Security update for tiff SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:3948-1 Final 1 1 2018-11-29T19:51:23Z current 2018-11-29T19:51:23Z 2018-11-29T19:51:23Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for tiff This update for tiff fixes the following issues: Security issues fixed: - CVE-2018-12900: Fixed heap-based buffer overflow in the cpSeparateBufToContigBuf (bsc#1099257). - CVE-2018-18661: Fixed NULL pointer dereference in the function LZWDecode in the file tif_lzw.c (bsc#1113672). - CVE-2018-18557: Fixed JBIG decode can lead to out-of-bounds write (bsc#1113094). Non-security issues fixed: - asan_build: build ASAN included - debug_build: build more suitable for debugging This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-security-announce/2018-11/msg00050.html E-Mail link for openSUSE-SU-2018:3948-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 15.0 libtiff-devel-4.0.9-lp150.4.9.1 libtiff-devel-32bit-4.0.9-lp150.4.9.1 libtiff5-4.0.9-lp150.4.9.1 libtiff5-32bit-4.0.9-lp150.4.9.1 tiff-4.0.9-lp150.4.9.1 libtiff-devel-4.0.9-lp150.4.9.1 as a component of openSUSE Leap 15.0 libtiff-devel-32bit-4.0.9-lp150.4.9.1 as a component of openSUSE Leap 15.0 libtiff5-4.0.9-lp150.4.9.1 as a component of openSUSE Leap 15.0 libtiff5-32bit-4.0.9-lp150.4.9.1 as a component of openSUSE Leap 15.0 tiff-4.0.9-lp150.4.9.1 as a component of openSUSE Leap 15.0 Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file. CVE-2018-12900 openSUSE Leap 15.0:libtiff-devel-32bit-4.0.9-lp150.4.9.1 openSUSE Leap 15.0:libtiff-devel-4.0.9-lp150.4.9.1 openSUSE Leap 15.0:libtiff5-32bit-4.0.9-lp150.4.9.1 openSUSE Leap 15.0:libtiff5-4.0.9-lp150.4.9.1 openSUSE Leap 15.0:tiff-4.0.9-lp150.4.9.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-11/msg00050.html https://www.suse.com/security/cve/CVE-2018-12900.html CVE-2018-12900 https://bugzilla.suse.com/1099257 SUSE Bug 1099257 https://bugzilla.suse.com/1125113 SUSE Bug 1125113 LibTIFF 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write. CVE-2018-18557 openSUSE Leap 15.0:libtiff-devel-32bit-4.0.9-lp150.4.9.1 openSUSE Leap 15.0:libtiff-devel-4.0.9-lp150.4.9.1 openSUSE Leap 15.0:libtiff5-32bit-4.0.9-lp150.4.9.1 openSUSE Leap 15.0:libtiff5-4.0.9-lp150.4.9.1 openSUSE Leap 15.0:tiff-4.0.9-lp150.4.9.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-11/msg00050.html https://www.suse.com/security/cve/CVE-2018-18557.html CVE-2018-18557 https://bugzilla.suse.com/1113094 SUSE Bug 1113094 An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c. CVE-2018-18661 openSUSE Leap 15.0:libtiff-devel-32bit-4.0.9-lp150.4.9.1 openSUSE Leap 15.0:libtiff-devel-4.0.9-lp150.4.9.1 openSUSE Leap 15.0:libtiff5-32bit-4.0.9-lp150.4.9.1 openSUSE Leap 15.0:libtiff5-4.0.9-lp150.4.9.1 openSUSE Leap 15.0:tiff-4.0.9-lp150.4.9.1 low Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-11/msg00050.html https://www.suse.com/security/cve/CVE-2018-18661.html CVE-2018-18661 https://bugzilla.suse.com/1113672 SUSE Bug 1113672