Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2018:3911-2

Опубликовано: 06 дек. 2018
Источник: suse-cvrf

Описание

Security update for tiff

This update for tiff fixes the following issues:

Security issues fixed:

  • CVE-2018-12900: Fixed heap-based buffer overflow in the cpSeparateBufToContigBuf (bsc#1099257).
  • CVE-2018-18661: Fixed NULL pointer dereference in the function LZWDecode in the file tif_lzw.c (bsc#1113672).
  • CVE-2018-18557: Fixed JBIG decode can lead to out-of-bounds write (bsc#1113094).

Non-security issues fixed:

  • asan_build: build ASAN included
  • debug_build: build more suitable for debugging

Список пакетов

SUSE Linux Enterprise Desktop 12 SP4
libtiff5-4.0.9-44.27.1
libtiff5-32bit-4.0.9-44.27.1
SUSE Linux Enterprise Server 12 SP4
libtiff5-4.0.9-44.27.1
libtiff5-32bit-4.0.9-44.27.1
tiff-4.0.9-44.27.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
libtiff5-4.0.9-44.27.1
libtiff5-32bit-4.0.9-44.27.1
tiff-4.0.9-44.27.1
SUSE Linux Enterprise Software Development Kit 12 SP4
libtiff-devel-4.0.9-44.27.1

Ссылки

Описание

Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP4:libtiff5-32bit-4.0.9-44.27.1
SUSE Linux Enterprise Desktop 12 SP4:libtiff5-4.0.9-44.27.1
SUSE Linux Enterprise Server 12 SP4:libtiff5-32bit-4.0.9-44.27.1
SUSE Linux Enterprise Server 12 SP4:libtiff5-4.0.9-44.27.1
Ссылки

Описание

LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP4:libtiff5-32bit-4.0.9-44.27.1
SUSE Linux Enterprise Desktop 12 SP4:libtiff5-4.0.9-44.27.1
SUSE Linux Enterprise Server 12 SP4:libtiff5-32bit-4.0.9-44.27.1
SUSE Linux Enterprise Server 12 SP4:libtiff5-4.0.9-44.27.1
Ссылки

Описание

An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP4:libtiff5-32bit-4.0.9-44.27.1
SUSE Linux Enterprise Desktop 12 SP4:libtiff5-4.0.9-44.27.1
SUSE Linux Enterprise Server 12 SP4:libtiff5-32bit-4.0.9-44.27.1
SUSE Linux Enterprise Server 12 SP4:libtiff5-4.0.9-44.27.1
Ссылки
Уязвимость SUSE-SU-2018:3911-2