SUSE-SU-2018:1835-1: moderate: Security update for tiff
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Thu Jun 28 07:09:51 MDT 2018
SUSE Security Update: Security update for tiff
______________________________________________________________________________
Announcement ID: SUSE-SU-2018:1835-1
Rating: moderate
References: #1007276 #1011839 #1011846 #1017689 #1017690
#1019611 #1031263 #1082332 #1082825 #1086408
#974621
Cross-References: CVE-2014-8128 CVE-2015-7554 CVE-2016-10095
CVE-2016-10266 CVE-2016-3632 CVE-2016-5318
CVE-2016-8331 CVE-2016-9535 CVE-2016-9540
CVE-2017-11613 CVE-2017-5225 CVE-2018-7456
CVE-2018-8905
Affected Products:
SUSE Linux Enterprise Software Development Kit 11-SP4
SUSE Linux Enterprise Server 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________
An update that fixes 13 vulnerabilities is now available.
Description:
This update for tiff fixes the following security issues:
- CVE-2017-5225: Prevent heap buffer overflow in the tools/tiffcp that
could have caused DoS or code execution via a crafted BitsPerSample
value (bsc#1019611)
- CVE-2018-7456: Prevent a NULL Pointer dereference in the function
TIFFPrintDirectory when using the tiffinfo tool to print crafted TIFF
information, a different vulnerability than CVE-2017-18013 (bsc#1082825)
- CVE-2017-11613: Prevent denial of service in the TIFFOpen function.
During the TIFFOpen process, td_imagelength is not checked. The value of
td_imagelength can be directly controlled by an input file. In the
ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is
called based on td_imagelength. If the value of td_imagelength is set
close to the amount of system memory, it will hang the system or trigger
the OOM killer (bsc#1082332)
- CVE-2016-10266: Prevent remote attackers to cause a denial of service
(divide-by-zero error and application crash) via a crafted TIFF image,
related to libtiff/tif_read.c:351:22 (bsc#1031263)
- CVE-2018-8905: Prevent heap-based buffer overflow in the function
LZWDecodeCompat via a crafted TIFF file (bsc#1086408)
- CVE-2016-9540: Prevent out-of-bounds write on tiled images with odd tile
width versus image width (bsc#1011839).
- CVE-2016-9535: tif_predict.h and tif_predict.c had assertions that could
have lead to assertion failures in debug mode, or buffer overflows in
release mode, when dealing with unusual tile size like YCbCr with
subsampling (bsc#1011846).
- CVE-2016-9535: tif_predict.h and tif_predict.c had assertions that could
have lead to assertion failures in debug mode, or buffer overflows in
release mode, when dealing with unusual tile size like YCbCr with
subsampling (bsc#1011846).
- Removed assert in readSeparateTilesIntoBuffer() function (bsc#1017689).
- CVE-2016-10095: Prevent stack-based buffer overflow in the
_TIFFVGetField function that allowed remote attackers to cause a denial
of service (crash) via a crafted TIFF file (bsc#1017690).
- CVE-2016-8331: Prevent remote code execution because of incorrect
handling of TIFF images. A crafted TIFF document could have lead to a
type confusion vulnerability resulting in remote code execution. This
vulnerability could have been be triggered via a TIFF file delivered to
the application using LibTIFF's tag extension functionality
(bsc#1007276).
- CVE-2016-3632: The _TIFFVGetField function allowed remote attackers to
cause a denial of service (out-of-bounds write) or execute arbitrary
code via a crafted TIFF image (bsc#974621).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11-SP4:
zypper in -t patch sdksp4-tiff-13683=1
- SUSE Linux Enterprise Server 11-SP4:
zypper in -t patch slessp4-tiff-13683=1
- SUSE Linux Enterprise Debuginfo 11-SP4:
zypper in -t patch dbgsp4-tiff-13683=1
Package List:
- SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64):
libtiff-devel-3.8.2-141.169.9.1
- SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64):
libtiff-devel-32bit-3.8.2-141.169.9.1
- SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):
libtiff3-3.8.2-141.169.9.1
tiff-3.8.2-141.169.9.1
- SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64):
libtiff3-32bit-3.8.2-141.169.9.1
- SUSE Linux Enterprise Server 11-SP4 (ia64):
libtiff3-x86-3.8.2-141.169.9.1
- SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):
tiff-debuginfo-3.8.2-141.169.9.1
tiff-debugsource-3.8.2-141.169.9.1
References:
https://www.suse.com/security/cve/CVE-2014-8128.html
https://www.suse.com/security/cve/CVE-2015-7554.html
https://www.suse.com/security/cve/CVE-2016-10095.html
https://www.suse.com/security/cve/CVE-2016-10266.html
https://www.suse.com/security/cve/CVE-2016-3632.html
https://www.suse.com/security/cve/CVE-2016-5318.html
https://www.suse.com/security/cve/CVE-2016-8331.html
https://www.suse.com/security/cve/CVE-2016-9535.html
https://www.suse.com/security/cve/CVE-2016-9540.html
https://www.suse.com/security/cve/CVE-2017-11613.html
https://www.suse.com/security/cve/CVE-2017-5225.html
https://www.suse.com/security/cve/CVE-2018-7456.html
https://www.suse.com/security/cve/CVE-2018-8905.html
https://bugzilla.suse.com/1007276
https://bugzilla.suse.com/1011839
https://bugzilla.suse.com/1011846
https://bugzilla.suse.com/1017689
https://bugzilla.suse.com/1017690
https://bugzilla.suse.com/1019611
https://bugzilla.suse.com/1031263
https://bugzilla.suse.com/1082332
https://bugzilla.suse.com/1082825
https://bugzilla.suse.com/1086408
https://bugzilla.suse.com/974621
More information about the sle-security-updates
mailing list