SUSE-SU-2018:3879-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2018:3879-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2018:3879-1
- Related
- Published
- 2018-11-23T16:06:18Z
- Modified
- 2018-11-23T16:06:18Z
- Summary
- Security update for tiff
- Details
-
This update for tiff fixes the following issues:
Security issues fixed:
- CVE-2018-18661: Fixed NULL pointer dereference in the function LZWDecode in the file tif_lzw.c (bsc#1113672).
- CVE-2018-12900: Fixed heap-based buffer overflow in the cpSeparateBufToContigBuf (bsc#1099257).
- CVE-2017-9147: Fixed invalid read in the TIFFVGetField function in tifdir.c, that allowed remote attackers to cause a DoS via acrafted TIFF file (bsc#1040322).
- CVE-2017-9117: Fixed BMP images processing that was verified without biWidth and biHeight values (bsc#1040080).
- CVE-2017-17942: Fixed issue in the function PackBitsEncode that could have led to a heap overflow and caused a DoS (bsc#1074186).
- CVE-2016-9273: Fixed heap-based buffer overflow issue (bsc#1010163).
- CVE-2016-5319: Fixed heap-based buffer overflow in PackBitsEncode (bsc#983440).
- CVE-2016-3621: Fixed out-of-bounds read in the bmp2tiff tool (lzw packing) (bsc#974448).
- CVE-2016-3620: Fixed out-of-bounds read in the bmp2tiff tool (zip packing) (bsc#974447)
- CVE-2016-3619: Fixed out-of-bounds read in the bmp2tiff tool (none packing) (bsc#974446)
- CVE-2015-8870: Fixed integer overflow in tools/bmp2tiff.c that allowed remote attackers to causea DOS (bsc#1014461).
Non-security issues fixed:
- asan_build: build ASAN included
- debug_build: build more suitable for debugging
- References
-
- https://www.suse.com/support/update/announcement/2018/suse-su-20183879-1/
- https://bugzilla.suse.com/1010163
- https://bugzilla.suse.com/1014461
- https://bugzilla.suse.com/1040080
- https://bugzilla.suse.com/1040322
- https://bugzilla.suse.com/1074186
- https://bugzilla.suse.com/1099257
- https://bugzilla.suse.com/1113672
- https://bugzilla.suse.com/974446
- https://bugzilla.suse.com/974447
- https://bugzilla.suse.com/974448
- https://bugzilla.suse.com/983440
- https://www.suse.com/security/cve/CVE-2015-8870
- https://www.suse.com/security/cve/CVE-2016-3619
- https://www.suse.com/security/cve/CVE-2016-3620
- https://www.suse.com/security/cve/CVE-2016-3621
- https://www.suse.com/security/cve/CVE-2016-5319
- https://www.suse.com/security/cve/CVE-2016-9273
- https://www.suse.com/security/cve/CVE-2017-17942
- https://www.suse.com/security/cve/CVE-2017-9117
- https://www.suse.com/security/cve/CVE-2017-9147
- https://www.suse.com/security/cve/CVE-2018-12900
- https://www.suse.com/security/cve/CVE-2018-18661
Affected packages
SUSE:Linux Enterprise Software Development Kit 11 SP4 / tiff
Package
- Name
- tiff
- Purl
- purl:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4
SUSE:Linux Enterprise Server 11 SP4 / tiff
Package
- Name
- tiff
- Purl
- purl:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4