openSUSE Security Update: update for tiff ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:1482-1 Rating: moderate References: #834477 #834779 #834788 Cross-References: CVE-2013-4231 CVE-2013-4232 CVE-2013-4243 CVE-2013-4244 Affected Products: openSUSE 12.3 openSUSE 12.2 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This tiff security update fixes several buffer overflow issues and a out-of-bounds wirte problem. * tiff: buffer overflows/use after free problem [CVE-2013-4231][CVE-2013-4232][bnc#834477] * libtiff (gif2tiff): OOB Write in LZW decompressor [CVE-2013-4244][bnc#834788] * libtiff (gif2tiff): heap-based buffer overflow in readgifimage() [CVE-2013-4243][bnc#834779] Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.3: zypper in -t patch openSUSE-2013-715 - openSUSE 12.2: zypper in -t patch openSUSE-2013-715 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.3 (i586 x86_64): libtiff-devel-4.0.3-2.8.1 libtiff5-4.0.3-2.8.1 libtiff5-debuginfo-4.0.3-2.8.1 tiff-4.0.3-2.8.1 tiff-debuginfo-4.0.3-2.8.1 tiff-debugsource-4.0.3-2.8.1 - openSUSE 12.3 (x86_64): libtiff-devel-32bit-4.0.3-2.8.1 libtiff5-32bit-4.0.3-2.8.1 libtiff5-debuginfo-32bit-4.0.3-2.8.1 - openSUSE 12.2 (i586 x86_64): libtiff-devel-4.0.2-1.20.1 libtiff5-4.0.2-1.20.1 libtiff5-debuginfo-4.0.2-1.20.1 tiff-4.0.2-1.20.1 tiff-debuginfo-4.0.2-1.20.1 tiff-debugsource-4.0.2-1.20.1 - openSUSE 12.2 (x86_64): libtiff-devel-32bit-4.0.2-1.20.1 libtiff5-32bit-4.0.2-1.20.1 libtiff5-debuginfo-32bit-4.0.2-1.20.1 References: http://support.novell.com/security/cve/CVE-2013-4231.html http://support.novell.com/security/cve/CVE-2013-4232.html http://support.novell.com/security/cve/CVE-2013-4243.html http://support.novell.com/security/cve/CVE-2013-4244.html https://bugzilla.novell.com/834477 https://bugzilla.novell.com/834779 https://bugzilla.novell.com/834788