Oval Definition:	oval:org.opensuse.security:def:2633
Revision Date: 2020-12-02 Version: 1 Title: Security update for tiff (Moderate) Description: This update for tiff fixes the following security issues: These security issues were fixed: - CVE-2017-18013: Fixed a NULL pointer dereference in the tif_print.cTIFFPrintDirectory function that could have lead to denial of service (bsc#1074317). - CVE-2018-10963: Fixed an assertion failure in the TIFFWriteDirectorySec() function in tif_dirwrite.c, which allowed remote attackers to cause a denial of service via a crafted file (bsc#1092949). - CVE-2018-7456: Prevent a NULL Pointer dereference in the function TIFFPrintDirectory when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013 (bsc#1082825). - CVE-2017-11613: Prevent denial of service in the TIFFOpen function. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In the ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called based on td_imagelength. If the value of td_imagelength is set close to the amount of system memory, it will hang the system or trigger the OOM killer (bsc#1082332). - CVE-2018-8905: Prevent heap-based buffer overflow in the function LZWDecodeCompat via a crafted TIFF file (bsc#1086408). Family: unix Class: patch Status: Reference(s): 1047238 1050911 1051510 1054914 1055117 1056686 1060662 1061840 1061843 1064597 1064701 1065600 1065729 1066369 1071009 1071306 1074317 1078248 1082332 1082555 1082825 1084645 1085030 1085416 1085536 1085539 1086103 1086408 1086613 1087092 1087240 1090734 1091171 1092949 1093205 1096748 1099162 1100356 1101262 1102097 1102687 1102688 1102689 1102899 1103557 1104902 1104918 1106061 1106284 1106434 1108382 1111177 1112028 1112894 1112899 1112902 1112903 1112905 1112906 1112907 1113722 1114279 1114542 1114567 1115034 1116708 1117963 1117964 1117965 1117966 1117967 1118689 1119086 1120507 1120876 1120902 1120937 1123013 1123105 1123959 1124370 1127838 1129424 1129519 1129664 1131107 1131281 1131565 1133021 1134291 1134881 1134882 1135219 1135642 1135897 1136261 1137811 1137884 1138539 1139020 1139021 1139101 1139500 1140012 1140426 1140487 1141450 1141543 1141554 1142019 1142076 1142109 1142117 1142118 1142119 1142496 1142541 1142635 1142685 1142701 1142772 1142857 1143300 1143466 1143765 1143841 1143843 1144123 1144333 1144474 1144518 1144718 1144813 1144880 1144886 1144912 1144920 1144979 1145010 1145051 1145059 1145095 1145189 1145235 1145300 1145302 1145388 1145389 1145390 1145391 1145392 1145393 1145394 1145395 1145396 1145397 1145408 1145409 1145579 1145580 1145582 1145661 1145678 1145687 1145692 1145920 1145922 1145934 1145937 1145940 1145941 1145942 1146074 1146084 1146163 1146285 1146346 1146351 1146352 1146360 1146361 1146376 1146378 1146381 1146391 1146399 1146413 1146425 1146512 1146514 1146516 1146519 1146524 1146526 1146529 1146531 1146543 1146547 1146550 1146575 1146589 1146678 1146938 1148031 1148032 1148033 1148034 1148035 1148093 1148133 1148192 1148196 1148198 1148202 1148303 1148363 1148379 1148394 1148527 1148574 1148616 1148617 1148619 1148859 1148868 1148931 1149053 1149083 1149104 1149105 1149106 1149197 1149214 1149224 1149325 1149376 1149413 1149418 1149424 1149522 1149527 1149539 1149552 1149591 1149602 1149612 1149626 1149652 1149713 1149940 1149976 1150025 1150033 1150112 1150562 1150727 1150860 1150861 1150933 1151793 1154401 1154884 1154887 1156188 1159639 CVE-2017-11613 CVE-2017-18013 CVE-2017-18551 CVE-2018-0886 CVE-2018-1000852 CVE-2018-10861 CVE-2018-10963 CVE-2018-1128 CVE-2018-1129 CVE-2018-13302 CVE-2018-14662 CVE-2018-16846 CVE-2018-1999010 CVE-2018-1999011 CVE-2018-1999012 CVE-2018-1999013 CVE-2018-20976 CVE-2018-21008 CVE-2018-7456 CVE-2018-8784 CVE-2018-8785 CVE-2018-8786 CVE-2018-8787 CVE-2018-8788 CVE-2018-8789 CVE-2018-8905 CVE-2019-0804 CVE-2019-1010180 CVE-2019-10207 CVE-2019-11041 CVE-2019-11042 CVE-2019-12290 CVE-2019-14814 CVE-2019-14815 CVE-2019-14816 CVE-2019-14835 CVE-2019-15030 CVE-2019-15031 CVE-2019-15090 CVE-2019-15098 CVE-2019-15117 CVE-2019-15118 CVE-2019-15211 CVE-2019-15212 CVE-2019-15214 CVE-2019-15215 CVE-2019-15216 CVE-2019-15217 CVE-2019-15218 CVE-2019-15219 CVE-2019-15220 CVE-2019-15221 CVE-2019-15222 CVE-2019-15239 CVE-2019-15290 CVE-2019-15292 CVE-2019-15538 CVE-2019-15666 CVE-2019-15902 CVE-2019-15917 CVE-2019-15919 CVE-2019-15920 CVE-2019-15921 CVE-2019-15924 CVE-2019-15926 CVE-2019-15927 CVE-2019-18224 CVE-2019-18804 CVE-2019-6486 CVE-2019-8595 CVE-2019-8607 CVE-2019-8615 CVE-2019-8644 CVE-2019-8649 CVE-2019-8658 CVE-2019-8666 CVE-2019-8669 CVE-2019-8671 CVE-2019-8672 CVE-2019-8673 CVE-2019-8676 CVE-2019-8677 CVE-2019-8678 CVE-2019-8679 CVE-2019-8680 CVE-2019-8681 CVE-2019-8683 CVE-2019-8684 CVE-2019-8686 CVE-2019-8687 CVE-2019-8688 CVE-2019-8689 CVE-2019-8690 CVE-2019-9456 CVE-2019-9511 CVE-2019-9513 CVE-2019-9516 SUSE-SU-2018:1889-1 SUSE-SU-2018:2305-1 SUSE-SU-2019:0539-1 SUSE-SU-2019:0586-1 SUSE-SU-2019:0651-1 SUSE-SU-2019:2428-1 SUSE-SU-2019:2503-1 SUSE-SU-2019:2559-1 SUSE-SU-2019:2902-1 SUSE-SU-2019:3033-1 SUSE-SU-2019:3086-1 SUSE-SU-2019:3393-1 Platform(s): SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise for SAP 12 SUSE Linux Enterprise High Availability 12 SP2 SUSE Linux Enterprise High Availability 12 SP3 SUSE Linux Enterprise High Availability 12 SP4 SUSE Linux Enterprise High Availability 15 SUSE Linux Enterprise High Availability 15 SP1 SUSE Linux Enterprise Module for additional PackageHub packages 15 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for High Performance Computing 12 SUSE Linux Enterprise Module for High Performance Computing 15 SUSE Linux Enterprise Module for High Performance Computing 15 SP1 SUSE Linux Enterprise Module for Legacy Software 12 SUSE Linux Enterprise Module for Legacy Software 15 SUSE Linux Enterprise Module for Legacy Software 15 SP1 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Module for Live Patching 15 SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Server Applications 15 SP1 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Module for Web Scripting 15 SUSE Linux Enterprise Module for Web Scripting 15 SP1 SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP2-LTSS SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server 11-SECURITY SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 SUSE Linux Enterprise Server for VMWare 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP3 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Software Development Kit 12 SP1 SUSE Linux Enterprise Workstation Extension 12 SP2 SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Workstation Extension 15 SP1 Product(s): Definition Synopsis SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 is installed AND Package Information ruby2.1-rubygem-chef-10.32.2-3 is installed OR rubygem-chef-10.32.2-3 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 is installed AND Package Information MozillaFirefox-31.1.0esr-1 is installed OR MozillaFirefox-translations-31.1.0esr-1 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP1 is installed AND Package Information libtirpc-0.2.3-13.3 is installed OR libtirpc1-0.2.3-13.3 is installed OR libtirpc1-32bit-0.2.3-13.3 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP2 is installed AND Package Information xen-4.7.1_02-25 is installed OR xen-libs-4.7.1_02-25 is installed OR xen-libs-32bit-4.7.1_02-25 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP4 is installed AND libmodplug1-0.8.9.0+git20170610.f6dd59a-15.4 is installed Definition Synopsis SUSE Linux Enterprise for SAP 12 is installed AND Package Information libgudev-1_0-0-210-70.58.1 is installed OR libgudev-1_0-0-32bit-210-70.58.1 is installed OR libudev1-210-70.58.1 is installed OR libudev1-32bit-210-70.58.1 is installed OR systemd-210-70.58.1 is installed OR systemd-32bit-210-70.58.1 is installed OR systemd-bash-completion-210-70.58.1 is installed OR systemd-sysvinit-210-70.58.1 is installed OR udev-210-70.58.1 is installed Definition Synopsis SUSE Linux Enterprise High Availability 12 SP2 is installed AND ctdb-4.4.2-29 is installed Definition Synopsis SUSE Linux Enterprise High Availability 12 SP3 is installed AND ctdb-4.6.5+git.27.6afd48b1083-2 is installed Definition Synopsis SUSE Linux Enterprise High Availability 12 SP4 is installed AND python-requests-2.11.1-6.28 is installed Definition Synopsis SUSE Linux Enterprise High Availability 15 is installed AND Package Information fence-agents-4.4.0+git.1558595666.5f79f9e9-4.6 is installed OR fence-agents-devel-4.4.0+git.1558595666.5f79f9e9-4.6 is installed Definition Synopsis SUSE Linux Enterprise High Availability 15 SP1 is installed AND Package Information cluster-md-kmp-default-4.12.14-197.4 is installed OR dlm-kmp-default-4.12.14-197.4 is installed OR gfs2-kmp-default-4.12.14-197.4 is installed OR kernel-default-4.12.14-197.4 is installed OR ocfs2-kmp-default-4.12.14-197.4 is installed Definition Synopsis SUSE Linux Enterprise Module for additional PackageHub packages 15 is installed AND Package Information php7-7.2.5-4.35 is installed OR php7-embed-7.2.5-4.35 is installed Definition Synopsis SUSE Linux Enterprise Module for Containers 12 is installed AND docker-1.6.2-31 is installed Definition Synopsis SUSE Linux Enterprise Module for Desktop Applications 15 is installed AND Package Information libtiff5-32bit-4.0.9-5.9 is installed OR tiff-4.0.9-5.9 is installed Definition Synopsis SUSE Linux Enterprise Module for High Performance Computing 12 is installed AND Package Information libslurm29-16.05.8.1-5 is installed OR perl-slurm-16.05.8.1-5 is installed OR slurm-16.05.8.1-5 is installed OR slurm-auth-none-16.05.8.1-5 is installed OR slurm-devel-16.05.8.1-5 is installed OR slurm-doc-16.05.8.1-5 is installed OR slurm-lua-16.05.8.1-5 is installed OR slurm-munge-16.05.8.1-5 is installed OR slurm-pam_slurm-16.05.8.1-5 is installed OR slurm-plugins-16.05.8.1-5 is installed OR slurm-sched-wiki-16.05.8.1-5 is installed OR slurm-slurmdbd-16.05.8.1-5 is installed Definition Synopsis SUSE Linux Enterprise Module for High Performance Computing 15 is installed AND Package Information libpmi0-17.11.7-6.3 is installed OR libslurm32-17.11.7-6.3 is installed OR perl-slurm-17.11.7-6.3 is installed OR slurm-17.11.7-6.3 is installed OR slurm-auth-none-17.11.7-6.3 is installed OR slurm-config-17.11.7-6.3 is installed OR slurm-devel-17.11.7-6.3 is installed OR slurm-doc-17.11.7-6.3 is installed OR slurm-lua-17.11.7-6.3 is installed OR slurm-munge-17.11.7-6.3 is installed OR slurm-node-17.11.7-6.3 is installed OR slurm-pam_slurm-17.11.7-6.3 is installed OR slurm-plugins-17.11.7-6.3 is installed OR slurm-slurmdbd-17.11.7-6.3 is installed OR slurm-sql-17.11.7-6.3 is installed OR slurm-torque-17.11.7-6.3 is installed Definition Synopsis SUSE Linux Enterprise Module for High Performance Computing 15 SP1 is installed AND Package Information libmunge2-0.5.13-4.3 is installed OR munge-0.5.13-4.3 is installed OR munge-devel-0.5.13-4.3 is installed Definition Synopsis SUSE Linux Enterprise Module for Legacy Software 12 is installed AND Package Information libopenssl0_9_8-0.9.8j-59 is installed OR libopenssl0_9_8-32bit-0.9.8j-59 is installed Definition Synopsis SUSE Linux Enterprise Module for Legacy Software 15 is installed AND Package Information kernel-default-4.12.14-25.16 is installed OR reiserfs-kmp-default-4.12.14-25.16 is installed Definition Synopsis SUSE Linux Enterprise Module for Legacy Software 15 SP1 is installed AND Package Information java-1_8_0-ibm-1.8.0_sr5.35-3.20 is installed OR java-1_8_0-ibm-alsa-1.8.0_sr5.35-3.20 is installed OR java-1_8_0-ibm-devel-1.8.0_sr5.35-3.20 is installed OR java-1_8_0-ibm-plugin-1.8.0_sr5.35-3.20 is installed Definition Synopsis SUSE Linux Enterprise Module for Live Patching 15 is installed AND Package Information kernel-livepatch-4_12_14-25_6-default-3-2 is installed OR kernel-livepatch-SLE15_Update_2-3-2 is installed Definition Synopsis SUSE Linux Enterprise Module for Live Patching 15 SP1 is installed AND Package Information kernel-livepatch-4_12_14-197_10-default-2-2 is installed OR kernel-livepatch-SLE15-SP1_Update_3-2-2 is installed Definition Synopsis SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 is installed AND Package Information kernel-default-4.12.14-150.35 is installed OR kernel-default-base-4.12.14-150.35 is installed OR kernel-docs-4.12.14-150.35 is installed OR kernel-docs-html-4.12.14-150.35 is installed OR kernel-obs-qa-4.12.14-150.35 is installed OR kselftests-kmp-default-4.12.14-150.35 is installed Definition Synopsis SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1 is installed AND Package Information gnutls-3.6.7-6.11 is installed OR gnutls-guile-3.6.7-6.11 is installed OR libgnutls-devel-32bit-3.6.7-6.11 is installed Definition Synopsis SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2 is installed AND Package Information MozillaFirefox-68.6.0-3.75 is installed OR MozillaFirefox-branding-upstream-68.6.0-3.75 is installed OR MozillaFirefox-buildsymbols-68.6.0-3.75 is installed OR MozillaFirefox-devel-68.6.0-3.75 is installed Definition Synopsis SUSE Linux Enterprise Module for Public Cloud 12 is installed AND python-pycrypto-2.6.1-1 is installed Definition Synopsis SUSE Linux Enterprise Module for Server Applications 15 is installed AND Package Information ovmf-2017+git1510945757.b2662641d5-5.14 is installed OR ovmf-tools-2017+git1510945757.b2662641d5-5.14 is installed OR qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-5.14 is installed OR qemu-uefi-aarch64-2017+git1510945757.b2662641d5-5.14 is installed Definition Synopsis SUSE Linux Enterprise Module for Server Applications 15 SP1 is installed AND Package Information nginx-1.14.2-6.3 is installed OR nginx-source-1.14.2-6.3 is installed Definition Synopsis SUSE Linux Enterprise Module for Web Scripting 12 is installed AND Package Information libpython3_4m1_0-3.4.1-2 is installed OR python3-base-3.4.1-2 is installed Definition Synopsis SUSE Linux Enterprise Module for Web Scripting 15 is installed AND Package Information apache2-mod_php7-7.2.5-4.32 is installed OR php7-7.2.5-4.32 is installed OR php7-bcmath-7.2.5-4.32 is installed OR php7-bz2-7.2.5-4.32 is installed OR php7-calendar-7.2.5-4.32 is installed OR php7-ctype-7.2.5-4.32 is installed OR php7-curl-7.2.5-4.32 is installed OR php7-dba-7.2.5-4.32 is installed OR php7-devel-7.2.5-4.32 is installed OR php7-dom-7.2.5-4.32 is installed OR php7-enchant-7.2.5-4.32 is installed OR php7-exif-7.2.5-4.32 is installed OR php7-fastcgi-7.2.5-4.32 is installed OR php7-fileinfo-7.2.5-4.32 is installed OR php7-fpm-7.2.5-4.32 is installed OR php7-ftp-7.2.5-4.32 is installed OR php7-gd-7.2.5-4.32 is installed OR php7-gettext-7.2.5-4.32 is installed OR php7-gmp-7.2.5-4.32 is installed OR php7-iconv-7.2.5-4.32 is installed OR php7-intl-7.2.5-4.32 is installed OR php7-json-7.2.5-4.32 is installed OR php7-ldap-7.2.5-4.32 is installed OR php7-mbstring-7.2.5-4.32 is installed OR php7-mysql-7.2.5-4.32 is installed OR php7-odbc-7.2.5-4.32 is installed OR php7-opcache-7.2.5-4.32 is installed OR php7-openssl-7.2.5-4.32 is installed OR php7-pcntl-7.2.5-4.32 is installed OR php7-pdo-7.2.5-4.32 is installed OR php7-pear-7.2.5-4.32 is installed OR php7-pear-Archive_Tar-7.2.5-4.32 is installed OR php7-pgsql-7.2.5-4.32 is installed OR php7-phar-7.2.5-4.32 is installed OR php7-posix-7.2.5-4.32 is installed OR php7-shmop-7.2.5-4.32 is installed OR php7-snmp-7.2.5-4.32 is installed OR php7-soap-7.2.5-4.32 is installed OR php7-sockets-7.2.5-4.32 is installed OR php7-sodium-7.2.5-4.32 is installed OR php7-sqlite-7.2.5-4.32 is installed OR php7-sysvmsg-7.2.5-4.32 is installed OR php7-sysvsem-7.2.5-4.32 is installed OR php7-sysvshm-7.2.5-4.32 is installed OR php7-tokenizer-7.2.5-4.32 is installed OR php7-wddx-7.2.5-4.32 is installed OR php7-xmlreader-7.2.5-4.32 is installed OR php7-xmlrpc-7.2.5-4.32 is installed OR php7-xmlwriter-7.2.5-4.32 is installed OR php7-xsl-7.2.5-4.32 is installed OR php7-zip-7.2.5-4.32 is installed OR php7-zlib-7.2.5-4.32 is installed Definition Synopsis SUSE Linux Enterprise Module for Web Scripting 15 SP1 is installed AND Package Information nodejs10-10.16.3-1.12 is installed OR nodejs10-devel-10.16.3-1.12 is installed OR nodejs10-docs-10.16.3-1.12 is installed OR npm10-10.16.3-1.12 is installed Definition Synopsis SUSE Linux Enterprise Server 12 is installed AND Package Information aaa_base-13.2+git20140911.61c1681-1 is installed OR aaa_base-extras-13.2+git20140911.61c1681-1 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information DirectFB-1.7.1-4 is installed OR lib++dfb-1_7-1-1.7.1-4 is installed OR libdirectfb-1_7-1-1.7.1-4 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND libXvMC1-1.0.8-3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information accountsservice-0.6.42-14 is installed OR accountsservice-lang-0.6.42-14 is installed OR libaccountsservice0-0.6.42-14 is installed OR typelib-1_0-AccountsService-1_0-0.6.42-14 is installed Definition Synopsis SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 is installed AND Package Information vorbis-tools-1.4.0-26 is installed OR vorbis-tools-lang-1.4.0-26 is installed Definition Synopsis SUSE Linux Enterprise Software Development Kit 12 is installed AND Package Information e2fsprogs-1.42.11-7.1 is installed OR e2fsprogs-devel-1.42.11-7.1 is installed OR libcom_err-devel-1.42.11-7.1 is installed OR libext2fs-devel-1.42.11-7.1 is installed Definition Synopsis SUSE Linux Enterprise Software Development Kit 12 SP1 is installed AND rpm-devel-4.11.2-10.1 is installed Definition Synopsis SUSE Linux Enterprise Workstation Extension 12 SP2 is installed AND Package Information freerdp-2.0.0~git.1463131968.4e66df7-11.69 is installed OR libfreerdp2-2.0.0~git.1463131968.4e66df7-11.69 is installed Definition Synopsis SUSE Linux Enterprise Workstation Extension 15 is installed AND Package Information kernel-default-4.12.14-25.3 is installed OR kernel-default-extra-4.12.14-25.3 is installed Definition Synopsis SUSE Linux Enterprise Workstation Extension 15 SP1 is installed AND Package Information evolution-3.26.6-4.3 is installed OR evolution-devel-3.26.6-4.3 is installed OR evolution-lang-3.26.6-4.3 is installed OR evolution-plugin-bogofilter-3.26.6-4.3 is installed OR evolution-plugin-pst-import-3.26.6-4.3 is installed OR evolution-plugin-spamassassin-3.26.6-4.3 is installed
BACK