Security update for tiff SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2016:3301-1 Final 1 1 2016-12-29T19:48:15Z current 2016-12-29T19:48:15Z 2016-12-29T19:48:15Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for tiff The tiff library and tools were updated to version 4.0.7 fixing various bug and security issues. - CVE-2014-8127: out-of-bounds read with malformed TIFF image in multiple tools [bnc#914890] - CVE-2016-9297: tif_dirread.c read outside buffer in _TIFFPrintField() [bnc#1010161] - CVE-2016-3658: Illegal read in TIFFWriteDirectoryTagLongLong8Array function in tiffset / tif_dirwrite.c [bnc#974840] - CVE-2016-9273: heap overflow [bnc#1010163] - CVE-2016-3622: divide By Zero in the tiff2rgba tool [bnc#974449] - CVE-2016-5652: tiff2pdf JPEG Compression Tables Heap Buffer Overflow [bnc#1007280] - CVE-2016-9453: out-of-bounds Write memcpy and less bound check in tiff2pdf [bnc#1011107] - CVE-2016-5875: heap-based buffer overflow when using the PixarLog compressionformat [bnc#987351] - CVE-2016-9448: regression introduced by fixing CVE-2016-9297 [bnc#1011103] - CVE-2016-5321: out-of-bounds read in tiffcrop / DumpModeDecode() function [bnc#984813] - CVE-2016-5323: Divide-by-zero in _TIFFFax3fillruns() function (null ptr dereference?) [bnc#984815] The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-DESKTOP-12-SP1-2016-1937,SUSE-SLE-DESKTOP-12-SP2-2016-1937,SUSE-SLE-RPI-12-SP2-2016-1937,SUSE-SLE-SDK-12-SP1-2016-1937,SUSE-SLE-SDK-12-SP2-2016-1937,SUSE-SLE-SERVER-12-SP1-2016-1937,SUSE-SLE-SERVER-12-SP2-2016-1937 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2016/suse-su-20163301-1/ Link for SUSE-SU-2016:3301-1 https://lists.suse.com/pipermail/sle-security-updates/2016-December/002537.html E-Mail link for SUSE-SU-2016:3301-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1007280 SUSE Bug 1007280 https://bugzilla.suse.com/1010161 SUSE Bug 1010161 https://bugzilla.suse.com/1010163 SUSE Bug 1010163 https://bugzilla.suse.com/1011103 SUSE Bug 1011103 https://bugzilla.suse.com/1011107 SUSE Bug 1011107 https://bugzilla.suse.com/914890 SUSE Bug 914890 https://bugzilla.suse.com/974449 SUSE Bug 974449 https://bugzilla.suse.com/974840 SUSE Bug 974840 https://bugzilla.suse.com/984813 SUSE Bug 984813 https://bugzilla.suse.com/984815 SUSE Bug 984815 https://bugzilla.suse.com/987351 SUSE Bug 987351 https://www.suse.com/security/cve/CVE-2014-8127/ SUSE CVE CVE-2014-8127 page https://www.suse.com/security/cve/CVE-2016-3622/ SUSE CVE CVE-2016-3622 page https://www.suse.com/security/cve/CVE-2016-3658/ SUSE CVE CVE-2016-3658 page https://www.suse.com/security/cve/CVE-2016-5321/ SUSE CVE CVE-2016-5321 page https://www.suse.com/security/cve/CVE-2016-5323/ SUSE CVE CVE-2016-5323 page https://www.suse.com/security/cve/CVE-2016-5652/ SUSE CVE CVE-2016-5652 page https://www.suse.com/security/cve/CVE-2016-5875/ SUSE CVE CVE-2016-5875 page https://www.suse.com/security/cve/CVE-2016-9273/ SUSE CVE CVE-2016-9273 page https://www.suse.com/security/cve/CVE-2016-9297/ SUSE CVE CVE-2016-9297 page https://www.suse.com/security/cve/CVE-2016-9448/ SUSE CVE CVE-2016-9448 page https://www.suse.com/security/cve/CVE-2016-9453/ SUSE CVE CVE-2016-9453 page SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP1 SUSE Linux Enterprise Server for SAP Applications 12 SP2 SUSE Linux Enterprise Software Development Kit 12 SP1 SUSE Linux Enterprise Software Development Kit 12 SP2 libtiff5-4.0.7-35.1 libtiff5-32bit-4.0.7-35.1 tiff-4.0.7-35.1 libtiff-devel-4.0.7-35.1 libtiff5-4.0.7-35.1 as a component of SUSE Linux Enterprise Desktop 12 SP1 libtiff5-32bit-4.0.7-35.1 as a component of SUSE Linux Enterprise Desktop 12 SP1 libtiff5-4.0.7-35.1 as a component of SUSE Linux Enterprise Desktop 12 SP2 libtiff5-32bit-4.0.7-35.1 as a component of SUSE Linux Enterprise Desktop 12 SP2 libtiff5-4.0.7-35.1 as a component of SUSE Linux Enterprise Server 12 SP1 libtiff5-32bit-4.0.7-35.1 as a component of SUSE Linux Enterprise Server 12 SP1 tiff-4.0.7-35.1 as a component of SUSE Linux Enterprise Server 12 SP1 libtiff5-4.0.7-35.1 as a component of SUSE Linux Enterprise Server 12 SP2 libtiff5-32bit-4.0.7-35.1 as a component of SUSE Linux Enterprise Server 12 SP2 tiff-4.0.7-35.1 as a component of SUSE Linux Enterprise Server 12 SP2 libtiff5-4.0.7-35.1 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 tiff-4.0.7-35.1 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 libtiff5-4.0.7-35.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 libtiff5-32bit-4.0.7-35.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 tiff-4.0.7-35.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 libtiff5-4.0.7-35.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 libtiff5-32bit-4.0.7-35.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 tiff-4.0.7-35.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 libtiff-devel-4.0.7-35.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP1 libtiff-devel-4.0.7-35.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP2 LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tif_next.c in the tiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool. CVE-2014-8127 SUSE Linux Enterprise Desktop 12 SP1:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Desktop 12 SP1:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Desktop 12 SP2:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Desktop 12 SP2:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP1:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP1:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP1:tiff-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP2:tiff-4.0.7-35.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tiff-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:tiff-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.7-35.1 SUSE Linux Enterprise Software Development Kit 12 SP1:libtiff-devel-4.0.7-35.1 SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.7-35.1 critical 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163301-1/ https://www.suse.com/security/cve/CVE-2014-8127.html CVE-2014-8127 https://bugzilla.suse.com/1206220 SUSE Bug 1206220 https://bugzilla.suse.com/914890 SUSE Bug 914890 https://bugzilla.suse.com/916925 SUSE Bug 916925 https://bugzilla.suse.com/942690 SUSE Bug 942690 https://bugzilla.suse.com/969783 SUSE Bug 969783 The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted TIFF image. CVE-2016-3622 SUSE Linux Enterprise Desktop 12 SP1:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Desktop 12 SP1:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Desktop 12 SP2:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Desktop 12 SP2:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP1:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP1:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP1:tiff-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP2:tiff-4.0.7-35.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tiff-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:tiff-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.7-35.1 SUSE Linux Enterprise Software Development Kit 12 SP1:libtiff-devel-4.0.7-35.1 SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.7-35.1 low 5 AV:N/AC:L/Au:N/C:N/I:N/A:P 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163301-1/ https://www.suse.com/security/cve/CVE-2016-3622.html CVE-2016-3622 https://bugzilla.suse.com/974449 SUSE Bug 974449 The TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving the ma variable. CVE-2016-3658 SUSE Linux Enterprise Desktop 12 SP1:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Desktop 12 SP1:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Desktop 12 SP2:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Desktop 12 SP2:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP1:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP1:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP1:tiff-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP2:tiff-4.0.7-35.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tiff-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:tiff-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.7-35.1 SUSE Linux Enterprise Software Development Kit 12 SP1:libtiff-devel-4.0.7-35.1 SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.7-35.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163301-1/ https://www.suse.com/security/cve/CVE-2016-3658.html CVE-2016-3658 https://bugzilla.suse.com/974840 SUSE Bug 974840 The DumpModeDecode function in libtiff 4.0.6 and earlier allows attackers to cause a denial of service (invalid read and crash) via a crafted tiff image. CVE-2016-5321 SUSE Linux Enterprise Desktop 12 SP1:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Desktop 12 SP1:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Desktop 12 SP2:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Desktop 12 SP2:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP1:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP1:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP1:tiff-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP2:tiff-4.0.7-35.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tiff-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:tiff-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.7-35.1 SUSE Linux Enterprise Software Development Kit 12 SP1:libtiff-devel-4.0.7-35.1 SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.7-35.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163301-1/ https://www.suse.com/security/cve/CVE-2016-5321.html CVE-2016-5321 https://bugzilla.suse.com/984813 SUSE Bug 984813 The _TIFFFax3fillruns function in libtiff before 4.0.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted Tiff image. CVE-2016-5323 SUSE Linux Enterprise Desktop 12 SP1:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Desktop 12 SP1:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Desktop 12 SP2:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Desktop 12 SP2:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP1:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP1:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP1:tiff-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP2:tiff-4.0.7-35.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tiff-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:tiff-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.7-35.1 SUSE Linux Enterprise Software Development Kit 12 SP1:libtiff-devel-4.0.7-35.1 SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.7-35.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163301-1/ https://www.suse.com/security/cve/CVE-2016-5323.html CVE-2016-5323 https://bugzilla.suse.com/984815 SUSE Bug 984815 An exploitable heap-based buffer overflow exists in the handling of TIFF images in LibTIFF's TIFF2PDF tool. A crafted TIFF document can lead to a heap-based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved TIFF file delivered by other means. CVE-2016-5652 SUSE Linux Enterprise Desktop 12 SP1:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Desktop 12 SP1:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Desktop 12 SP2:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Desktop 12 SP2:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP1:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP1:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP1:tiff-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP2:tiff-4.0.7-35.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tiff-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:tiff-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.7-35.1 SUSE Linux Enterprise Software Development Kit 12 SP1:libtiff-devel-4.0.7-35.1 SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.7-35.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163301-1/ https://www.suse.com/security/cve/CVE-2016-5652.html CVE-2016-5652 https://bugzilla.suse.com/1007280 SUSE Bug 1007280 DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-5314. Reason: This candidate is a reservation duplicate of CVE-2016-5314. Notes: All CVE users should reference CVE-2016-5314 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage CVE-2016-5875 SUSE Linux Enterprise Desktop 12 SP1:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Desktop 12 SP1:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Desktop 12 SP2:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Desktop 12 SP2:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP1:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP1:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP1:tiff-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP2:tiff-4.0.7-35.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tiff-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:tiff-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.7-35.1 SUSE Linux Enterprise Software Development Kit 12 SP1:libtiff-devel-4.0.7-35.1 SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.7-35.1 moderate 5.8 AV:N/AC:M/Au:N/C:N/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163301-1/ https://www.suse.com/security/cve/CVE-2016-5875.html CVE-2016-5875 https://bugzilla.suse.com/1007284 SUSE Bug 1007284 https://bugzilla.suse.com/984809 SUSE Bug 984809 https://bugzilla.suse.com/984831 SUSE Bug 984831 https://bugzilla.suse.com/987351 SUSE Bug 987351 tiffsplit in libtiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file, related to changing td_nstrips in TIFF_STRIPCHOP mode. CVE-2016-9273 SUSE Linux Enterprise Desktop 12 SP1:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Desktop 12 SP1:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Desktop 12 SP2:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Desktop 12 SP2:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP1:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP1:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP1:tiff-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP2:tiff-4.0.7-35.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tiff-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:tiff-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.7-35.1 SUSE Linux Enterprise Software Development Kit 12 SP1:libtiff-devel-4.0.7-35.1 SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.7-35.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163301-1/ https://www.suse.com/security/cve/CVE-2016-9273.html CVE-2016-9273 https://bugzilla.suse.com/1010163 SUSE Bug 1010163 https://bugzilla.suse.com/1017693 SUSE Bug 1017693 https://bugzilla.suse.com/1150480 SUSE Bug 1150480 The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII tag values. CVE-2016-9297 SUSE Linux Enterprise Desktop 12 SP1:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Desktop 12 SP1:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Desktop 12 SP2:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Desktop 12 SP2:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP1:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP1:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP1:tiff-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP2:tiff-4.0.7-35.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tiff-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:tiff-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.7-35.1 SUSE Linux Enterprise Software Development Kit 12 SP1:libtiff-devel-4.0.7-35.1 SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.7-35.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163301-1/ https://www.suse.com/security/cve/CVE-2016-9297.html CVE-2016-9297 https://bugzilla.suse.com/1010161 SUSE Bug 1010161 https://bugzilla.suse.com/1011103 SUSE Bug 1011103 The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by setting the tags TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII to values that access 0-byte arrays. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9297. CVE-2016-9448 SUSE Linux Enterprise Desktop 12 SP1:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Desktop 12 SP1:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Desktop 12 SP2:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Desktop 12 SP2:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP1:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP1:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP1:tiff-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP2:tiff-4.0.7-35.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tiff-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:tiff-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.7-35.1 SUSE Linux Enterprise Software Development Kit 12 SP1:libtiff-devel-4.0.7-35.1 SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.7-35.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163301-1/ https://www.suse.com/security/cve/CVE-2016-9448.html CVE-2016-9448 https://bugzilla.suse.com/1010161 SUSE Bug 1010161 https://bugzilla.suse.com/1011103 SUSE Bug 1011103 The t2p_readwrite_pdf_image_tile function in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a JPEG file with a TIFFTAG_JPEGTABLES of length one. CVE-2016-9453 SUSE Linux Enterprise Desktop 12 SP1:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Desktop 12 SP1:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Desktop 12 SP2:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Desktop 12 SP2:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP1:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP1:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP1:tiff-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server 12 SP2:tiff-4.0.7-35.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tiff-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:tiff-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.7-35.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.7-35.1 SUSE Linux Enterprise Software Development Kit 12 SP1:libtiff-devel-4.0.7-35.1 SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.7-35.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163301-1/ https://www.suse.com/security/cve/CVE-2016-9453.html CVE-2016-9453 https://bugzilla.suse.com/1007280 SUSE Bug 1007280 https://bugzilla.suse.com/1011107 SUSE Bug 1011107