Oval Definition:oval:org.opensuse.security:def:51068
Revision Date:2020-12-01Version:1
Title:Security update for tiff (Moderate)
Description:

This update for tiff fixes the following security issues:

These security issues were fixed:

- CVE-2017-18013: Fixed a NULL pointer dereference in the tif_print.cTIFFPrintDirectory function that could have lead to denial of service (bsc#1074317). - CVE-2018-10963: Fixed an assertion failure in the TIFFWriteDirectorySec() function in tif_dirwrite.c, which allowed remote attackers to cause a denial of service via a crafted file (bsc#1092949). - CVE-2018-7456: Prevent a NULL Pointer dereference in the function TIFFPrintDirectory when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013 (bsc#1082825). - CVE-2017-11613: Prevent denial of service in the TIFFOpen function. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In the ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called based on td_imagelength. If the value of td_imagelength is set close to the amount of system memory, it will hang the system or trigger the OOM killer (bsc#1082332). - CVE-2018-8905: Prevent heap-based buffer overflow in the function LZWDecodeCompat via a crafted TIFF file (bsc#1086408).
Family:unixClass:patch
Status:Reference(s):1012382
1031392
1050549
1051510
1052904
1053043
1055117
1055120
1055121
1061840
1065600
1065729
1070872
1074317
1082332
1082519
1082555
1082825
1083647
1085030
1085535
1085536
1086408
1088804
1090078
1092949
1094244
1097583
1097584
1097585
1097586
1097587
1097588
1098782
1100132
1101669
1102495
1103259
1103269
1103405
1103587
1103636
1104888
1105190
1105795
1106105
1106240
1106948
1107783
1107829
1107928
1107947
1108096
1108170
1108281
1108323
1108399
1108823
1109244
1109333
1109336
1109337
1109603
1109806
1109859
1109979
1109992
1110006
1110301
1110363
1110639
1110642
1110643
1110644
1110645
1110646
1110647
1110649
1110650
1111331
1112128
1112178
1113399
1113722
1114279
1114542
1114638
1119086
1119680
1120318
1120902
1122292
1122293
1122299
1122767
1123105
1124493
1125342
1126221
1126356
1126704
1126740
1127175
1127371
1127372
1127374
1127378
1127445
1128158
1128415
1128544
1129276
1129770
1130130
1130154
1130195
1130335
1130336
1130337
1130338
1130425
1130427
1130518
1130527
1130567
1131062
1131107
1131167
1131168
1131169
1131170
1131171
1131172
1131173
1131174
1131175
1131176
1131177
1131178
1131179
1131180
1131290
1131335
1131336
1131416
1131427
1131442
1131467
1131574
1131587
1131659
1131673
1131847
1131848
1131851
1131900
1131934
1131935
1132083
1132219
1132226
1132227
1132365
1132368
1132369
1132370
1132372
1132373
1132384
1132397
1132402
1132403
1132404
1132405
1132407
1132411
1132412
1132413
1132414
1132426
1132527
1132531
1132555
1132558
1132561
1132562
1132563
1132564
1132570
1132571
1132572
1132589
1132618
1132681
1132726
1132828
1132943
1133005
1133094
1133095
1133115
1133149
1133486
1133529
1133584
1133667
1133668
1133672
1133674
1133675
1133698
1133702
1133731
1133769
1133772
1133774
1133778
1133779
1133780
1133825
1133850
1133851
1133852
1142721
1142743
1155798
1165692
1168468
1171675
1171688
1171746
1171863
1171864
1171866
1172140
1172348
1172356
1172437
1173477
1174003
1174098
1174157
1174543
1174662
1175599
1175621
1175807
1176019
1176400
1176907
1176979
1177090
1177109
1177121
1177193
1177194
1177206
1177258
1177271
1177283
1177284
1177285
1177286
1177297
1177384
1177409
1177412
1177413
1177414
1177511
1177617
1177681
1177683
1177687
1177694
1177697
1177719
1177724
1177725
1177726
1177943
954532
CVE-2009-0163
CVE-2009-2820
CVE-2009-3553
CVE-2010-0393
CVE-2010-0540
CVE-2010-0542
CVE-2010-1748
CVE-2010-2941
CVE-2012-5519
CVE-2012-6094
CVE-2013-6473
CVE-2013-6474
CVE-2013-6475
CVE-2013-6476
CVE-2014-2707
CVE-2014-2856
CVE-2014-3537
CVE-2014-4336
CVE-2014-4337
CVE-2014-4338
CVE-2014-5029
CVE-2014-5030
CVE-2014-5031
CVE-2017-11613
CVE-2017-18013
CVE-2017-18922
CVE-2018-1000199
CVE-2018-10963
CVE-2018-11212
CVE-2018-11782
CVE-2018-12126
CVE-2018-12127
CVE-2018-12130
CVE-2018-14633
CVE-2018-16880
CVE-2018-17182
CVE-2018-1890
CVE-2018-7456
CVE-2018-8905
CVE-2019-0203
CVE-2019-11091
CVE-2019-15666
CVE-2019-2422
CVE-2019-2449
CVE-2019-3820
CVE-2019-3882
CVE-2019-9003
CVE-2019-9500
CVE-2019-9503
CVE-2020-10543
CVE-2020-10757
CVE-2020-10878
CVE-2020-12351
CVE-2020-12352
CVE-2020-12723
CVE-2020-14556
CVE-2020-14577
CVE-2020-14578
CVE-2020-14579
CVE-2020-14581
CVE-2020-14583
CVE-2020-14593
CVE-2020-14621
CVE-2020-14779
CVE-2020-14781
CVE-2020-14782
CVE-2020-14792
CVE-2020-14796
CVE-2020-14797
CVE-2020-14798
CVE-2020-14803
CVE-2020-24490
CVE-2020-25641
CVE-2020-25643
CVE-2020-25645
CVE-2020-27670
CVE-2020-27671
CVE-2020-27672
CVE-2020-27673
CVE-2020-9862
CVE-2020-9893
CVE-2020-9894
CVE-2020-9895
CVE-2020-9915
CVE-2020-9925
SUSE-SU-2018:1889-1
SUSE-SU-2018:3158-1
SUSE-SU-2019:0585-1
SUSE-SU-2019:1459-1
SUSE-SU-2019:2031-1
SUSE-SU-2020:1671-1
SUSE-SU-2020:1682-1
SUSE-SU-2020:1873-1
SUSE-SU-2020:2158-1
SUSE-SU-2020:2980-1
Platform(s):SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Desktop 11 SP4
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Desktop 12 SP4
SUSE Linux Enterprise Module for additional PackageHub packages 15 SP2
SUSE Linux Enterprise Module for Desktop Applications 15
SUSE Linux Enterprise Module for Legacy Software 15
SUSE Linux Enterprise Module for Live Patching 15
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2
SUSE Linux Enterprise Module for Server Applications 15
SUSE Linux Enterprise Module for Server Applications 15 SP1
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Workstation Extension 15
SUSE Linux Enterprise Workstation Extension 15 SP2
SUSE OpenStack Cloud 6
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP2 is installed
  • AND ruby-1.8.7.p357-0.9.13 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP4 is installed
  • AND Package Information
  • MozillaFirefox-38.7.0esr-37 is installed
  • OR MozillaFirefox-translations-38.7.0esr-37 is installed
  • OR libfreebl3-3.20.2-28 is installed
  • OR libfreebl3-32bit-3.20.2-28 is installed
  • OR libsoftokn3-3.20.2-28 is installed
  • OR libsoftokn3-32bit-3.20.2-28 is installed
  • OR mozilla-nspr-4.12-24 is installed
  • OR mozilla-nspr-32bit-4.12-24 is installed
  • OR mozilla-nss-3.20.2-28 is installed
  • OR mozilla-nss-32bit-3.20.2-28 is installed
  • OR mozilla-nss-tools-3.20.2-28 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 is installed
  • AND Package Information
  • cups-1.7.5-2 is installed
  • OR cups-client-1.7.5-2 is installed
  • OR cups-libs-1.7.5-2 is installed
  • OR cups-libs-32bit-1.7.5-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP1 is installed
  • AND Package Information
  • accountsservice-0.6.35-3 is installed
  • OR accountsservice-lang-0.6.35-3 is installed
  • OR libaccountsservice0-0.6.35-3 is installed
  • OR typelib-1_0-AccountsService-1_0-0.6.35-3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP2 is installed
  • AND busybox-1.21.1-3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP3 is installed
  • AND Package Information
  • file-5.19-9 is installed
  • OR file-magic-5.19-9 is installed
  • OR libmagic1-5.19-9 is installed
  • OR libmagic1-32bit-5.19-9 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP4 is installed
  • AND hyper-v-7-7 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for additional PackageHub packages 15 SP2 is installed
  • AND Package Information
  • LibVNCServer-0.9.10-4.19 is installed
  • OR libvncserver0-0.9.10-4.19 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Desktop Applications 15 is installed
  • AND Package Information
  • libtiff5-32bit-4.0.9-5.9 is installed
  • OR tiff-4.0.9-5.9 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Legacy Software 15 is installed
  • AND Package Information
  • java-1_8_0-ibm-1.8.0_sr5.30-3.16 is installed
  • OR java-1_8_0-ibm-alsa-1.8.0_sr5.30-3.16 is installed
  • OR java-1_8_0-ibm-devel-1.8.0_sr5.30-3.16 is installed
  • OR java-1_8_0-ibm-plugin-1.8.0_sr5.30-3.16 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Live Patching 15 is installed
  • AND Package Information
  • kernel-default-4.12.14-25.22 is installed
  • OR kernel-default-livepatch-4.12.14-25.22 is installed
  • OR kernel-livepatch-4_12_14-25_22-default-1-1.3 is installed
  • OR kernel-livepatch-SLE15_Update_6-1-1.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2 is installed
  • AND Package Information
  • libjavascriptcoregtk-4_0-18-32bit-2.28.4-3.6 is installed
  • OR libwebkit2gtk-4_0-37-32bit-2.28.4-3.6 is installed
  • OR webkit-jsc-4-2.28.4-3.6 is installed
  • OR webkit2gtk3-2.28.4-3.6 is installed
  • OR webkit2gtk3-minibrowser-2.28.4-3.6 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Server Applications 15 is installed
  • AND Package Information
  • subversion-1.10.6-3.6 is installed
  • OR subversion-server-1.10.6-3.6 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Server Applications 15 SP1 is installed
  • AND Package Information
  • xen-4.12.3_06-3.25 is installed
  • OR xen-devel-4.12.3_06-3.25 is installed
  • OR xen-tools-4.12.3_06-3.25 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1 is installed
  • AND Package Information
  • dhcp-4.3.3-9 is installed
  • OR dhcp-client-4.3.3-9 is installed
  • OR dhcp-relay-4.3.3-9 is installed
  • OR dhcp-server-4.3.3-9 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1-LTSS is installed
  • AND Package Information
  • kgraft-patch-3_12_74-60_64_63-default-6-2 is installed
  • OR kgraft-patch-3_12_74-60_64_63-xen-6-2 is installed
  • OR kgraft-patch-SLE12-SP1_Update_22-6-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND cifs-utils-6.5-8 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • kernel-firmware-20170530-21.22 is installed
  • OR ucode-amd-20170530-21.22 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • git-2.12.3-27.14 is installed
  • OR git-core-2.12.3-27.14 is installed
  • OR git-doc-2.12.3-27.14 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND Package Information
  • libwireshark9-2.4.9-48.29 is installed
  • OR libwiretap7-2.4.9-48.29 is installed
  • OR libwscodecs1-2.4.9-48.29 is installed
  • OR libwsutil8-2.4.9-48.29 is installed
  • OR wireshark-2.4.9-48.29 is installed
  • OR wireshark-gtk-2.4.9-48.29 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • colord-gtk-lang-0.1.26-6 is installed
  • OR libcolord-gtk1-0.1.26-6 is installed
  • OR libcolord2-1.3.3-12 is installed
  • OR libcolord2-32bit-1.3.3-12 is installed
  • OR libcolorhug2-1.3.3-12 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
  • AND Package Information
  • glib2-2.48.2-12.15 is installed
  • OR glib2-lang-2.48.2-12.15 is installed
  • OR glib2-tools-2.48.2-12.15 is installed
  • OR libgio-2_0-0-2.48.2-12.15 is installed
  • OR libgio-2_0-0-32bit-2.48.2-12.15 is installed
  • OR libglib-2_0-0-2.48.2-12.15 is installed
  • OR libglib-2_0-0-32bit-2.48.2-12.15 is installed
  • OR libgmodule-2_0-0-2.48.2-12.15 is installed
  • OR libgmodule-2_0-0-32bit-2.48.2-12.15 is installed
  • OR libgobject-2_0-0-2.48.2-12.15 is installed
  • OR libgobject-2_0-0-32bit-2.48.2-12.15 is installed
  • OR libgthread-2_0-0-2.48.2-12.15 is installed
  • OR libgthread-2_0-0-32bit-2.48.2-12.15 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • libsolv-0.6.36-2.16 is installed
  • OR libsolv-tools-0.6.36-2.16 is installed
  • OR libzypp-16.20.0-2.39 is installed
  • OR perl-solv-0.6.36-2.16 is installed
  • OR python-solv-0.6.36-2.16 is installed
  • OR zypper-1.13.51-21.26 is installed
  • OR zypper-log-1.13.51-21.26 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • libpython2_7-1_0-2.7.13-28.8 is installed
  • OR libpython2_7-1_0-32bit-2.7.13-28.8 is installed
  • OR python-2.7.13-28.8 is installed
  • OR python-32bit-2.7.13-28.8 is installed
  • OR python-base-2.7.13-28.8 is installed
  • OR python-base-32bit-2.7.13-28.8 is installed
  • OR python-curses-2.7.13-28.8 is installed
  • OR python-demo-2.7.13-28.8 is installed
  • OR python-doc-2.7.13-28.8 is installed
  • OR python-doc-pdf-2.7.13-28.8 is installed
  • OR python-gdbm-2.7.13-28.8 is installed
  • OR python-idle-2.7.13-28.8 is installed
  • OR python-tk-2.7.13-28.8 is installed
  • OR python-xml-2.7.13-28.8 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND coolkey-1.1.0-148.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 15-LTSS is installed
  • AND Package Information
  • perl-5.26.1-7.12 is installed
  • OR perl-base-5.26.1-7.12 is installed
  • OR perl-base-32bit-5.26.1-7.12 is installed
  • OR perl-doc-5.26.1-7.12 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Workstation Extension 15 is installed
  • AND Package Information
  • kernel-default-4.12.14-150.17 is installed
  • OR kernel-default-extra-4.12.14-150.17 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Workstation Extension 15 SP2 is installed
  • AND Package Information
  • kernel-default-5.3.18-24.29 is installed
  • OR kernel-default-extra-5.3.18-24.29 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 6 is installed
  • AND ntp-4.2.8p4-1 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND Package Information
  • storm-1.0.5-5 is installed
  • OR storm-nimbus-1.0.5-5 is installed
  • OR storm-supervisor-1.0.5-5 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND Package Information
  • dovecot22-2.2.31-19.17 is installed
  • OR dovecot22-backend-mysql-2.2.31-19.17 is installed
  • OR dovecot22-backend-pgsql-2.2.31-19.17 is installed
  • OR dovecot22-backend-sqlite-2.2.31-19.17 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND couchdb-1.7.2-3.6 is installed
    • BACK