2017-2021 Tenable Network Security, Inc.OPENSUSE-2017-515.NASL
HistoryApr 27, 2017 - 12:00 a.m.

openSUSE Security Update : tiff (openSUSE-2017-515)

2017-04-2700:00:00
This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.
www.tenable.com
25
JSON

This update for tiff fixes the following issues :

Security issues fixed :

  • CVE-2016-10272: LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to ‘WRITE of size 2048’ and libtiff/tif_next.c:64:9 (bsc#1031247).

  • CVE-2016-10271: tools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read and buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to ‘READ of size 1’ and libtiff/tif_fax3.c:413:13 (bsc#1031249).

  • CVE-2016-10270: LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to ‘READ of size 8’ and libtiff/tif_read.c:523:22 (bsc#1031250).

  • CVE-2016-10269: LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to ‘READ of size 512’ and libtiff/tif_unix.c:340:2 (bsc#1031254).

  • CVE-2016-10268: tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF image, related to ‘READ of size 78490’ and libtiff/tif_unix.c:115:23 (bsc#1031255).

  • CVE-2016-10267: LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_ojpeg.c:816:8 (bsc#1031262).

  • CVE-2016-10266: LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_read.c:351:22. (bsc#1031263).

This update was imported from the SUSE:SLE-12:Update update project.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2017-515.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(99704);
  script_version("3.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2016-10266", "CVE-2016-10267", "CVE-2016-10268", "CVE-2016-10269", "CVE-2016-10270", "CVE-2016-10271", "CVE-2016-10272");

  script_name(english:"openSUSE Security Update : tiff (openSUSE-2017-515)");
  script_summary(english:"Check for the openSUSE-2017-515 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for tiff fixes the following issues :

Security issues fixed :

  - CVE-2016-10272: LibTIFF 4.0.7 allows remote attackers to
    cause a denial of service (heap-based buffer overflow)
    or possibly have unspecified other impact via a crafted
    TIFF image, related to 'WRITE of size 2048' and
    libtiff/tif_next.c:64:9 (bsc#1031247).

  - CVE-2016-10271: tools/tiffcrop.c in LibTIFF 4.0.7 allows
    remote attackers to cause a denial of service
    (heap-based buffer over-read and buffer overflow) or
    possibly have unspecified other impact via a crafted
    TIFF image, related to 'READ of size 1' and
    libtiff/tif_fax3.c:413:13 (bsc#1031249).

  - CVE-2016-10270: LibTIFF 4.0.7 allows remote attackers to
    cause a denial of service (heap-based buffer over-read)
    or possibly have unspecified other impact via a crafted
    TIFF image, related to 'READ of size 8' and
    libtiff/tif_read.c:523:22 (bsc#1031250).

  - CVE-2016-10269: LibTIFF 4.0.7 allows remote attackers to
    cause a denial of service (heap-based buffer over-read)
    or possibly have unspecified other impact via a crafted
    TIFF image, related to 'READ of size 512' and
    libtiff/tif_unix.c:340:2 (bsc#1031254).

  - CVE-2016-10268: tools/tiffcp.c in LibTIFF 4.0.7 allows
    remote attackers to cause a denial of service (integer
    underflow and heap-based buffer under-read) or possibly
    have unspecified other impact via a crafted TIFF image,
    related to 'READ of size 78490' and
    libtiff/tif_unix.c:115:23 (bsc#1031255).

  - CVE-2016-10267: LibTIFF 4.0.7 allows remote attackers to
    cause a denial of service (divide-by-zero error and
    application crash) via a crafted TIFF image, related to
    libtiff/tif_ojpeg.c:816:8 (bsc#1031262).

  - CVE-2016-10266: LibTIFF 4.0.7 allows remote attackers to
    cause a denial of service (divide-by-zero error and
    application crash) via a crafted TIFF image, related to
    libtiff/tif_read.c:351:22. (bsc#1031263).

This update was imported from the SUSE:SLE-12:Update update project."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1031247"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1031249"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1031250"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1031254"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1031255"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1031262"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1031263"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected tiff packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtiff-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtiff-devel-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtiff5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtiff5-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtiff5-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libtiff5-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tiff");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tiff-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tiff-debugsource");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2");

  script_set_attribute(attribute:"patch_publication_date", value:"2017/04/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/04/27");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE42\.1|SUSE42\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.1 / 42.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE42.1", reference:"libtiff-devel-4.0.7-18.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"libtiff5-4.0.7-18.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"libtiff5-debuginfo-4.0.7-18.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"tiff-4.0.7-18.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"tiff-debuginfo-4.0.7-18.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"tiff-debugsource-4.0.7-18.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libtiff-devel-32bit-4.0.7-18.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libtiff5-32bit-4.0.7-18.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libtiff5-debuginfo-32bit-4.0.7-18.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"libtiff-devel-4.0.7-17.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"libtiff5-4.0.7-17.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"libtiff5-debuginfo-4.0.7-17.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"tiff-4.0.7-17.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"tiff-debuginfo-4.0.7-17.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"tiff-debugsource-4.0.7-17.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libtiff-devel-32bit-4.0.7-17.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libtiff5-32bit-4.0.7-17.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libtiff5-debuginfo-32bit-4.0.7-17.3.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libtiff-devel-32bit / libtiff-devel / libtiff5-32bit / libtiff5 / etc");
}
VendorProductVersionCPE
novellopensuselibtiff-develp-cpe:/a:novell:opensuse:libtiff-devel
novellopensuselibtiff-devel-32bitp-cpe:/a:novell:opensuse:libtiff-devel-32bit
novellopensuselibtiff5p-cpe:/a:novell:opensuse:libtiff5
novellopensuselibtiff5-32bitp-cpe:/a:novell:opensuse:libtiff5-32bit
novellopensuselibtiff5-debuginfop-cpe:/a:novell:opensuse:libtiff5-debuginfo
novellopensuselibtiff5-debuginfo-32bitp-cpe:/a:novell:opensuse:libtiff5-debuginfo-32bit
novellopensusetiffp-cpe:/a:novell:opensuse:tiff
novellopensusetiff-debuginfop-cpe:/a:novell:opensuse:tiff-debuginfo
novellopensusetiff-debugsourcep-cpe:/a:novell:opensuse:tiff-debugsource
novellopensuse42.1cpe:/o:novell:opensuse:42.1
Rows per page:
1-10 of 111

Related

suse 2
nessus 18
fedora 2
openvas 21
osv 11
debian 2
mageia 1
redhatcve 7
veracode 4
prion 7
debiancve 7
cve 7
ubuntucve 7
ubuntu 1
cloudfoundry 1
gentoo 1
ibm 1
suse
suse
Security update for tiff (important)
2017-04-18 15:13:00
Security update for tiff (important)
2017-04-26 18:11:51
nessus
nessus
SUSE SLED12 / SLES12 Security Update : tiff (SUSE-SU-2017:1044-1)
2017-04-19 00:00:00
Fedora 25 : libtiff (2017-ab3acddd21)
2017-04-11 00:00:00
Fedora 26 : libtiff (2017-05b9048fbc)
2017-07-17 00:00:00
fedora
fedora
[SECURITY] Fedora 26 Update: libtiff-4.0.7-4.fc26
2017-04-09 16:46:08
[SECURITY] Fedora 25 Update: libtiff-4.0.7-4.fc25
2017-04-10 21:22:19
openvas
openvas
openSUSE: Security Advisory for tiff (openSUSE-SU-2017:1108-1)
2017-04-27 00:00:00
SUSE: Security Advisory (SUSE-SU-2017:1044-1)
2021-04-19 00:00:00
Fedora Update for libtiff FEDORA-2017-ab3acddd21
2017-04-12 00:00:00
osv
osv
tiff - security update
2017-03-28 00:00:00
CVE-2016-10270
2017-03-24 19:59:00
CVE-2016-10266
2017-03-24 19:59:00
debian
debian
[SECURITY] [DLA 877-1] tiff security update
2017-03-28 14:05:46
[SECURITY] [DSA 3844-1] tiff security update
2017-05-03 21:06:19
mageia
mageia
Updated libtiff packages fix security vulnerability
2017-07-01 10:04:05
redhatcve
redhatcve
CVE-2016-10270
2017-04-03 12:49:07
CVE-2016-10272
2017-04-03 13:19:15
CVE-2016-10266
2017-04-03 13:50:40
veracode
veracode
Denial Of Service (DoS)
2018-05-22 12:21:20
Denial Of Service (DoS) Through Divide By Zero
2018-05-22 08:42:25
Denial Of Service (DoS)
2018-04-27 17:42:47
prion
prion
Heap overflow
2017-03-24 19:59:00
Heap overflow
2017-03-24 19:59:00
Denial of service
2017-03-24 19:59:00
debiancve
debiancve
CVE-2016-10270
2017-03-24 19:59:00
CVE-2016-10269
2017-03-24 19:59:00
CVE-2016-10272
2017-03-24 19:59:00
cve
cve
CVE-2016-10270
2017-03-24 19:59:00
CVE-2016-10266
2017-03-24 19:59:00
CVE-2016-10272
2017-03-24 19:59:00
ubuntucve
ubuntucve
CVE-2016-10270
2017-03-24 00:00:00
CVE-2016-10267
2017-03-24 00:00:00
CVE-2016-10269
2017-03-24 00:00:00
ubuntu
ubuntu
LibTIFF vulnerabilities
2018-03-20 00:00:00
cloudfoundry
cloudfoundry
USN-3602-1: LibTIFF vulnerabilities | Cloud Foundry
2018-05-02 00:00:00
gentoo
gentoo
libTIFF: Multiple vulnerabilities
2017-09-26 00:00:00
ibm
ibm
Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in libTIFF
2023-12-07 22:45:03
JSON
Related for OPENSUSE-2017-515.NASL
suse2nessus18fedora2openvas21osv11debian2mageia1redhatcve7veracode4prion7debiancve7cve7ubuntucve7ubuntu1cloudfoundry1gentoo1ibm1