Описание
Security update for tiff
This update for tiff fixes the following issues:
- A crafted TIFF image could cause a crash and potential code execution when processed by the 'tiffcp' utility (CVE-2017-5225, bsc#1019611).
Also a regression from the version update to 4.0.7 was fixed in handling TIFFTAG_FAXRECVPARAMS. (bsc#1022103)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP1
libtiff5-4.0.7-40.1
libtiff5-32bit-4.0.7-40.1
SUSE Linux Enterprise Desktop 12 SP2
libtiff5-4.0.7-40.1
libtiff5-32bit-4.0.7-40.1
SUSE Linux Enterprise Server 12 SP1
libtiff5-4.0.7-40.1
libtiff5-32bit-4.0.7-40.1
tiff-4.0.7-40.1
SUSE Linux Enterprise Server 12 SP2
libtiff5-4.0.7-40.1
libtiff5-32bit-4.0.7-40.1
tiff-4.0.7-40.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
libtiff5-4.0.7-40.1
tiff-4.0.7-40.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
libtiff5-4.0.7-40.1
libtiff5-32bit-4.0.7-40.1
tiff-4.0.7-40.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
libtiff5-4.0.7-40.1
libtiff5-32bit-4.0.7-40.1
tiff-4.0.7-40.1
SUSE Linux Enterprise Software Development Kit 12 SP1
libtiff-devel-4.0.7-40.1
SUSE Linux Enterprise Software Development Kit 12 SP2
libtiff-devel-4.0.7-40.1
Ссылки
- Link for SUSE-SU-2017:0453-1
- E-Mail link for SUSE-SU-2017:0453-1
- SUSE Security Ratings
- SUSE Bug 1019611
- SUSE Bug 1022103
- SUSE CVE CVE-2017-5225 page
Описание
LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample value.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libtiff5-32bit-4.0.7-40.1
SUSE Linux Enterprise Desktop 12 SP1:libtiff5-4.0.7-40.1
SUSE Linux Enterprise Desktop 12 SP2:libtiff5-32bit-4.0.7-40.1
SUSE Linux Enterprise Desktop 12 SP2:libtiff5-4.0.7-40.1
Ссылки
- CVE-2017-5225
- SUSE Bug 1019611