Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2016:0353-1

Опубликовано: 05 фев. 2016
Источник: suse-cvrf

Описание

Security update for tiff

This update for tiff fixes the following issues:

  • CVE-2015-8781, CVE-2015-8782, CVE-2015-8783: Out-of-bounds writes for invalid images (bsc#964225)
  • CVE-2015-7554: Out-of-bounds Write in the thumbnail and tiffcmp tools (bsc#960341)

Список пакетов

SUSE Linux Enterprise Desktop 11 SP4
libtiff3-3.8.2-141.163.1
libtiff3-32bit-3.8.2-141.163.1
SUSE Linux Enterprise Server 11 SP4
libtiff3-3.8.2-141.163.1
libtiff3-32bit-3.8.2-141.163.1
libtiff3-x86-3.8.2-141.163.1
tiff-3.8.2-141.163.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
libtiff3-3.8.2-141.163.1
libtiff3-32bit-3.8.2-141.163.1
libtiff3-x86-3.8.2-141.163.1
tiff-3.8.2-141.163.1
SUSE Linux Enterprise Software Development Kit 11 SP4
libtiff-devel-3.8.2-141.163.1
libtiff-devel-32bit-3.8.2-141.163.1

Ссылки

Описание

The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via crafted field data in an extension tag in a TIFF image.

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP4:libtiff3-3.8.2-141.163.1
SUSE Linux Enterprise Desktop 11 SP4:libtiff3-32bit-3.8.2-141.163.1
SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.163.1
SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.163.1
Ссылки

Описание

tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds write) via an invalid number of samples per pixel in a LogL compressed TIFF image, a different vulnerability than CVE-2015-8782.

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP4:libtiff3-3.8.2-141.163.1
SUSE Linux Enterprise Desktop 11 SP4:libtiff3-32bit-3.8.2-141.163.1
SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.163.1
SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.163.1
Ссылки

Описание

tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds writes) via a crafted TIFF image, a different vulnerability than CVE-2015-8781.

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP4:libtiff3-3.8.2-141.163.1
SUSE Linux Enterprise Desktop 11 SP4:libtiff3-32bit-3.8.2-141.163.1
SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.163.1
SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.163.1
Ссылки

Описание

tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds reads) via a crafted TIFF image.

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP4:libtiff3-3.8.2-141.163.1
SUSE Linux Enterprise Desktop 11 SP4:libtiff3-32bit-3.8.2-141.163.1
SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.163.1
SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.163.1
Ссылки