openSUSE Security Update: Security update for tiff ______________________________________________________________________________ Announcement ID: openSUSE-SU-2018:1204-1 Rating: moderate References: #1046077 #1074318 #1081690 Cross-References: CVE-2017-17973 CVE-2017-9935 CVE-2018-5784 Affected Products: openSUSE Leap 42.3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for tiff fixes the following issues: - CVE-2017-9935: There was a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free. Given these possibilities, it probably could cause arbitrary code execution (bsc#1046077) - CVE-2017-17973: There is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. (bsc#1074318) - CVE-2018-5784: There is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file. This occurs because the declared number of directory entries is not validated against the actual number of directory entries (bsc#1081690) This update was imported from the SUSE:SLE-12:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2018-443=1 Package List: - openSUSE Leap 42.3 (i586 x86_64): libtiff-devel-4.0.9-28.1 libtiff5-4.0.9-28.1 libtiff5-debuginfo-4.0.9-28.1 tiff-4.0.9-28.1 tiff-debuginfo-4.0.9-28.1 tiff-debugsource-4.0.9-28.1 - openSUSE Leap 42.3 (x86_64): libtiff-devel-32bit-4.0.9-28.1 libtiff5-32bit-4.0.9-28.1 libtiff5-debuginfo-32bit-4.0.9-28.1 References: https://www.suse.com/security/cve/CVE-2017-17973.html https://www.suse.com/security/cve/CVE-2017-9935.html https://www.suse.com/security/cve/CVE-2018-5784.html https://bugzilla.suse.com/1046077 https://bugzilla.suse.com/1074318 https://bugzilla.suse.com/1081690