Security update for tiff SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:4053-1 Final 1 1 2018-12-08T10:50:08Z current 2018-12-08T10:50:08Z 2018-12-08T10:50:08Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for tiff This update for tiff fixes the following issues: Security issues fixed: - CVE-2018-19210: Fixed NULL pointer dereference in the TIFFWriteDirectorySec function (bsc#1115717). - CVE-2017-12944: Fixed denial of service issue in the TIFFReadDirEntryArray function (bsc#1054594). - CVE-2016-10094: Fixed heap-based buffer overflow in the _tiffWriteProc function (bsc#1017693). - CVE-2016-10093: Fixed heap-based buffer overflow in the _TIFFmemcpy function (bsc#1017693). - CVE-2016-10092: Fixed heap-based buffer overflow in the TIFFReverseBits function (bsc#1017693). - CVE-2016-6223: Fixed out-of-bounds read on memory-mapped files in TIFFReadRawStrip1() and TIFFReadRawTile1() (bsc#990460). This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00020.html E-Mail link for openSUSE-SU-2018:4053-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 15.0 libtiff-devel-4.0.9-lp150.4.12.1 libtiff-devel-32bit-4.0.9-lp150.4.12.1 libtiff5-4.0.9-lp150.4.12.1 libtiff5-32bit-4.0.9-lp150.4.12.1 tiff-4.0.9-lp150.4.12.1 libtiff-devel-4.0.9-lp150.4.12.1 as a component of openSUSE Leap 15.0 libtiff-devel-32bit-4.0.9-lp150.4.12.1 as a component of openSUSE Leap 15.0 libtiff5-4.0.9-lp150.4.12.1 as a component of openSUSE Leap 15.0 libtiff5-32bit-4.0.9-lp150.4.12.1 as a component of openSUSE Leap 15.0 tiff-4.0.9-lp150.4.12.1 as a component of openSUSE Leap 15.0 Heap-based buffer overflow in the readContigStripsIntoBuffer function in tif_unix.c in LibTIFF 4.0.7 allows remote attackers to have unspecified impact via a crafted image. CVE-2016-10092 openSUSE Leap 15.0:libtiff-devel-32bit-4.0.9-lp150.4.12.1 openSUSE Leap 15.0:libtiff-devel-4.0.9-lp150.4.12.1 openSUSE Leap 15.0:libtiff5-32bit-4.0.9-lp150.4.12.1 openSUSE Leap 15.0:libtiff5-4.0.9-lp150.4.12.1 openSUSE Leap 15.0:tiff-4.0.9-lp150.4.12.1 important 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00020.html https://www.suse.com/security/cve/CVE-2016-10092.html CVE-2016-10092 https://bugzilla.suse.com/1017693 SUSE Bug 1017693 https://bugzilla.suse.com/1122679 SUSE Bug 1122679 Integer overflow in tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to have unspecified impact via a crafted image, which triggers a heap-based buffer overflow. CVE-2016-10093 openSUSE Leap 15.0:libtiff-devel-32bit-4.0.9-lp150.4.12.1 openSUSE Leap 15.0:libtiff-devel-4.0.9-lp150.4.12.1 openSUSE Leap 15.0:libtiff5-32bit-4.0.9-lp150.4.12.1 openSUSE Leap 15.0:libtiff5-4.0.9-lp150.4.12.1 openSUSE Leap 15.0:tiff-4.0.9-lp150.4.12.1 important 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00020.html https://www.suse.com/security/cve/CVE-2016-10093.html CVE-2016-10093 https://bugzilla.suse.com/1017693 SUSE Bug 1017693 https://bugzilla.suse.com/1122679 SUSE Bug 1122679 Off-by-one error in the t2p_readwrite_pdf_image_tile function in tools/tiff2pdf.c in LibTIFF 4.0.7 allows remote attackers to have unspecified impact via a crafted image. CVE-2016-10094 openSUSE Leap 15.0:libtiff-devel-32bit-4.0.9-lp150.4.12.1 openSUSE Leap 15.0:libtiff-devel-4.0.9-lp150.4.12.1 openSUSE Leap 15.0:libtiff5-32bit-4.0.9-lp150.4.12.1 openSUSE Leap 15.0:libtiff5-4.0.9-lp150.4.12.1 openSUSE Leap 15.0:tiff-4.0.9-lp150.4.12.1 important 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00020.html https://www.suse.com/security/cve/CVE-2016-10094.html CVE-2016-10094 https://bugzilla.suse.com/1017693 SUSE Bug 1017693 https://bugzilla.suse.com/1122679 SUSE Bug 1122679 The TIFFReadRawStrip1 and TIFFReadRawTile1 functions in tif_read.c in libtiff before 4.0.7 allows remote attackers to cause a denial of service (crash) or possibly obtain sensitive information via a negative index in a file-content buffer. CVE-2016-6223 openSUSE Leap 15.0:libtiff-devel-32bit-4.0.9-lp150.4.12.1 openSUSE Leap 15.0:libtiff-devel-4.0.9-lp150.4.12.1 openSUSE Leap 15.0:libtiff5-32bit-4.0.9-lp150.4.12.1 openSUSE Leap 15.0:libtiff5-4.0.9-lp150.4.12.1 openSUSE Leap 15.0:tiff-4.0.9-lp150.4.12.1 moderate 5.8 AV:N/AC:M/Au:N/C:P/I:N/A:P Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00020.html https://www.suse.com/security/cve/CVE-2016-6223.html CVE-2016-6223 https://bugzilla.suse.com/990460 SUSE Bug 990460 The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mishandles memory allocation for short files, which allows remote attackers to cause a denial of service (allocation failure and application crash) in the TIFFFetchStripThing function in tif_dirread.c during a tiff2pdf invocation. CVE-2017-12944 openSUSE Leap 15.0:libtiff-devel-32bit-4.0.9-lp150.4.12.1 openSUSE Leap 15.0:libtiff-devel-4.0.9-lp150.4.12.1 openSUSE Leap 15.0:libtiff5-32bit-4.0.9-lp150.4.12.1 openSUSE Leap 15.0:libtiff5-4.0.9-lp150.4.12.1 openSUSE Leap 15.0:tiff-4.0.9-lp150.4.12.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00020.html https://www.suse.com/security/cve/CVE-2017-12944.html CVE-2017-12944 https://bugzilla.suse.com/1003874 SUSE Bug 1003874 https://bugzilla.suse.com/1054594 SUSE Bug 1054594 In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by tiffset. CVE-2018-19210 openSUSE Leap 15.0:libtiff-devel-32bit-4.0.9-lp150.4.12.1 openSUSE Leap 15.0:libtiff-devel-4.0.9-lp150.4.12.1 openSUSE Leap 15.0:libtiff5-32bit-4.0.9-lp150.4.12.1 openSUSE Leap 15.0:libtiff5-4.0.9-lp150.4.12.1 openSUSE Leap 15.0:tiff-4.0.9-lp150.4.12.1 low Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00020.html https://www.suse.com/security/cve/CVE-2018-19210.html CVE-2018-19210 https://bugzilla.suse.com/1108606 SUSE Bug 1108606 https://bugzilla.suse.com/1115717 SUSE Bug 1115717