openSUSE-SU-2016:1889-1: moderate: Security update for tiff

openSUSE Security Update: Security update for tiff ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:1889-1 Rating: moderate References: #964225 #984808 #984831 #984837 #984842 #987351 Cross-References: CVE-2016-5314 CVE-2016-5316 CVE-2016-5317 CVE-2016-5320 CVE-2016-5875 Affected Products: openSUSE 13.2 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has one errata is now available. Description: This update for tiff fixes the following issues: Security issues fixed: - CVE-2016-5314: Fixed an out-of-bounds write in PixarLogDecode() function (boo#984831) - CVE-2016-5316: Fixed an out-of-bounds read in PixarLogCleanup() function in tif_pixarlog.c (boo#984837) - CVE-2016-5317: Fixed an out-of-bounds write in PixarLogDecode() function in libtiff.so (boo#984842) - CVE-2016-5320: Fixed an out-of-bounds write in PixarLogDecode() function in tif_pixarlog.c (boo#984808) - CVE-2016-5875: Fixed a heap-based buffer overflow when using the PixarLog compressionformat (boo#987351) Bugs fixed: - boo#964225: Fixed writes for invalid images (upstream bug #2522) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.2: zypper in -t patch openSUSE-2016-911=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.2 (i586 x86_64): libtiff-devel-4.0.6-10.26.1 libtiff5-4.0.6-10.26.1 libtiff5-debuginfo-4.0.6-10.26.1 tiff-4.0.6-10.26.1 tiff-debuginfo-4.0.6-10.26.1 tiff-debugsource-4.0.6-10.26.1 - openSUSE 13.2 (x86_64): libtiff-devel-32bit-4.0.6-10.26.1 libtiff5-32bit-4.0.6-10.26.1 libtiff5-debuginfo-32bit-4.0.6-10.26.1 References: https://www.suse.com/security/cve/CVE-2016-5314.html https://www.suse.com/security/cve/CVE-2016-5316.html https://www.suse.com/security/cve/CVE-2016-5317.html https://www.suse.com/security/cve/CVE-2016-5320.html https://www.suse.com/security/cve/CVE-2016-5875.html https://bugzilla.suse.com/964225 https://bugzilla.suse.com/984808 https://bugzilla.suse.com/984831 https://bugzilla.suse.com/984837 https://bugzilla.suse.com/984842 https://bugzilla.suse.com/987351