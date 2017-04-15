Login
Sicherheit: Mehrere Probleme in libtiff
Name: Mehrere Probleme in libtiff
ID: FEDORA-2017-021bebae25
Distribution: Fedora
Plattformen: Fedora 25
Datum: Sa, 15. April 2017, 02:12
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7595
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7600
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7602
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7592
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7593
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7599
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7596
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7597
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7594
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7598
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7601

Fedora Update Notification

FEDORA-2017-021bebae25

2017-04-14 17:18:15.814481

Name        : libtiff

Product     : Fedora 25

Version     : 4.0.7

Release     : 5.fc25

URL         : http://www.simplesystems.org/libtiff/

Summary     : Library of functions for manipulating TIFF format image files

Description :

The libtiff package contains a library of functions for manipulating

TIFF (Tagged Image File Format) image format files.  TIFF is a widely

used file format for bitmapped images.  TIFF files usually end in the

.tif extension and they are often quite large.



The libtiff package should be installed if you need to manipulate TIFF

format image files.



Update Information:



Security fix for:  * **CVE-2017-7592** * **CVE-2017-7593** * **CVE-2017-7594**
 *

**CVE-2017-7595** * **CVE-2017-7596** * **CVE-2017-7597** * **CVE-2017-7598**
 *

**CVE-2017-7599** * **CVE-2017-7600** * **CVE-2017-7601** * **CVE-2017-7602**

References:



  [ 1 ] Bug #1441263 - CVE-2017-7602 libtiff: Signed integer overflow in
 tif_read.c

        https://bugzilla.redhat.com/show_bug.cgi?id=1441263

  [ 2 ] Bug #1441261 - CVE-2017-7601 libtiff: Signed integer overflow in
 tif_jpeg.c

        https://bugzilla.redhat.com/show_bug.cgi?id=1441261

  [ 3 ] Bug #1441260 - CVE-2017-7600 libtiff: Unsigned char out of range in
 tif_dirwrite.c

        https://bugzilla.redhat.com/show_bug.cgi?id=1441260

  [ 4 ] Bug #1441259 - CVE-2017-7599 libtiff: Unsigned short out of range in
 tif_dirwrite.c

        https://bugzilla.redhat.com/show_bug.cgi?id=1441259

  [ 5 ] Bug #1441254 - CVE-2017-7598 libtiff: Divide-by-zero in tif_dirread.c

        https://bugzilla.redhat.com/show_bug.cgi?id=1441254

  [ 6 ] Bug #1441252 - CVE-2017-7597 libtiff: Float out of range issue in
 tif_dirread.c

        https://bugzilla.redhat.com/show_bug.cgi?id=1441252

  [ 7 ] Bug #1441250 - CVE-2017-7596 libtiff: Float out of range issue in
 tif_dir.c

        https://bugzilla.redhat.com/show_bug.cgi?id=1441250

  [ 8 ] Bug #1441248 - CVE-2017-7595 libtiff: Divide-by-zero in JPEGSetupEncode
 (tiff_jpeg.c)

        https://bugzilla.redhat.com/show_bug.cgi?id=1441248

  [ 9 ] Bug #1441247 - CVE-2017-7594 libtiff: Memory leak in
 OJPEGReadHeaderInfoSecTablesDcTable function

        https://bugzilla.redhat.com/show_bug.cgi?id=1441247

  [ 10 ] Bug #1441246 - CVE-2017-7593 libtiff: tif_rawdata not properly
 initialized in tif_read.c

        https://bugzilla.redhat.com/show_bug.cgi?id=1441246

  [ 11 ] Bug #1441240 - CVE-2017-7592 libtiff: Left shift of unsigned char
 without a cast

        https://bugzilla.redhat.com/show_bug.cgi?id=1441240

This update can be installed with the "dnf" update program. Use

su -c 'dnf upgrade libtiff' at the command line.

For more information, refer to the dnf documentation available at

http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label



All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/keys

_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
