Oval Definition:	oval:org.opensuse.security:def:2660
Revision Date: 2020-12-02 Version: 1 Title: Security update for tiff (Moderate) Description: This update for tiff fixes the following issues: Security issue fixed: - CVE-2018-10779: TIFFWriteScanline in tif_write.c had a heap-based buffer over-read, as demonstrated by bmp2tiff.(bsc#1092480) - CVE-2018-17100: There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file. (bsc#1108637) - CVE-2018-17101: There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. (bsc#1108627) - CVE-2018-17795: The function t2p_write_pdf in tiff2pdf.c allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935. (bsc#1110358) - CVE-2018-16335: newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. This is a different vulnerability than CVE-2018-15209. (bsc#1106853) Family: unix Class: patch Status: Reference(s): 1017693 1046299 1046303 1046305 1050244 1050536 1050545 1051510 1054594 1055186 1061840 1064802 1065600 1066129 1073513 1076410 1081516 1082635 1082696 1083647 1086323 1087092 1089644 1090631 1092480 1093205 1096254 1097583 1097584 1097585 1097586 1097587 1097588 1098291 1101674 1102604 1104662 1104841 1105361 1106420 1106853 1107507 1107944 1108086 1108395 1108627 1108637 1109158 1109412 1109413 1109414 1110194 1110279 1110358 1111996 1112182 1112534 1112535 1113247 1113252 1113255 1114279 1115015 1115022 1115025 1115717 1116827 1116998 1117058 1117665 1118644 1118830 1118831 1118952 1119461 1119465 1119558 1120114 1120115 1120116 1120117 1120118 1120119 1120120 1120121 1120122 1120640 1120813 1121034 1121035 1121056 1121816 1121821 1123034 1123080 1123642 1124667 1125665 1125687 1126325 1127458 1129528 1130129 1130840 1133131 1133140 1133232 1134303 1135642 1135854 1135873 1135966 1135967 1137040 1137799 1137990 1138190 1139073 1140090 1140729 1140845 1140883 1141600 1141913 1142635 1142667 1142772 1143706 1144338 1144375 1144449 1144903 1145099 1146612 1148410 1149119 1149429 1149955 1150452 1150457 1150465 1150875 1151186 1151508 1152590 1152624 1152685 1152788 1152791 1153112 1153158 1153236 1153238 1153263 1153423 1153476 1153509 1153646 1153713 1153717 1153718 1153719 1153811 1153869 1153969 1154016 1154025 1154108 1154189 1154354 1154372 1154578 1154607 1154608 1154610 1154611 1154651 1154737 1154738 1154747 1154848 1154858 1154905 1155178 1155179 1155184 1155186 1155671 990460 CVE-2016-10092 CVE-2016-10093 CVE-2016-10094 CVE-2016-6223 CVE-2017-12944 CVE-2018-1000876 CVE-2018-10779 CVE-2018-11713 CVE-2018-12207 CVE-2018-12473 CVE-2018-12474 CVE-2018-12476 CVE-2018-15126 CVE-2018-15127 CVE-2018-16335 CVE-2018-16843 CVE-2018-16844 CVE-2018-16845 CVE-2018-17100 CVE-2018-17101 CVE-2018-17358 CVE-2018-17359 CVE-2018-17360 CVE-2018-17795 CVE-2018-17985 CVE-2018-18309 CVE-2018-18384 CVE-2018-18483 CVE-2018-18484 CVE-2018-18605 CVE-2018-18606 CVE-2018-18607 CVE-2018-19210 CVE-2018-19931 CVE-2018-19932 CVE-2018-20019 CVE-2018-20020 CVE-2018-20021 CVE-2018-20022 CVE-2018-20023 CVE-2018-20024 CVE-2018-20623 CVE-2018-20651 CVE-2018-20671 CVE-2018-4162 CVE-2018-4163 CVE-2018-4165 CVE-2018-4191 CVE-2018-4197 CVE-2018-4207 CVE-2018-4208 CVE-2018-4209 CVE-2018-4210 CVE-2018-4212 CVE-2018-4213 CVE-2018-4299 CVE-2018-4306 CVE-2018-4309 CVE-2018-4312 CVE-2018-4314 CVE-2018-4315 CVE-2018-4316 CVE-2018-4317 CVE-2018-4318 CVE-2018-4319 CVE-2018-4323 CVE-2018-4328 CVE-2018-4345 CVE-2018-4358 CVE-2018-4359 CVE-2018-4361 CVE-2018-4372 CVE-2018-4373 CVE-2018-4375 CVE-2018-4376 CVE-2018-4378 CVE-2018-4382 CVE-2018-4386 CVE-2018-4392 CVE-2018-4416 CVE-2018-4437 CVE-2018-4438 CVE-2018-4441 CVE-2018-4442 CVE-2018-4443 CVE-2018-4464 CVE-2018-6307 CVE-2018-6323 CVE-2018-6543 CVE-2018-6759 CVE-2018-6872 CVE-2018-7208 CVE-2018-7568 CVE-2018-7569 CVE-2018-7570 CVE-2018-7642 CVE-2018-7643 CVE-2018-8945 CVE-2019-0154 CVE-2019-0155 CVE-2019-1010180 CVE-2019-10220 CVE-2019-11135 CVE-2019-11757 CVE-2019-11758 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762 CVE-2019-11763 CVE-2019-11764 CVE-2019-15903 CVE-2019-16056 CVE-2019-16232 CVE-2019-16233 CVE-2019-16234 CVE-2019-16935 CVE-2019-16995 CVE-2019-17056 CVE-2019-17133 CVE-2019-17666 CVE-2019-3840 CVE-2019-6109 CVE-2019-6111 CVE-2019-9947 SUSE-SU-2018:3327-1 SUSE-SU-2018:4008-1 SUSE-SU-2019:0080-1 SUSE-SU-2019:0092-1 SUSE-SU-2019:0334-1 SUSE-SU-2019:0496-1 SUSE-SU-2019:0540-1 SUSE-SU-2019:0707-1 SUSE-SU-2019:0936-1 SUSE-SU-2019:2743-1 SUSE-SU-2019:2780-1 SUSE-SU-2019:2871-1 Platform(s): SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise for SAP 12 SUSE Linux Enterprise High Availability 12 SP2 SUSE Linux Enterprise High Availability 12 SP3 SUSE Linux Enterprise High Availability 12 SP4 SUSE Linux Enterprise High Availability 15 SUSE Linux Enterprise Module for additional PackageHub packages 15 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for High Performance Computing 15 SUSE Linux Enterprise Module for High Performance Computing 15 SP1 SUSE Linux Enterprise Module for Legacy Software 12 SUSE Linux Enterprise Module for Legacy Software 15 SUSE Linux Enterprise Module for Legacy Software 15 SP1 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Module for Live Patching 15 SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Server Applications 15 SP1 SUSE Linux Enterprise Module for Web Scripting 15 SUSE Linux Enterprise Module for Web Scripting 15 SP1 SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server 11 SP1-CLIENT-TOOLS SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP2-LTSS SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server 11-SECURITY SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server for VMWare 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP3 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Software Development Kit 12 SP2 SUSE Linux Enterprise Workstation Extension 12 SP2 SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Workstation Extension 15 SP1 Product(s): Definition Synopsis SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 is installed AND python-Beaker-1.6.4-0.7 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 is installed AND cifs-utils-6.4-3 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP1 is installed AND Package Information accountsservice-0.6.35-3 is installed OR accountsservice-lang-0.6.35-3 is installed OR libaccountsservice0-0.6.35-3 is installed OR typelib-1_0-AccountsService-1_0-0.6.35-3 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP2 is installed AND Package Information gvim-7.4.326-7 is installed OR vim-7.4.326-7 is installed OR vim-data-7.4.326-7 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP4 is installed AND Package Information libpng16-16-1.6.8-14 is installed OR libpng16-16-32bit-1.6.8-14 is installed Definition Synopsis SUSE Linux Enterprise for SAP 12 is installed AND Package Information kgraft-patch-3_12_60-52_54-default-4-2.1 is installed OR kgraft-patch-3_12_60-52_54-xen-4-2.1 is installed OR kgraft-patch-SLE12_Update_15-4-2.1 is installed Definition Synopsis SUSE Linux Enterprise High Availability 12 SP2 is installed AND Package Information cluster-md-kmp-default-4.4.21-69 is installed OR cluster-network-kmp-default-4.4.21-69 is installed OR dlm-kmp-default-4.4.21-69 is installed OR gfs2-kmp-default-4.4.21-69 is installed OR ocfs2-kmp-default-4.4.21-69 is installed Definition Synopsis SUSE Linux Enterprise High Availability 12 SP3 is installed AND conntrack-tools-1.4.2-5 is installed Definition Synopsis SUSE Linux Enterprise High Availability 12 SP4 is installed AND haproxy-1.6.11-10 is installed Definition Synopsis SUSE Linux Enterprise High Availability 15 is installed AND Package Information ctdb-4.7.8+git.86.94b6d10f7dd-4.15 is installed OR samba-4.7.8+git.86.94b6d10f7dd-4.15 is installed Definition Synopsis SUSE Linux Enterprise Module for additional PackageHub packages 15 is installed AND Package Information avahi-0.6.32-5.5 is installed OR python-avahi-0.6.32-5.5 is installed OR samba-4.7.11+git.153.b36ceaf2235-4.27 is installed OR samba-python-4.7.11+git.153.b36ceaf2235-4.27 is installed Definition Synopsis SUSE Linux Enterprise Module for Advanced Systems Management 12 is installed AND Package Information puppet-3.6.2-3 is installed OR puppet-server-3.6.2-3 is installed Definition Synopsis SUSE Linux Enterprise Module for Containers 12 is installed AND python-PyYAML-3.10-15 is installed Definition Synopsis SUSE Linux Enterprise Module for Desktop Applications 15 is installed AND Package Information libtiff5-32bit-4.0.9-5.14 is installed OR tiff-4.0.9-5.14 is installed Definition Synopsis SUSE Linux Enterprise Module for High Performance Computing 15 is installed AND Package Information libpmi0-17.11.13-6.18 is installed OR libslurm32-17.11.13-6.18 is installed OR perl-slurm-17.11.13-6.18 is installed OR slurm-17.11.13-6.18 is installed OR slurm-auth-none-17.11.13-6.18 is installed OR slurm-config-17.11.13-6.18 is installed OR slurm-devel-17.11.13-6.18 is installed OR slurm-doc-17.11.13-6.18 is installed OR slurm-lua-17.11.13-6.18 is installed OR slurm-munge-17.11.13-6.18 is installed OR slurm-node-17.11.13-6.18 is installed OR slurm-pam_slurm-17.11.13-6.18 is installed OR slurm-plugins-17.11.13-6.18 is installed OR slurm-slurmdbd-17.11.13-6.18 is installed OR slurm-sql-17.11.13-6.18 is installed OR slurm-torque-17.11.13-6.18 is installed Definition Synopsis SUSE Linux Enterprise Module for High Performance Computing 15 SP1 is installed AND Package Information libslurm32-17.11.13-6.18 is installed OR slurm-17.11.13-6.18 is installed Definition Synopsis SUSE Linux Enterprise Module for Legacy Software 12 is installed AND Package Information cups154-1.5.4-2 is installed OR cups154-client-1.5.4-2 is installed OR cups154-filters-1.5.4-2 is installed OR cups154-libs-1.5.4-2 is installed Definition Synopsis SUSE Linux Enterprise Module for Legacy Software 15 is installed AND Package Information java-1_8_0-openjdk-1.8.0.171-3.3 is installed OR java-1_8_0-openjdk-demo-1.8.0.171-3.3 is installed OR java-1_8_0-openjdk-devel-1.8.0.171-3.3 is installed OR java-1_8_0-openjdk-headless-1.8.0.171-3.3 is installed Definition Synopsis SUSE Linux Enterprise Module for Legacy Software 15 SP1 is installed AND Package Information kernel-default-4.12.14-197.7 is installed OR reiserfs-kmp-default-4.12.14-197.7 is installed Definition Synopsis SUSE Linux Enterprise Module for Live Patching 15 is installed AND Package Information kernel-default-4.12.14-25.13 is installed OR kernel-default-livepatch-4.12.14-25.13 is installed Definition Synopsis SUSE Linux Enterprise Module for Live Patching 15 SP1 is installed AND Package Information kernel-livepatch-4_12_14-195-default-5-13 is installed OR kernel-livepatch-SLE15-SP1_Update_0-5-13 is installed Definition Synopsis SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 is installed AND Package Information python-2.7.14-7.24 is installed OR python-demo-2.7.14-7.24 is installed OR python-doc-2.7.14-7.24 is installed OR python-doc-pdf-2.7.14-7.24 is installed OR python-idle-2.7.14-7.24 is installed Definition Synopsis SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1 is installed AND Package Information jakarta-commons-fileupload-1.1.1-4.3 is installed OR jakarta-commons-fileupload-javadoc-1.1.1-4.3 is installed Definition Synopsis SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2 is installed AND Package Information cups-2.2.7-3.17 is installed OR cups-devel-32bit-2.2.7-3.17 is installed OR libcupscgi1-32bit-2.2.7-3.17 is installed OR libcupsimage2-32bit-2.2.7-3.17 is installed OR libcupsmime1-32bit-2.2.7-3.17 is installed OR libcupsppdc1-32bit-2.2.7-3.17 is installed Definition Synopsis SUSE Linux Enterprise Module for Public Cloud 12 is installed AND python-requests-2.3.0-1 is installed Definition Synopsis SUSE Linux Enterprise Module for Server Applications 15 SP1 is installed AND Package Information apache2-2.4.33-3.21 is installed OR apache2-devel-2.4.33-3.21 is installed OR apache2-doc-2.4.33-3.21 is installed OR apache2-prefork-2.4.33-3.21 is installed OR apache2-utils-2.4.33-3.21 is installed OR apache2-worker-2.4.33-3.21 is installed Definition Synopsis SUSE Linux Enterprise Module for Web Scripting 15 is installed AND Package Information nodejs10-10.16.0-1.9 is installed OR nodejs10-devel-10.16.0-1.9 is installed OR nodejs10-docs-10.16.0-1.9 is installed OR npm10-10.16.0-1.9 is installed Definition Synopsis SUSE Linux Enterprise Module for Web Scripting 15 SP1 is installed AND Package Information nodejs8-8.15.1-3.17 is installed OR nodejs8-devel-8.15.1-3.17 is installed OR nodejs8-docs-8.15.1-3.17 is installed OR npm8-8.15.1-3.17 is installed Definition Synopsis SUSE Linux Enterprise Server 12 is installed AND Package Information apache-commons-daemon-1.0.15-4 is installed OR apache-commons-daemon-javadoc-1.0.15-4 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information DirectFB-1.7.1-4 is installed OR lib++dfb-1_7-1-1.7.1-4 is installed OR libdirectfb-1_7-1-1.7.1-4 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information libicu-doc-52.1-7 is installed OR libicu52_1-52.1-7 is installed OR libicu52_1-32bit-52.1-7 is installed OR libicu52_1-data-52.1-7 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND apache2-mod_perl-2.0.8-11 is installed Definition Synopsis SUSE Linux Enterprise Software Development Kit 12 is installed AND augeas-devel-1.2.0-1 is installed Definition Synopsis SUSE Linux Enterprise Software Development Kit 12 SP2 is installed AND Package Information ant-1.9.4-1.6 is installed OR ant-jmf-1.9.4-1.6 is installed OR ant-scripts-1.9.4-1.6 is installed OR ant-swing-1.9.4-1.6 is installed Definition Synopsis SUSE Linux Enterprise Workstation Extension 12 SP2 is installed AND libproxy1-networkmanager-32bit-0.4.13-16.6 is installed Definition Synopsis SUSE Linux Enterprise Workstation Extension 15 is installed AND Package Information kernel-default-4.12.14-25.13 is installed OR kernel-default-extra-4.12.14-25.13 is installed Definition Synopsis SUSE Linux Enterprise Workstation Extension 15 SP1 is installed AND Package Information openconnect-7.08-6.3 is installed OR openconnect-devel-7.08-6.3 is installed OR openconnect-lang-7.08-6.3 is installed
BACK