openSUSE Security Update: update for tiff ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:1484-1 Rating: moderate References: #834477 #834779 #834788 Cross-References: CVE-2013-4231 CVE-2013-4232 CVE-2013-4243 CVE-2013-4244 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This tiff security update fixes several buffer overflow issues and a out-of-bounds wirte problem. * tiff: buffer overflows/use after free problem [CVE-2013-4231][CVE-2013-4232][bnc#834477] * libtiff (gif2tiff): OOB Write in LZW decompressor [CVE-2013-4244][bnc#834788] * libtiff (gif2tiff): heap-based buffer overflow in readgifimage() [CVE-2013-4243][bnc#834779] Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch 2013-139 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): libtiff-devel-3.9.4-42.1 libtiff3-3.9.4-42.1 libtiff3-debuginfo-3.9.4-42.1 tiff-3.9.4-42.1 tiff-debuginfo-3.9.4-42.1 tiff-debugsource-3.9.4-42.1 - openSUSE 11.4 (x86_64): libtiff-devel-32bit-3.9.4-42.1 libtiff3-32bit-3.9.4-42.1 libtiff3-debuginfo-32bit-3.9.4-42.1 - openSUSE 11.4 (ia64): libtiff3-debuginfo-x86-3.9.4-42.1 libtiff3-x86-3.9.4-42.1 References: http://support.novell.com/security/cve/CVE-2013-4231.html http://support.novell.com/security/cve/CVE-2013-4232.html http://support.novell.com/security/cve/CVE-2013-4243.html http://support.novell.com/security/cve/CVE-2013-4244.html https://bugzilla.novell.com/834477 https://bugzilla.novell.com/834779 https://bugzilla.novell.com/834788