Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
slackwareSlackware Linux ProjectSSA-2013-290-01
HistoryOct 18, 2013 - 7:38 p.m.

[slackware-security] libtiff

2013-10-1819:38:32
Slackware Linux Project
www.slackware.com
18

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.07 Low

EPSS

Percentile

93.9%

JSON

New libtiff packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37,
14.0, and -current to fix security issues.

Here are the details from the Slackware 14.0 ChangeLog:

patches/packages/libtiff-3.9.7-i486-1_slack14.0.txz: Upgraded.
Patched overflows, crashes, and out of bounds writes.
Thanks to mancha for the backported patches.
For more information, see:
https://vulners.com/cve/CVE-2012-2088
https://vulners.com/cve/CVE-2012-2113
https://vulners.com/cve/CVE-2012-4447
https://vulners.com/cve/CVE-2012-4564
https://vulners.com/cve/CVE-2013-1960
https://vulners.com/cve/CVE-2013-1961
https://vulners.com/cve/CVE-2013-4231
https://vulners.com/cve/CVE-2013-4232
https://vulners.com/cve/CVE-2013-4244
(* Security fix *)

Where to find the new packages:

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/libtiff-3.9.7-i486-1_slack12.1.tgz

Updated package for Slackware 12.2:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/libtiff-3.9.7-i486-1_slack12.2.tgz

Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/libtiff-3.9.7-i486-1_slack13.0.txz

Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/libtiff-3.9.7-x86_64-1_slack13.0.txz

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/libtiff-3.9.7-i486-1_slack13.1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/libtiff-3.9.7-x86_64-1_slack13.1.txz

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/libtiff-3.9.7-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/libtiff-3.9.7-x86_64-1_slack13.37.txz

Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/libtiff-3.9.7-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/libtiff-3.9.7-x86_64-1_slack14.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libtiff-3.9.7-i486-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libtiff-3.9.7-x86_64-1.txz

MD5 signatures:

Slackware 12.1 package:
4119dd6983587cc822c926b87cabdda8 libtiff-3.9.7-i486-1_slack12.1.tgz

Slackware 12.2 package:
97736443343ba31c3d041eef3560b4ae libtiff-3.9.7-i486-1_slack12.2.tgz

Slackware 13.0 package:
cff78f2b00f74132a47a4e16ede860c9 libtiff-3.9.7-i486-1_slack13.0.txz

Slackware x86_64 13.0 package:
de4d32b50320fc281e735c25f1556450 libtiff-3.9.7-x86_64-1_slack13.0.txz

Slackware 13.1 package:
eacdd28fc4c28f3fb557f63bc8b91ceb libtiff-3.9.7-i486-1_slack13.1.txz

Slackware x86_64 13.1 package:
d09b713720b2405b46f275dbeb0cb44f libtiff-3.9.7-x86_64-1_slack13.1.txz

Slackware 13.37 package:
89bee8ce291da41be1b094820d339f36 libtiff-3.9.7-i486-1_slack13.37.txz

Slackware x86_64 13.37 package:
ff80be9f6782f5abd15fc8f61453671f libtiff-3.9.7-x86_64-1_slack13.37.txz

Slackware 14.0 package:
b46e7c734d91c5f244f29ddaf4e63575 libtiff-3.9.7-i486-1_slack14.0.txz

Slackware x86_64 14.0 package:
8f191ca18a44da5f0dbab9eefba93db6 libtiff-3.9.7-x86_64-1_slack14.0.txz

Slackware -current package:
68f02cadea225a0f1d1e085842bc9f43 l/libtiff-3.9.7-i486-1.txz

Slackware x86_64 -current package:
77b0fa68c52be40b5d9a1037a8925f70 l/libtiff-3.9.7-x86_64-1.txz

Installation instructions:

Upgrade the package as root:
> upgradepkg libtiff-3.9.7-i486-1_slack14.0.txz

Related

nessus 62
openvas 74
gentoo 1
fedora 17
f5 2
oraclelinux 4
centos 3
redhat 5
veracode 8
debian 2
amazon 4
securityvulns 8
osv 2
ubuntu 4
suse 1
mageia 1
altlinux 1
nessus
nessus
Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 14.0 / current : libtiff (SSA:2013-290-01)
2013-10-20 00:00:00
GLSA-201402-21 : libTIFF: Multiple vulnerabilities
2014-02-23 00:00:00
Scientific Linux Security Update : libtiff on SL5.x i386/x86_64 (20140227)
2014-02-28 00:00:00
openvas
openvas
Slackware: Security Advisory (SSA:2013-290-01)
2022-04-21 00:00:00
Gentoo Security Advisory GLSA 201402-21
2015-09-29 00:00:00
Fedora Update for mingw-libtiff FEDORA-2014-6831
2014-06-17 00:00:00
gentoo
gentoo
libTIFF: Multiple vulnerabilities
2014-02-21 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: libtiff-4.0.3-9.fc18
2013-09-18 12:58:47
[SECURITY] Fedora 20 Update: mingw-libtiff-4.0.3-4.fc20
2014-06-10 02:56:35
[SECURITY] Fedora 19 Update: mingw-libtiff-4.0.3-4.fc19
2014-06-10 03:14:08
f5
f5
SOL16715 - Multiple LibTIFF vulnerabilities
2015-06-05 00:00:00
K16715 : Multiple LibTIFF vulnerabilities
2015-06-05 00:00:00
oraclelinux
oraclelinux
libtiff security update
2014-02-27 00:00:00
libtiff security update
2014-02-27 00:00:00
libtiff security update
2012-07-03 00:00:00
centos
centos
libtiff security update
2014-02-28 00:37:27
libtiff security update
2014-02-28 00:43:50
libtiff security update
2012-07-03 13:30:55
redhat
redhat
(RHSA-2014:0223) Moderate: libtiff security update
2014-02-27 00:00:00
(RHSA-2014:0222) Moderate: libtiff security update
2014-02-27 00:00:00
(RHSA-2012:1054) Important: libtiff security update
2012-07-03 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:01:26
Denial Of Service (DoS)
2019-05-02 05:01:26
Denial Of Service (DoS)
2019-05-02 05:01:26
debian
debian
[SECURITY] [DSA 2744-1] tiff security update
2013-08-27 15:27:12
[SECURITY] [DSA 2698-1] tiff security update
2013-06-18 19:39:25
amazon
amazon
Medium: libtiff
2014-03-13 18:13:00
Medium: libtiff
2014-06-26 10:31:00
Important: libtiff
2012-07-06 16:18:00
securityvulns
securityvulns
libtiff multiple security vulnerabilities
2013-08-28 00:00:00
[SECURITY] [DSA 2744-1] tiff security update
2013-08-28 00:00:00
libtiff buffer overflow
2012-11-18 00:00:00
osv
osv
tiff - several
2013-08-27 00:00:00
tiff - buffer overflow
2013-06-18 00:00:00
ubuntu
ubuntu
LibTIFF vulnerabilities
2014-05-06 00:00:00
LibTIFF vulnerabilities
2012-11-15 00:00:00
tiff vulnerabilities
2012-07-05 00:00:00
suse
suse
Security update for libtiff (important)
2012-07-19 22:08:33
mageia
mageia
Updated libtiff packagess fix multiple security vulnerabilities
2013-08-22 22:20:56
altlinux
altlinux
Security fix for the ALT Linux 10 package libtiff version 3.9.6-alt3
2012-08-27 00:00:00

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.07 Low

EPSS

Percentile

93.9%

JSON
Related for SSA-2013-290-01
nessus62openvas74gentoo1fedora17f52oraclelinux4centos3redhat5veracode8debian2amazon4securityvulns8osv2ubuntu4suse1mageia1altlinux1