Security update for tiff

SUSE Security Update: Security update for tiff
Announcement ID: SUSE-SU-2018:1835-1
Rating: moderate
References: #1007276 #1011839 #1011846 #1017689 #1017690 #1019611 #1031263 #1082332 #1082825 #1086408 #974621
Affected Products:
  • SUSE Linux Enterprise Software Development Kit 11-SP4
  • SUSE Linux Enterprise Server 11-SP4
  • SUSE Linux Enterprise Debuginfo 11-SP4

  • An update that fixes 13 vulnerabilities is now available.

    Description:

    This update for tiff fixes the following security issues:

    - CVE-2017-5225: Prevent heap buffer overflow in the tools/tiffcp that
    could have caused DoS or code execution via a crafted BitsPerSample
    value (bsc#1019611)
    - CVE-2018-7456: Prevent a NULL Pointer dereference in the function
    TIFFPrintDirectory when using the tiffinfo tool to print crafted TIFF
    information, a different vulnerability than CVE-2017-18013 (bsc#1082825)
    - CVE-2017-11613: Prevent denial of service in the TIFFOpen function.
    During the TIFFOpen process, td_imagelength is not checked. The value of
    td_imagelength can be directly controlled by an input file. In the
    ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is
    called based on td_imagelength. If the value of td_imagelength is set
    close to the amount of system memory, it will hang the system or trigger
    the OOM killer (bsc#1082332)
    - CVE-2016-10266: Prevent remote attackers to cause a denial of service
    (divide-by-zero error and application crash) via a crafted TIFF image,
    related to libtiff/tif_read.c:351:22 (bsc#1031263)
    - CVE-2018-8905: Prevent heap-based buffer overflow in the function
    LZWDecodeCompat via a crafted TIFF file (bsc#1086408)
    - CVE-2016-9540: Prevent out-of-bounds write on tiled images with odd tile
    width versus image width (bsc#1011839).
    - CVE-2016-9535: tif_predict.h and tif_predict.c had assertions that could
    have lead to assertion failures in debug mode, or buffer overflows in
    release mode, when dealing with unusual tile size like YCbCr with
    subsampling (bsc#1011846).
    - CVE-2016-9535: tif_predict.h and tif_predict.c had assertions that could
    have lead to assertion failures in debug mode, or buffer overflows in
    release mode, when dealing with unusual tile size like YCbCr with
    subsampling (bsc#1011846).
    - Removed assert in readSeparateTilesIntoBuffer() function (bsc#1017689).
    - CVE-2016-10095: Prevent stack-based buffer overflow in the
    _TIFFVGetField function that allowed remote attackers to cause a denial
    of service (crash) via a crafted TIFF file (bsc#1017690).
    - CVE-2016-8331: Prevent remote code execution because of incorrect
    handling of TIFF images. A crafted TIFF document could have lead to a
    type confusion vulnerability resulting in remote code execution. This
    vulnerability could have been be triggered via a TIFF file delivered to
    the application using LibTIFF's tag extension functionality
    (bsc#1007276).
    - CVE-2016-3632: The _TIFFVGetField function allowed remote attackers to
    cause a denial of service (out-of-bounds write) or execute arbitrary
    code via a crafted TIFF image (bsc#974621).

    Patch Instructions:

    To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
    Alternatively you can run the command listed for your product:

    • SUSE Linux Enterprise Software Development Kit 11-SP4:
      zypper in -t patch sdksp4-tiff-13683=1
    • SUSE Linux Enterprise Server 11-SP4:
      zypper in -t patch slessp4-tiff-13683=1
    • SUSE Linux Enterprise Debuginfo 11-SP4:
      zypper in -t patch dbgsp4-tiff-13683=1

    Package List:

    • SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64):
      • libtiff-devel-3.8.2-141.169.9.1
    • SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64 s390x x86_64):
      • libtiff-devel-32bit-3.8.2-141.169.9.1
    • SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):
      • libtiff3-3.8.2-141.169.9.1
      • tiff-3.8.2-141.169.9.1
    • SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64):
      • libtiff3-32bit-3.8.2-141.169.9.1
    • SUSE Linux Enterprise Server 11-SP4 (ia64):
      • libtiff3-x86-3.8.2-141.169.9.1
    • SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):
      • tiff-debuginfo-3.8.2-141.169.9.1
      • tiff-debugsource-3.8.2-141.169.9.1

    References: