Oval Definition:oval:org.opensuse.security:def:56530
Revision Date:2020-12-01Version:1
Title:Security update for tiff (Moderate)
Description:

This update for tiff fixes the following issues:

These security issues were fixed:

- CVE-2017-18013: There was a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash. (bsc#1074317) - CVE-2018-10963: The TIFFWriteDirectorySec() function in tif_dirwrite.c allowed remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726. (bsc#1092949) - CVE-2018-7456: Prevent a NULL Pointer dereference in the function TIFFPrintDirectory when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013 (bsc#1082825) - CVE-2017-11613: Prevent denial of service in the TIFFOpen function. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In the ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called based on td_imagelength. If the value of td_imagelength is set close to the amount of system memory, it will hang the system or trigger the OOM killer (bsc#1082332) - CVE-2018-8905: Prevent heap-based buffer overflow in the function LZWDecodeCompat via a crafted TIFF file (bsc#1086408) - CVE-2016-8331: Prevent remote code execution because of incorrect handling of TIFF images. A crafted TIFF document could have lead to a type confusion vulnerability resulting in remote code execution. This vulnerability could have been be triggered via a TIFF file delivered to the application using LibTIFF's tag extension functionality (bsc#1007276) - CVE-2016-3632: The _TIFFVGetField function allowed remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image (bsc#974621)
Family:unixClass:patch
Status:Reference(s):1007276
1013992
1013993
1022043
1046856
1074317
1076017
1079405
1080074
1082332
1082825
1083488
1085114
1085447
1086408
1087066
1087102
1090023
1090024
1090025
1090026
1090027
1090028
1090029
1090030
1090032
1090033
1092548
1092885
1092949
1109756
1129180
1131863
1134156
1140359
1146882
1146884
865241
910683
914442
937766
945582
950110
950111
955210
974621
CVE-2008-4225
CVE-2008-4226
CVE-2008-4409
CVE-2012-2417
CVE-2012-5134
CVE-2013-1445
CVE-2014-1829
CVE-2014-1830
CVE-2014-8484
CVE-2014-8485
CVE-2014-8501
CVE-2014-8502
CVE-2014-8503
CVE-2014-8504
CVE-2014-8737
CVE-2014-8738
CVE-2014-9636
CVE-2014-9913
CVE-2015-2296
CVE-2015-4000
CVE-2015-6908
CVE-2015-7696
CVE-2015-7697
CVE-2016-3632
CVE-2016-8331
CVE-2016-9844
CVE-2017-1000083
CVE-2017-11613
CVE-2017-13166
CVE-2017-13726
CVE-2017-18013
CVE-2017-2592
CVE-2018-0739
CVE-2018-1000004
CVE-2018-1000035
CVE-2018-1068
CVE-2018-10963
CVE-2018-2790
CVE-2018-2794
CVE-2018-2795
CVE-2018-2796
CVE-2018-2797
CVE-2018-2798
CVE-2018-2799
CVE-2018-2800
CVE-2018-2814
CVE-2018-2815
CVE-2018-3639
CVE-2018-5150
CVE-2018-5154
CVE-2018-5155
CVE-2018-5157
CVE-2018-5158
CVE-2018-5159
CVE-2018-5168
CVE-2018-5174
CVE-2018-5178
CVE-2018-5183
CVE-2018-7456
CVE-2018-7566
CVE-2018-8905
CVE-2019-12973
CVE-2019-14811
CVE-2019-14812
CVE-2019-14813
CVE-2019-14817
CVE-2019-3835
CVE-2019-3839
SUSE-SU-2016:0224-1
SUSE-SU-2017:1894-1
SUSE-SU-2018:0902-1
SUSE-SU-2018:1014-1
SUSE-SU-2018:1334-1
SUSE-SU-2018:1362-1
SUSE-SU-2018:1690-1
SUSE-SU-2018:1826-1
SUSE-SU-2018:2978-1
SUSE-SU-2018:3924-1
SUSE-SU-2019:2478-1
SUSE-SU-403
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE OpenStack Cloud 6
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND lftp-4.8.3-lp150.2 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • ncat-7.70-lp151.3.3 is installed
  • OR ndiff-7.70-lp151.3.3 is installed
  • OR nmap-7.70-lp151.3.3 is installed
  • OR nping-7.70-lp151.3.3 is installed
  • OR zenmap-7.70-lp151.3.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP3 is installed
  • AND Package Information
  • libtiff5-4.0.9-44.15 is installed
  • OR libtiff5-32bit-4.0.9-44.15 is installed
  • OR tiff-4.0.9-44.15 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1 is installed
  • AND python-libxml2-2.9.1-10 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1-LTSS is installed
  • AND Package Information
  • java-1_8_0-openjdk-1.8.0.171-27.19 is installed
  • OR java-1_8_0-openjdk-demo-1.8.0.171-27.19 is installed
  • OR java-1_8_0-openjdk-devel-1.8.0.171-27.19 is installed
  • OR java-1_8_0-openjdk-headless-1.8.0.171-27.19 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND binutils-2.26.1-9.12 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • cups-1.7.5-20.29 is installed
  • OR cups-client-1.7.5-20.29 is installed
  • OR cups-libs-1.7.5-20.29 is installed
  • OR cups-libs-32bit-1.7.5-20.29 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • kgraft-patch-4_4_103-92_53-default-10-2 is installed
  • OR kgraft-patch-SLE12-SP2_Update_16-10-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • gstreamer-plugins-good-1.8.3-15 is installed
  • OR gstreamer-plugins-good-lang-1.8.3-15 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • libsolv-0.6.36-2.16 is installed
  • OR libsolv-tools-0.6.36-2.16 is installed
  • OR libzypp-16.20.0-2.39 is installed
  • OR perl-solv-0.6.36-2.16 is installed
  • OR python-solv-0.6.36-2.16 is installed
  • OR zypper-1.13.51-21.26 is installed
  • OR zypper-log-1.13.51-21.26 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND unzip-6.00-33.13 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • gstreamer-plugins-good-1.8.3-15 is installed
  • OR gstreamer-plugins-good-lang-1.8.3-15 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 6 is installed
  • AND python-pycrypto-2.6.1-2 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND Package Information
  • python-oslo.cache-1.14.1-3.3 is installed
  • OR python-oslo.concurrency-3.14.1-3.3 is installed
  • OR python-oslo.db-4.13.6-3.3 is installed
  • OR python-oslo.log-3.16.1-3.3 is installed
  • OR python-oslo.messaging-5.10.2-3.6 is installed
  • OR python-oslo.middleware-3.19.1-4.3 is installed
  • OR python-oslo.serialization-2.13.2-3.3 is installed
  • OR python-oslo.service-1.16.1-3.3 is installed
  • OR python-oslo.utils-3.16.1-3.3 is installed
  • OR python-oslo.versionedobjects-1.17.1-3.3 is installed
  • OR python-oslo.vmware-2.14.1-3.3 is installed
  • OR python-oslotest-2.10.1-3.3 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND Package Information
  • java-1_8_0-ibm-1.8.0_sr6.0-30.60 is installed
  • OR java-1_8_0-ibm-alsa-1.8.0_sr6.0-30.60 is installed
  • OR java-1_8_0-ibm-plugin-1.8.0_sr6.0-30.60 is installed
    • BACK