SUSE-SU-2018:1472-1: moderate: Security update for tiff

Wed May 30 07:13:25 MDT 2018

   SUSE Security Update: Security update for tiff
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:1472-1
Rating:             moderate
References:         #1017694 #1031250 #1031254 #1033109 #1033111 
                    #1033112 #1033113 #1033120 #1033126 #1033127 
                    #1033129 #1074317 #984808 #984809 #984831 
                    #987351 
Cross-References:   CVE-2016-10267 CVE-2016-10269 CVE-2016-10270
                    CVE-2016-5314 CVE-2016-5315 CVE-2017-18013
                    CVE-2017-7593 CVE-2017-7595 CVE-2017-7596
                    CVE-2017-7597 CVE-2017-7599 CVE-2017-7600
                    CVE-2017-7601 CVE-2017-7602
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 11-SP4
                    SUSE Linux Enterprise Server 11-SP4
                    SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________

   An update that solves 14 vulnerabilities and has two fixes
   is now available.

Description:

   This update for tiff fixes the following issues:

   Security issues fixed:

   - CVE-2016-5315: The setByteArray function in tif_dir.c allowed remote
     attackers to cause a denial of service (out-of-bounds read) via a
     crafted tiff image.  (bsc#984809)
   - CVE-2016-10267: LibTIFF allowed remote attackers to cause a denial of
     service (divide-by-zero error and application crash) via a crafted TIFF
     image, related to libtiff/tif_ojpeg.c:816:8.  (bsc#1017694)
   - CVE-2016-10269: LibTIFF allowed remote attackers to cause a denial of
     service (heap-based buffer over-read) or possibly have unspecified other
     impact via a crafted TIFF image, related to "READ of size 512" and
     libtiff/tif_unix.c:340:2.  (bsc#1031254)
   - CVE-2016-10270: LibTIFF allowed remote attackers to cause a denial of
     service (heap-based buffer over-read) or possibly have unspecified other
     impact via a crafted TIFF image, related to "READ of size 8" and
     libtiff/tif_read.c:523:22.  (bsc#1031250)
   - CVE-2017-18013: In LibTIFF, there was a Null-Pointer Dereference in the
     tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo
     crash.  (bsc#1074317)
   - CVE-2017-7593: tif_read.c did not ensure that tif_rawdata is properly
     initialized, which might have allowed remote attackers to obtain
     sensitive information from process memory via a crafted image.
     (bsc#1033129)
   - CVE-2017-7595: The JPEGSetupEncode function in tiff_jpeg.c allowed
     remote attackers to cause a denial of service (divide-by-zero error and
     application crash) via a crafted image.  (bsc#1033127)
   - CVE-2017-7596: LibTIFF had an "outside the range of representable values
     of type float" undefined behavior issue, which might have allowed remote
     attackers to cause a denial of service (application crash) or possibly
     have unspecified other impact via a crafted image.  (bsc#1033126)
   - CVE-2017-7597: tif_dirread.c had an "outside the range of representable
     values of type float" undefined behavior issue, which might have allowed
     remote attackers to cause a denial of service (application crash) or
     possibly have unspecified other impact via a crafted image.
     (bsc#1033120)
   - CVE-2017-7599: LibTIFF had an "outside the range of representable values
     of type short" undefined behavior issue, which might have allowed remote
     attackers to cause a denial of service (application crash) or possibly
     have unspecified other impact via a crafted image.  (bsc#1033113)
   - CVE-2017-7600: LibTIFF had an "outside the range of representable values
     of type unsigned char" undefined behavior issue, which might have
     allowed remote attackers to cause a denial of service (application
     crash) or possibly have unspecified other impact via a crafted image.
     (bsc#1033112)
   - CVE-2017-7601: LibTIFF had a "shift exponent too large for 64-bit type
     long" undefined behavior issue, which might have allowed remote
     attackers to cause a denial of service (application crash) or possibly
     have unspecified other impact via a crafted image.  (bsc#1033111)
   - CVE-2017-7602: LibTIFF had a signed integer overflow, which might have
     allowed remote attackers to cause a denial of service (application
     crash) or possibly have unspecified other impact via a crafted image.
     (bsc#1033109)
   - Multiple divide by zero issues
   - CVE-2016-5314: Buffer overflow in the PixarLogDecode function in
     tif_pixarlog.c allowed remote attackers to cause a denial of service
     (application crash) or possibly have unspecified other impact via a
     crafted TIFF image, as demonstrated by overwriting the vgetparent
     function pointer with rgb2ycbcr.  (bsc#987351 bsc#984808 bsc#984831)

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 11-SP4:

      zypper in -t patch sdksp4-tiff-13631=1

   - SUSE Linux Enterprise Server 11-SP4:

      zypper in -t patch slessp4-tiff-13631=1

   - SUSE Linux Enterprise Debuginfo 11-SP4:

      zypper in -t patch dbgsp4-tiff-13631=1

Package List:

   - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      libtiff-devel-3.8.2-141.169.6.1

   - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64):

      libtiff-devel-32bit-3.8.2-141.169.6.1

   - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      libtiff3-3.8.2-141.169.6.1
      tiff-3.8.2-141.169.6.1

   - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64):

      libtiff3-32bit-3.8.2-141.169.6.1

   - SUSE Linux Enterprise Server 11-SP4 (ia64):

      libtiff3-x86-3.8.2-141.169.6.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      tiff-debuginfo-3.8.2-141.169.6.1
      tiff-debugsource-3.8.2-141.169.6.1

References:

   https://www.suse.com/security/cve/CVE-2016-10267.html
   https://www.suse.com/security/cve/CVE-2016-10269.html
   https://www.suse.com/security/cve/CVE-2016-10270.html
   https://www.suse.com/security/cve/CVE-2016-5314.html
   https://www.suse.com/security/cve/CVE-2016-5315.html
   https://www.suse.com/security/cve/CVE-2017-18013.html
   https://www.suse.com/security/cve/CVE-2017-7593.html
   https://www.suse.com/security/cve/CVE-2017-7595.html
   https://www.suse.com/security/cve/CVE-2017-7596.html
   https://www.suse.com/security/cve/CVE-2017-7597.html
   https://www.suse.com/security/cve/CVE-2017-7599.html
   https://www.suse.com/security/cve/CVE-2017-7600.html
   https://www.suse.com/security/cve/CVE-2017-7601.html
   https://www.suse.com/security/cve/CVE-2017-7602.html
   https://bugzilla.suse.com/1017694
   https://bugzilla.suse.com/1031250
   https://bugzilla.suse.com/1031254
   https://bugzilla.suse.com/1033109
   https://bugzilla.suse.com/1033111
   https://bugzilla.suse.com/1033112
   https://bugzilla.suse.com/1033113
   https://bugzilla.suse.com/1033120
   https://bugzilla.suse.com/1033126
   https://bugzilla.suse.com/1033127
   https://bugzilla.suse.com/1033129
   https://bugzilla.suse.com/1074317
   https://bugzilla.suse.com/984808
   https://bugzilla.suse.com/984809
   https://bugzilla.suse.com/984831
   https://bugzilla.suse.com/987351