Oval Definition:	oval:org.opensuse.security:def:56630
Revision Date: 2020-12-01 Version: 1 Title: Security update for tiff (Moderate) Description: This update for tiff fixes the following issues: - CVE-2018-17100: There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file. (bsc#1108637) - CVE-2018-17101: There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. (bsc#1108627) - CVE-2018-17795: The function t2p_write_pdf in tiff2pdf.c allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935. (bsc#1110358) - CVE-2018-16335: newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. This is a different vulnerability than CVE-2018-15209. (bsc#1106853) Family: unix Class: patch Status: Reference(s): 1012422 1045205 1050231 1052311 1052368 1066569 1066693 1067678 1068032 1068386 1068671 1070771 1070781 1071074 1071470 1071693 1071694 1071695 1072561 1072876 1076390 1081557 1082810 1100973 1106853 1108627 1108637 1110358 1122292 1122299 1129180 1131863 1134156 1140359 1141780 1141782 1141783 1141785 1141787 1141789 1145092 1145559 1146882 1146884 1147021 1171252 1171254 929900 955131 958861 969785 984802 988729 991344 999701 CVE-2013-1990 CVE-2013-1999 CVE-2015-8000 CVE-2016-2851 CVE-2016-4985 CVE-2016-5250 CVE-2016-5257 CVE-2016-5261 CVE-2016-5270 CVE-2016-5272 CVE-2016-5274 CVE-2016-5276 CVE-2016-5277 CVE-2016-5278 CVE-2016-5280 CVE-2016-5281 CVE-2016-5284 CVE-2017-1000112 CVE-2017-11600 CVE-2017-11613 CVE-2017-12636 CVE-2017-13167 CVE-2017-15115 CVE-2017-15868 CVE-2017-16534 CVE-2017-16538 CVE-2017-17448 CVE-2017-17449 CVE-2017-17450 CVE-2017-17558 CVE-2017-18190 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2017-8824 CVE-2017-9935 CVE-2018-11212 CVE-2018-16335 CVE-2018-17100 CVE-2018-17101 CVE-2018-17795 CVE-2018-2579 CVE-2018-2582 CVE-2018-2588 CVE-2018-2599 CVE-2018-2602 CVE-2018-2603 CVE-2018-2618 CVE-2018-2633 CVE-2018-2634 CVE-2018-2637 CVE-2018-2638 CVE-2018-2639 CVE-2018-2641 CVE-2018-2663 CVE-2018-2677 CVE-2018-2678 CVE-2018-8007 CVE-2019-10208 CVE-2019-11500 CVE-2019-11771 CVE-2019-11772 CVE-2019-11775 CVE-2019-12973 CVE-2019-14811 CVE-2019-14812 CVE-2019-14813 CVE-2019-14817 CVE-2019-2449 CVE-2019-2762 CVE-2019-2766 CVE-2019-2769 CVE-2019-2786 CVE-2019-2816 CVE-2019-3835 CVE-2019-3839 CVE-2019-4473 CVE-2019-7317 CVE-2020-12653 CVE-2020-12654 SUSE-SU-2015:2359-1 SUSE-SU-2016:0707-1 SUSE-SU-2016:1966-1 SUSE-SU-2016:2434-1 SUSE-SU-2017:2436-1 SUSE-SU-2018:0031-1 SUSE-SU-2018:0604-1 SUSE-SU-2018:0665-1 SUSE-SU-2018:2578-1 SUSE-SU-2018:3289-1 SUSE-SU-2019:2159-1 SUSE-SU-2019:2371-1 SUSE-SU-2019:2454-1 SUSE-SU-2019:2478-1 Platform(s): openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud Crowbar 8 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND Package Information gnome-photos-3.26.3-lp150.2 is installed OR gnome-photos-lang-3.26.3-lp150.2 is installed OR gnome-shell-search-provider-gnome-photos-3.26.3-lp150.2 is installed OR gtk2-data-2.24.32-lp150.2 is installed OR gtk2-immodule-amharic-2.24.32-lp150.2 is installed OR gtk2-immodule-inuktitut-2.24.32-lp150.2 is installed OR gtk2-immodule-thai-2.24.32-lp150.2 is installed OR gtk2-immodule-vietnamese-2.24.32-lp150.2 is installed OR gtk2-immodule-xim-2.24.32-lp150.2 is installed OR gtk2-lang-2.24.32-lp150.2 is installed OR gtk2-tools-2.24.32-lp150.2 is installed OR libgtk-2_0-0-2.24.32-lp150.2 is installed Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information graphviz-2.40.1-lp151.6.3 is installed OR graphviz-addons-2.40.1-lp151.6.3 is installed OR graphviz-devel-2.40.1-lp151.6.3 is installed OR graphviz-doc-2.40.1-lp151.6.3 is installed OR graphviz-gd-2.40.1-lp151.6.3 is installed OR graphviz-gnome-2.40.1-lp151.6.3 is installed OR graphviz-guile-2.40.1-lp151.6.3 is installed OR graphviz-gvedit-2.40.1-lp151.6.3 is installed OR graphviz-java-2.40.1-lp151.6.3 is installed OR graphviz-lua-2.40.1-lp151.6.3 is installed OR graphviz-perl-2.40.1-lp151.6.3 is installed OR graphviz-php-2.40.1-lp151.6.3 is installed OR graphviz-plugins-core-2.40.1-lp151.6.3 is installed OR graphviz-python-2.40.1-lp151.6.3 is installed OR graphviz-ruby-2.40.1-lp151.6.3 is installed OR graphviz-smyrna-2.40.1-lp151.6.3 is installed OR graphviz-tcl-2.40.1-lp151.6.3 is installed OR libgraphviz6-2.40.1-lp151.6.3 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP3 is installed AND Package Information libtiff5-4.0.9-44.24 is installed OR libtiff5-32bit-4.0.9-44.24 is installed OR tiff-4.0.9-44.24 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information bind-9.9.6P1-32 is installed OR bind-chrootenv-9.9.6P1-32 is installed OR bind-doc-9.9.6P1-32 is installed OR bind-libs-9.9.6P1-32 is installed OR bind-libs-32bit-9.9.6P1-32 is installed OR bind-utils-9.9.6P1-32 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information kgraft-patch-3_12_74-60_64_40-default-4-2 is installed OR kgraft-patch-3_12_74-60_64_40-xen-4-2 is installed OR kgraft-patch-SLE12-SP1_Update_15-4-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND libXvMC1-1.0.8-3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information MozillaFirefox-52.8.0esr-109.31 is installed OR MozillaFirefox-devel-52.8.0esr-109.31 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information kgraft-patch-4_4_121-92_92-default-4-2 is installed OR kgraft-patch-SLE12-SP2_Update_24-4-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information kgraft-patch-4_4_59-92_24-default-11-2 is installed OR kgraft-patch-SLE12-SP2_Update_9-11-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information elfutils-0.158-6 is installed OR libasm1-0.158-6 is installed OR libasm1-32bit-0.158-6 is installed OR libdw1-0.158-6 is installed OR libdw1-32bit-0.158-6 is installed OR libebl1-0.158-6 is installed OR libebl1-32bit-0.158-6 is installed OR libelf1-0.158-6 is installed OR libelf1-32bit-0.158-6 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information perl-5.18.2-12.23 is installed OR perl-32bit-5.18.2-12.23 is installed OR perl-base-5.18.2-12.23 is installed OR perl-doc-5.18.2-12.23 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information dbus-1-1.8.22-29.17 is installed OR dbus-1-x11-1.8.22-29.17 is installed OR libdbus-1-3-1.8.22-29.17 is installed OR libdbus-1-3-32bit-1.8.22-29.17 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information crash-7.2.1-2 is installed OR crash-kmp-default-7.2.1_k4.12.14_94.41-2 is installed Definition Synopsis SUSE OpenStack Cloud 6 is installed AND Package Information openstack-designate-1.0.3~a0~dev10-6 is installed OR openstack-designate-agent-1.0.3~a0~dev10-6 is installed OR openstack-designate-api-1.0.3~a0~dev10-6 is installed OR openstack-designate-central-1.0.3~a0~dev10-6 is installed OR openstack-designate-doc-1.0.3~a0~dev10-6 is installed OR openstack-designate-sink-1.0.3~a0~dev10-6 is installed OR openstack-ironic-4.2.5-6 is installed OR openstack-ironic-api-4.2.5-6 is installed OR openstack-ironic-conductor-4.2.5-6 is installed OR openstack-ironic-doc-4.2.5-6 is installed OR openstack-neutron-vpn-agent-7.0.5~a0~dev3-6 is installed OR openstack-neutron-vpnaas-7.0.5~a0~dev3-6 is installed OR openstack-neutron-vpnaas-doc-7.0.5~a0~dev3-6 is installed OR openstack-nova-docker-0.0.1~a0~dev238-4 is installed OR openstack-sahara-3.0.3~a0~dev1-6 is installed OR openstack-sahara-api-3.0.3~a0~dev1-6 is installed OR openstack-sahara-doc-3.0.3~a0~dev1-6 is installed OR openstack-sahara-engine-3.0.3~a0~dev1-6 is installed OR openstack-tempest-7.0.0-9 is installed OR openstack-tempest-test-7.0.0-9 is installed OR openstack-trove-4.0.1~a0~dev19-8 is installed OR openstack-trove-api-4.0.1~a0~dev19-8 is installed OR openstack-trove-conductor-4.0.1~a0~dev19-8 is installed OR openstack-trove-doc-4.0.1~a0~dev19-8 is installed OR openstack-trove-guestagent-4.0.1~a0~dev19-8 is installed OR openstack-trove-taskmanager-4.0.1~a0~dev19-8 is installed OR python-designate-1.0.3~a0~dev10-6 is installed OR python-ironic-4.2.5-6 is installed OR python-neutron-vpnaas-7.0.5~a0~dev3-6 is installed OR python-sahara-3.0.3~a0~dev1-6 is installed OR python-tempest-7.0.0-9 is installed OR python-trove-4.0.1~a0~dev19-8 is installed Definition Synopsis SUSE OpenStack Cloud 7 is installed AND couchdb-1.7.2-2.8 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information MozillaFirefox-68.1.0-109.89 is installed OR MozillaFirefox-branding-SLE-68-32.8 is installed OR MozillaFirefox-translations-common-68.1.0-109.89 is installed
BACK