Oval Definition:
oval:org.opensuse.security:def:78731
Revision Date
:
2016-12-29
Version
:
1
Title
:
Security update for tiff (Moderate)
Description
:
The tiff library and tools were updated to version 4.0.7 fixing various bug and security issues.
- CVE-2014-8127: out-of-bounds read with malformed TIFF image in multiple tools [bnc#914890] - CVE-2016-9297: tif_dirread.c read outside buffer in _TIFFPrintField() [bnc#1010161] - CVE-2016-3658: Illegal read in TIFFWriteDirectoryTagLongLong8Array function in tiffset / tif_dirwrite.c [bnc#974840] - CVE-2016-9273: heap overflow [bnc#1010163] - CVE-2016-3622: divide By Zero in the tiff2rgba tool [bnc#974449] - CVE-2016-5652: tiff2pdf JPEG Compression Tables Heap Buffer Overflow [bnc#1007280] - CVE-2016-9453: out-of-bounds Write memcpy and less bound check in tiff2pdf [bnc#1011107] - CVE-2016-5875: heap-based buffer overflow when using the PixarLog compressionformat [bnc#987351] - CVE-2016-9448: regression introduced by fixing CVE-2016-9297 [bnc#1011103] - CVE-2016-5321: out-of-bounds read in tiffcrop / DumpModeDecode() function [bnc#984813] - CVE-2016-5323: Divide-by-zero in _TIFFFax3fillruns() function (null ptr dereference?) [bnc#984815]
Family
:
unix
Class
:
patch
Status
:
Reference(s)
:
1007280
1010161
1010163
1011103
1011107
914890
974449
974840
984813
984815
987351
CVE-2014-8127
CVE-2016-3622
CVE-2016-3658
CVE-2016-5321
CVE-2016-5323
CVE-2016-5652
CVE-2016-5875
CVE-2016-9273
CVE-2016-9297
CVE-2016-9448
CVE-2016-9453
SUSE-SU-2016:3301-1
Platform(s)
:
SUSE Linux Enterprise Desktop 12 SP2
Product(s)
:
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP2 is installed
AND
Package Information
libtiff5-4.0.7-35.1 is installed
OR
libtiff5-32bit-4.0.7-35.1 is installed
BACK