SUSE-SU-2016:3301-1: moderate: Security update for tiff
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Thu Dec 29 16:15:32 MST 2016
SUSE Security Update: Security update for tiff
______________________________________________________________________________
Announcement ID: SUSE-SU-2016:3301-1
Rating: moderate
References: #1007280 #1010161 #1010163 #1011103 #1011107
#914890 #974449 #974840 #984813 #984815 #987351
Cross-References: CVE-2014-8127 CVE-2016-3622 CVE-2016-3658
CVE-2016-5321 CVE-2016-5323 CVE-2016-5652
CVE-2016-5875 CVE-2016-9273 CVE-2016-9297
CVE-2016-9448 CVE-2016-9453
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP2
SUSE Linux Enterprise Software Development Kit 12-SP1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2
SUSE Linux Enterprise Server 12-SP2
SUSE Linux Enterprise Server 12-SP1
SUSE Linux Enterprise Desktop 12-SP2
SUSE Linux Enterprise Desktop 12-SP1
______________________________________________________________________________
An update that fixes 11 vulnerabilities is now available.
Description:
The tiff library and tools were updated to version 4.0.7 fixing various
bug and security issues.
- CVE-2014-8127: out-of-bounds read with malformed TIFF image in multiple
tools [bnc#914890]
- CVE-2016-9297: tif_dirread.c read outside buffer in _TIFFPrintField()
[bnc#1010161]
- CVE-2016-3658: Illegal read in TIFFWriteDirectoryTagLongLong8Array
function in tiffset / tif_dirwrite.c [bnc#974840]
- CVE-2016-9273: heap overflow [bnc#1010163]
- CVE-2016-3622: divide By Zero in the tiff2rgba tool [bnc#974449]
- CVE-2016-5652: tiff2pdf JPEG Compression Tables Heap Buffer Overflow
[bnc#1007280]
- CVE-2016-9453: out-of-bounds Write memcpy and less bound check in
tiff2pdf [bnc#1011107]
- CVE-2016-5875: heap-based buffer overflow when using the PixarLog
compressionformat [bnc#987351]
- CVE-2016-9448: regression introduced by fixing CVE-2016-9297
[bnc#1011103]
- CVE-2016-5321: out-of-bounds read in tiffcrop / DumpModeDecode()
function [bnc#984813]
- CVE-2016-5323: Divide-by-zero in _TIFFFax3fillruns() function (null ptr
dereference?) [bnc#984815]
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 12-SP2:
zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1937=1
- SUSE Linux Enterprise Software Development Kit 12-SP1:
zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1937=1
- SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:
zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1937=1
- SUSE Linux Enterprise Server 12-SP2:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1937=1
- SUSE Linux Enterprise Server 12-SP1:
zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1937=1
- SUSE Linux Enterprise Desktop 12-SP2:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1937=1
- SUSE Linux Enterprise Desktop 12-SP1:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1937=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64):
libtiff-devel-4.0.7-35.1
tiff-debuginfo-4.0.7-35.1
tiff-debugsource-4.0.7-35.1
- SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64):
libtiff-devel-4.0.7-35.1
tiff-debuginfo-4.0.7-35.1
tiff-debugsource-4.0.7-35.1
- SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64):
libtiff5-4.0.7-35.1
libtiff5-debuginfo-4.0.7-35.1
tiff-4.0.7-35.1
tiff-debuginfo-4.0.7-35.1
tiff-debugsource-4.0.7-35.1
- SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64):
libtiff5-4.0.7-35.1
libtiff5-debuginfo-4.0.7-35.1
tiff-4.0.7-35.1
tiff-debuginfo-4.0.7-35.1
tiff-debugsource-4.0.7-35.1
- SUSE Linux Enterprise Server 12-SP2 (x86_64):
libtiff5-32bit-4.0.7-35.1
libtiff5-debuginfo-32bit-4.0.7-35.1
- SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64):
libtiff5-4.0.7-35.1
libtiff5-debuginfo-4.0.7-35.1
tiff-4.0.7-35.1
tiff-debuginfo-4.0.7-35.1
tiff-debugsource-4.0.7-35.1
- SUSE Linux Enterprise Server 12-SP1 (s390x x86_64):
libtiff5-32bit-4.0.7-35.1
libtiff5-debuginfo-32bit-4.0.7-35.1
- SUSE Linux Enterprise Desktop 12-SP2 (x86_64):
libtiff5-32bit-4.0.7-35.1
libtiff5-4.0.7-35.1
libtiff5-debuginfo-32bit-4.0.7-35.1
libtiff5-debuginfo-4.0.7-35.1
tiff-debuginfo-4.0.7-35.1
tiff-debugsource-4.0.7-35.1
- SUSE Linux Enterprise Desktop 12-SP1 (x86_64):
libtiff5-32bit-4.0.7-35.1
libtiff5-4.0.7-35.1
libtiff5-debuginfo-32bit-4.0.7-35.1
libtiff5-debuginfo-4.0.7-35.1
tiff-debuginfo-4.0.7-35.1
tiff-debugsource-4.0.7-35.1
References:
https://www.suse.com/security/cve/CVE-2014-8127.html
https://www.suse.com/security/cve/CVE-2016-3622.html
https://www.suse.com/security/cve/CVE-2016-3658.html
https://www.suse.com/security/cve/CVE-2016-5321.html
https://www.suse.com/security/cve/CVE-2016-5323.html
https://www.suse.com/security/cve/CVE-2016-5652.html
https://www.suse.com/security/cve/CVE-2016-5875.html
https://www.suse.com/security/cve/CVE-2016-9273.html
https://www.suse.com/security/cve/CVE-2016-9297.html
https://www.suse.com/security/cve/CVE-2016-9448.html
https://www.suse.com/security/cve/CVE-2016-9453.html
https://bugzilla.suse.com/1007280
https://bugzilla.suse.com/1010161
https://bugzilla.suse.com/1010163
https://bugzilla.suse.com/1011103
https://bugzilla.suse.com/1011107
https://bugzilla.suse.com/914890
https://bugzilla.suse.com/974449
https://bugzilla.suse.com/974840
https://bugzilla.suse.com/984813
https://bugzilla.suse.com/984815
https://bugzilla.suse.com/987351
More information about the sle-security-updates
mailing list