Описание
Security update for tiff
This update for tiff fixes the following issues:
Security issues fixed:
- CVE-2019-14973: Fixed an improper check which was depended on the compiler which could have led to integer overflow (bsc#1146608).
- CVE-2016-5102: Fixed a buffer overflow in readgifimage() (bsc#983268)
- CVE-2018-17000: Fixed a NULL pointer dereference in the _TIFFmemcmp function (bsc#1108606).
- CVE-2019-6128: Fixed a memory leak in the TIFFFdOpen function in tif_unix.c (bsc#1121626).
- CVE-2019-7663: Fixed an invalid address dereference in the TIFFWriteDirectoryTagTransfer function in libtiff/tif_dirwrite.c (bsc#1125113)
Список пакетов
Container caasp/v4/nginx-ingress-controller:beta1
Image SLES12-SP4-SAP-Azure
Image SLES12-SP4-SAP-Azure-BYOS
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production
Image SLES12-SP4-SAP-EC2-HVM
Image SLES12-SP4-SAP-EC2-HVM-BYOS
Image SLES12-SP4-SAP-GCE
Image SLES12-SP4-SAP-GCE-BYOS
Image SLES12-SP4-SAP-OCI-BYOS
Image SLES12-SP5-Azure-SAP-BYOS
Image SLES12-SP5-Azure-SAP-On-Demand
Image SLES12-SP5-EC2-SAP-BYOS
Image SLES12-SP5-EC2-SAP-On-Demand
Image SLES12-SP5-GCE-SAP-BYOS
Image SLES12-SP5-GCE-SAP-On-Demand
Image SLES12-SP5-OCI-BYOS-SAP-BYOS
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
SUSE Linux Enterprise Desktop 12 SP4
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server for SAP Applications 12 SP4
SUSE Linux Enterprise Server for SAP Applications 12 SP5
SUSE Linux Enterprise Software Development Kit 12 SP4
SUSE Linux Enterprise Software Development Kit 12 SP5
Ссылки
- Link for SUSE-SU-2019:3058-1
- E-Mail link for SUSE-SU-2019:3058-1
- SUSE Security Ratings
- SUSE Bug 1108606
- SUSE Bug 1121626
- SUSE Bug 1125113
- SUSE Bug 1146608
- SUSE Bug 983268
- SUSE CVE CVE-2016-5102 page
- SUSE CVE CVE-2018-17000 page
- SUSE CVE CVE-2019-14973 page
- SUSE CVE CVE-2019-6128 page
- SUSE CVE CVE-2019-7663 page
Описание
Buffer overflow in the readgifimage function in gif2tiff.c in the gif2tiff tool in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (segmentation fault) via a crafted gif file.
Затронутые продукты
Ссылки
- CVE-2016-5102
- SUSE Bug 983268
Описание
A NULL pointer dereference in the function _TIFFmemcmp at tif_unix.c (called from TIFFWriteDirectoryTagTransferfunction) in LibTIFF 4.0.9 allows an attacker to cause a denial-of-service through a crafted tiff file. This vulnerability can be triggered by the executable tiffcp.
Затронутые продукты
Ссылки
- CVE-2018-17000
- SUSE Bug 1108606
- SUSE Bug 1115717
- SUSE Bug 1125113
Описание
_TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. This can, for example, lead to an application crash.
Затронутые продукты
Ссылки
- CVE-2019-14973
- SUSE Bug 1146608
Описание
The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb.
Затронутые продукты
Ссылки
- CVE-2019-6128
- SUSE Bug 1121626
- SUSE Bug 1153715
Описание
An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted tiff file. This is different from CVE-2018-12900.
Затронутые продукты
Ссылки
- CVE-2019-7663
- SUSE Bug 1125113