FreeBSD Bugzilla – Attachment 179591 Details for
Bug 216776
graphics/linux-c6-tiff: update to 3.9.4-21.el6_8
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
security/vuxml patch
vuxml.patch (text/plain), 2.26 KB, created by
Piotr Kubaj
on 2017-02-04 12:54:51 UTC
(
hide
)
Description:
security/vuxml patch
Filename:
MIME Type:
Creator:
Piotr Kubaj
Created:
2017-02-04 12:54:51 UTC
Size:
2.26 KB
patch
obsolete
>Index: vuln.xml >=================================================================== >--- vuln.xml (revision 433169) >+++ vuln.xml (working copy) >@@ -58,6 +58,52 @@ > * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) > --> > <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> >+ <vuln vid="95883496-ead6-11e6-868f-589cfc0654e1"> >+ <topic>linux-c6-tiff, linux-c7-tiff -- multiple vulnerabilities</topic> >+ <affects> >+ <package> >+ <name>linux-c6-tiff</name> >+ <range><lt>3.9.4_5</lt></range> >+ </package> >+ <package> >+ <name>linux-c7-tiff</name> >+ <range><lt>4.0.3_3</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>Red Hat reports:</p> >+ <blockquote cite="https://rhn.redhat.com/errata/RHSA-2017-0225.html"> >+ <p>Multiple flaws have been discovered in libtiff. A remote attacker could >+ exploit these flaws to cause a crash or memory corruption and, possibly, execute >+ arbitrary code by tricking an application linked against libtiff into processing >+ specially crafted files. (CVE-2016-9533, CVE-2016-9534, CVE-2016-9535)</p> >+ <p>Multiple flaws have been discovered in various libtiff tools (tiff2pdf, >+ tiffcrop, tiffcp, bmp2tiff). By tricking a user into processing a specially >+ crafted file, a remote attacker could exploit these flaws to cause a crash or >+ memory corruption and, possibly, execute arbitrary code with the privileges of >+ the user running the libtiff tool. (CVE-2015-8870, CVE-2016-5652, CVE-2016-9540, >+ CVE-2016-9537, CVE-2016-9536)</p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <url>https://rhn.redhat.com/errata/RHSA-2017-0225.html</url> >+ <cvename>CVE-2016-9533</cvename> >+ <cvename>CVE-2016-9534</cvename> >+ <cvename>CVE-2016-9535</cvename> >+ <cvename>CVE-2015-8870</cvename> >+ <cvename>CVE-2016-5652</cvename> >+ <cvename>CVE-2016-9540</cvename> >+ <cvename>CVE-2016-9537</cvename> >+ <cvename>CVE-2016-9536</cvename> >+ </references> >+ <dates> >+ <discovery>2017-02-01</discovery> >+ <entry>2017-02-04</entry> >+ </dates> >+ </vuln> >+ > <vuln vid="5a9b3d70-48e2-4267-b196-83064cb14fe0"> > <topic>shotwell -- failure to encrypt authentication</topic> > <affects>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=179591">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 216776
:
179590
| 179591