Mailinglist Archive: opensuse-updates (180 mails)

< Previous Next >
openSUSE-SU-2017:0074-1: moderate: Security update for tiff
openSUSE Security Update: Security update for tiff
______________________________________________________________________________

Announcement ID: openSUSE-SU-2017:0074-1
Rating: moderate
References: #1007280 #1010161 #1010163 #1011103 #1011107
#914890 #974449 #974840 #984813 #984815 #987351

Cross-References: CVE-2014-8127 CVE-2016-3622 CVE-2016-3658
CVE-2016-5321 CVE-2016-5323 CVE-2016-5652
CVE-2016-5875 CVE-2016-9273 CVE-2016-9297
CVE-2016-9448 CVE-2016-9453
Affected Products:
openSUSE Leap 42.2
openSUSE Leap 42.1
______________________________________________________________________________

An update that fixes 11 vulnerabilities is now available.

Description:

The tiff library and tools were updated to version 4.0.7 fixing various
bug and security issues.

- CVE-2014-8127: out-of-bounds read with malformed TIFF image in multiple
tools [bnc#914890]
- CVE-2016-9297: tif_dirread.c read outside buffer in _TIFFPrintField()
[bnc#1010161]
- CVE-2016-3658: Illegal read in TIFFWriteDirectoryTagLongLong8Array
function in tiffset / tif_dirwrite.c [bnc#974840]
- CVE-2016-9273: heap overflow [bnc#1010163]
- CVE-2016-3622: divide By Zero in the tiff2rgba tool [bnc#974449]
- CVE-2016-5652: tiff2pdf JPEG Compression Tables Heap Buffer Overflow
[bnc#1007280]
- CVE-2016-9453: out-of-bounds Write memcpy and less bound check in
tiff2pdf [bnc#1011107]
- CVE-2016-5875: heap-based buffer overflow when using the PixarLog
compressionformat [bnc#987351]
- CVE-2016-9448: regression introduced by fixing CVE-2016-9297
[bnc#1011103]
- CVE-2016-5321: out-of-bounds read in tiffcrop / DumpModeDecode()
function [bnc#984813]
- CVE-2016-5323: Divide-by-zero in _TIFFFax3fillruns() function (null ptr
dereference?) [bnc#984815]

This update was imported from the SUSE:SLE-12:Update update project.


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE Leap 42.2:

zypper in -t patch openSUSE-2017-53=1

- openSUSE Leap 42.1:

zypper in -t patch openSUSE-2017-53=1

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE Leap 42.2 (i586 x86_64):

libtiff-devel-4.0.7-12.1
libtiff5-4.0.7-12.1
libtiff5-debuginfo-4.0.7-12.1
tiff-4.0.7-12.1
tiff-debuginfo-4.0.7-12.1
tiff-debugsource-4.0.7-12.1

- openSUSE Leap 42.2 (x86_64):

libtiff-devel-32bit-4.0.7-12.1
libtiff5-32bit-4.0.7-12.1
libtiff5-debuginfo-32bit-4.0.7-12.1

- openSUSE Leap 42.1 (i586 x86_64):

libtiff-devel-4.0.7-12.1
libtiff5-4.0.7-12.1
libtiff5-debuginfo-4.0.7-12.1
tiff-4.0.7-12.1
tiff-debuginfo-4.0.7-12.1
tiff-debugsource-4.0.7-12.1

- openSUSE Leap 42.1 (x86_64):

libtiff-devel-32bit-4.0.7-12.1
libtiff5-32bit-4.0.7-12.1
libtiff5-debuginfo-32bit-4.0.7-12.1


References:

https://www.suse.com/security/cve/CVE-2014-8127.html
https://www.suse.com/security/cve/CVE-2016-3622.html
https://www.suse.com/security/cve/CVE-2016-3658.html
https://www.suse.com/security/cve/CVE-2016-5321.html
https://www.suse.com/security/cve/CVE-2016-5323.html
https://www.suse.com/security/cve/CVE-2016-5652.html
https://www.suse.com/security/cve/CVE-2016-5875.html
https://www.suse.com/security/cve/CVE-2016-9273.html
https://www.suse.com/security/cve/CVE-2016-9297.html
https://www.suse.com/security/cve/CVE-2016-9448.html
https://www.suse.com/security/cve/CVE-2016-9453.html
https://bugzilla.suse.com/1007280
https://bugzilla.suse.com/1010161
https://bugzilla.suse.com/1010163
https://bugzilla.suse.com/1011103
https://bugzilla.suse.com/1011107
https://bugzilla.suse.com/914890
https://bugzilla.suse.com/974449
https://bugzilla.suse.com/974840
https://bugzilla.suse.com/984813
https://bugzilla.suse.com/984815
https://bugzilla.suse.com/987351


< Previous Next >
This Thread
  • No further messages