Описание
Security update for tiff
This update for tiff fixes the following issues:
- CVE-2022-0561: Fixed null source pointer passed as an argument to memcpy() within TIFFFetchStripThing() in tif_dirread.c (bsc#1195964).
- CVE-2022-0562: Fixed null source pointer passed as an argument to memcpy() within TIFFReadDirectory() in tif_dirread.c (bsc#1195965).
- CVE-2022-0865: Fixed assertion failure in TIFFReadAndRealloc (bsc#1197066).
- CVE-2022-0909: Fixed divide by zero error in tiffcrop that could have led to a denial-of-service via a crafted tiff file (bsc#1197072).
- CVE-2022-0924: Fixed out-of-bounds read error in tiffcp that could have led to a denial-of-service via a crafted tiff file (bsc#1197073).
- CVE-2022-0908: Fixed null source pointer passed as an argument to memcpy in TIFFFetchNormalTag() (bsc#1197074).
- CVE-2022-1056: Fixed out-of-bounds read error in tiffcrop that could have led to a denial-of-service via a crafted tiff file (bsc#1197631).
- CVE-2022-0891: Fixed heap buffer overflow in extractImageSection (bsc#1197068).
Список пакетов
Container suse/nginx:latest
libtiff5-4.0.9-150000.45.8.1
Container suse/rmt-nginx:latest
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP1-SAPCAL-Azure
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP1-SAPCAL-EC2-HVM
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP1-SAPCAL-GCE
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP2-SAP-Azure
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP2-SAP-BYOS-Azure
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP2-SAP-BYOS-EC2-HVM
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP2-SAP-BYOS-GCE
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP2-SAP-EC2-HVM
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP2-SAP-GCE
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP3-SAP-BYOS-Azure
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP3-SAP-BYOS-EC2-HVM
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP3-SAP-BYOS-GCE
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP3-SAPCAL-Azure
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP3-SAPCAL-EC2-HVM
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP3-SAPCAL-GCE
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP4-Hardened-BYOS
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP4-Hardened-BYOS-Azure
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP4-Hardened-BYOS-EC2
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP4-Hardened-BYOS-GCE
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP4-SAP
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP4-SAP-Azure
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP4-SAP-Azure-LI-BYOS
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP4-SAP-Azure-LI-BYOS-Production
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP4-SAP-Azure-VLI-BYOS
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP4-SAP-BYOS
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP4-SAP-BYOS-Azure
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP4-SAP-BYOS-EC2
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP4-SAP-BYOS-GCE
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP4-SAP-EC2
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP4-SAP-GCE
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP4-SAP-Hardened
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP4-SAP-Hardened-Azure
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP4-SAP-Hardened-BYOS
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP4-SAP-Hardened-BYOS-Azure
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP4-SAP-Hardened-BYOS-EC2
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP4-SAP-Hardened-BYOS-GCE
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP4-SAP-Hardened-EC2
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP4-SAP-Hardened-GCE
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP4-SAPCAL
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP4-SAPCAL-Azure
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP4-SAPCAL-EC2
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP4-SAPCAL-GCE
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP4-SUSE-Rancher-Setup-BYOS
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP4-SUSE-Rancher-Setup-BYOS-EC2
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP4-SUSE-Rancher-Setup-BYOS-EC2-HVM
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP5-Hardened-BYOS-Azure
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP5-Hardened-BYOS-EC2
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP5-Hardened-BYOS-GCE
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP5-SAP-Azure
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP5-SAP-Azure-3P
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP5-SAP-Azure-LI-BYOS
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP5-SAP-Azure-LI-BYOS-Production
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP5-SAP-Azure-VLI-BYOS
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP5-SAP-BYOS-Azure
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP5-SAP-BYOS-EC2
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP5-SAP-BYOS-GCE
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP5-SAP-EC2
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP5-SAP-GCE
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP5-SAP-Hardened-Azure
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP5-SAP-Hardened-BYOS-Azure
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP5-SAP-Hardened-BYOS-EC2
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP5-SAP-Hardened-BYOS-GCE
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP5-SAP-Hardened-EC2
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP5-SAP-Hardened-GCE
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP5-SAPCAL-Azure
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP5-SAPCAL-EC2
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP5-SAPCAL-GCE
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP6-SAP-Azure-LI-BYOS
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP6-SAP-Azure-LI-BYOS-Production
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP6-SAP-Azure-VLI-BYOS
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP6-SAP-BYOS
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP6-SAP-BYOS-Azure
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP6-SAP-BYOS-EC2
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP6-SAP-BYOS-GCE
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP6-SAP-Hardened
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP6-SAP-Hardened-Azure
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP6-SAP-Hardened-BYOS
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP6-SAP-Hardened-BYOS-Azure
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP6-SAP-Hardened-BYOS-EC2
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP6-SAP-Hardened-BYOS-GCE
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP6-SAP-Hardened-EC2
libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP6-SAP-Hardened-GCE
libtiff5-4.0.9-150000.45.8.1
SUSE Enterprise Storage 6
libtiff-devel-4.0.9-150000.45.8.1
libtiff5-4.0.9-150000.45.8.1
libtiff5-32bit-4.0.9-150000.45.8.1
SUSE Enterprise Storage 7
libtiff-devel-4.0.9-150000.45.8.1
libtiff5-4.0.9-150000.45.8.1
libtiff5-32bit-4.0.9-150000.45.8.1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS
libtiff-devel-4.0.9-150000.45.8.1
libtiff5-4.0.9-150000.45.8.1
libtiff5-32bit-4.0.9-150000.45.8.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
libtiff-devel-4.0.9-150000.45.8.1
libtiff5-4.0.9-150000.45.8.1
libtiff5-32bit-4.0.9-150000.45.8.1
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS
libtiff-devel-4.0.9-150000.45.8.1
libtiff5-4.0.9-150000.45.8.1
libtiff5-32bit-4.0.9-150000.45.8.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
libtiff-devel-4.0.9-150000.45.8.1
libtiff5-4.0.9-150000.45.8.1
libtiff5-32bit-4.0.9-150000.45.8.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS
libtiff-devel-4.0.9-150000.45.8.1
libtiff5-4.0.9-150000.45.8.1
libtiff5-32bit-4.0.9-150000.45.8.1
SUSE Linux Enterprise High Performance Computing 15-LTSS
libtiff-devel-4.0.9-150000.45.8.1
libtiff5-4.0.9-150000.45.8.1
libtiff5-32bit-4.0.9-150000.45.8.1
SUSE Linux Enterprise Micro 5.2
libtiff5-4.0.9-150000.45.8.1
SUSE Linux Enterprise Module for Basesystem 15 SP3
libtiff-devel-4.0.9-150000.45.8.1
libtiff5-4.0.9-150000.45.8.1
SUSE Linux Enterprise Module for Basesystem 15 SP4
libtiff-devel-4.0.9-150000.45.8.1
libtiff5-4.0.9-150000.45.8.1
libtiff5-32bit-4.0.9-150000.45.8.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP3
libtiff5-32bit-4.0.9-150000.45.8.1
SUSE Linux Enterprise Module for Package Hub 15 SP3
libtiff5-32bit-4.0.9-150000.45.8.1
tiff-4.0.9-150000.45.8.1
SUSE Linux Enterprise Module for Package Hub 15 SP4
tiff-4.0.9-150000.45.8.1
SUSE Linux Enterprise Server 15 SP1-BCL
libtiff-devel-4.0.9-150000.45.8.1
libtiff5-4.0.9-150000.45.8.1
libtiff5-32bit-4.0.9-150000.45.8.1
SUSE Linux Enterprise Server 15 SP1-LTSS
libtiff-devel-4.0.9-150000.45.8.1
libtiff5-4.0.9-150000.45.8.1
libtiff5-32bit-4.0.9-150000.45.8.1
SUSE Linux Enterprise Server 15 SP2-BCL
libtiff-devel-4.0.9-150000.45.8.1
libtiff5-4.0.9-150000.45.8.1
libtiff5-32bit-4.0.9-150000.45.8.1
SUSE Linux Enterprise Server 15 SP2-LTSS
libtiff-devel-4.0.9-150000.45.8.1
libtiff5-4.0.9-150000.45.8.1
libtiff5-32bit-4.0.9-150000.45.8.1
SUSE Linux Enterprise Server 15-LTSS
libtiff-devel-4.0.9-150000.45.8.1
libtiff5-4.0.9-150000.45.8.1
libtiff5-32bit-4.0.9-150000.45.8.1
SUSE Linux Enterprise Server for SAP Applications 15
libtiff-devel-4.0.9-150000.45.8.1
libtiff5-4.0.9-150000.45.8.1
libtiff5-32bit-4.0.9-150000.45.8.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
libtiff-devel-4.0.9-150000.45.8.1
libtiff5-4.0.9-150000.45.8.1
libtiff5-32bit-4.0.9-150000.45.8.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
libtiff-devel-4.0.9-150000.45.8.1
libtiff5-4.0.9-150000.45.8.1
libtiff5-32bit-4.0.9-150000.45.8.1
SUSE Manager Proxy 4.1
libtiff-devel-4.0.9-150000.45.8.1
libtiff5-4.0.9-150000.45.8.1
libtiff5-32bit-4.0.9-150000.45.8.1
SUSE Manager Retail Branch Server 4.1
libtiff-devel-4.0.9-150000.45.8.1
libtiff5-4.0.9-150000.45.8.1
libtiff5-32bit-4.0.9-150000.45.8.1
SUSE Manager Server 4.1
libtiff-devel-4.0.9-150000.45.8.1
libtiff5-4.0.9-150000.45.8.1
libtiff5-32bit-4.0.9-150000.45.8.1
openSUSE Leap 15.3
libtiff-devel-4.0.9-150000.45.8.1
libtiff-devel-32bit-4.0.9-150000.45.8.1
libtiff5-4.0.9-150000.45.8.1
libtiff5-32bit-4.0.9-150000.45.8.1
tiff-4.0.9-150000.45.8.1
openSUSE Leap 15.4
libtiff-devel-4.0.9-150000.45.8.1
libtiff-devel-32bit-4.0.9-150000.45.8.1
libtiff5-4.0.9-150000.45.8.1
libtiff5-32bit-4.0.9-150000.45.8.1
tiff-4.0.9-150000.45.8.1
Ссылки
- Link for SUSE-SU-2022:1882-1
- E-Mail link for SUSE-SU-2022:1882-1
- SUSE Security Ratings
- SUSE Bug 1195964
- SUSE Bug 1195965
- SUSE Bug 1197066
- SUSE Bug 1197068
- SUSE Bug 1197072
- SUSE Bug 1197073
- SUSE Bug 1197074
- SUSE Bug 1197631
- SUSE CVE CVE-2022-0561 page
- SUSE CVE CVE-2022-0562 page
- SUSE CVE CVE-2022-0865 page
- SUSE CVE CVE-2022-0891 page
- SUSE CVE CVE-2022-0908 page
- SUSE CVE CVE-2022-0909 page
- SUSE CVE CVE-2022-0924 page
- SUSE CVE CVE-2022-1056 page
Описание
Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712.
Затронутые продукты
Container suse/nginx:latest:libtiff5-4.0.9-150000.45.8.1
Container suse/rmt-nginx:latest:libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production:libtiff5-4.0.9-150000.45.8.1
Ссылки
- CVE-2022-0561
- SUSE Bug 1195964
Описание
Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c.
Затронутые продукты
Container suse/nginx:latest:libtiff5-4.0.9-150000.45.8.1
Container suse/rmt-nginx:latest:libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production:libtiff5-4.0.9-150000.45.8.1
Ссылки
- CVE-2022-0562
- SUSE Bug 1195965
- SUSE Bug 1201723
Описание
Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045.
Затронутые продукты
Container suse/nginx:latest:libtiff5-4.0.9-150000.45.8.1
Container suse/rmt-nginx:latest:libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production:libtiff5-4.0.9-150000.45.8.1
Ссылки
- CVE-2022-0865
- SUSE Bug 1197066
Описание
A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact
Затронутые продукты
Container suse/nginx:latest:libtiff5-4.0.9-150000.45.8.1
Container suse/rmt-nginx:latest:libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production:libtiff5-4.0.9-150000.45.8.1
Ссылки
- CVE-2022-0891
- SUSE Bug 1197068
Описание
Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.
Затронутые продукты
Container suse/nginx:latest:libtiff5-4.0.9-150000.45.8.1
Container suse/rmt-nginx:latest:libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production:libtiff5-4.0.9-150000.45.8.1
Ссылки
- CVE-2022-0908
- SUSE Bug 1197074
Описание
Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa.
Затронутые продукты
Container suse/nginx:latest:libtiff5-4.0.9-150000.45.8.1
Container suse/rmt-nginx:latest:libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production:libtiff5-4.0.9-150000.45.8.1
Ссылки
- CVE-2022-0909
- SUSE Bug 1197072
Описание
Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4.
Затронутые продукты
Container suse/nginx:latest:libtiff5-4.0.9-150000.45.8.1
Container suse/rmt-nginx:latest:libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production:libtiff5-4.0.9-150000.45.8.1
Ссылки
- CVE-2022-0924
- SUSE Bug 1197073
Описание
Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd.
Затронутые продукты
Container suse/nginx:latest:libtiff5-4.0.9-150000.45.8.1
Container suse/rmt-nginx:latest:libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:libtiff5-4.0.9-150000.45.8.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production:libtiff5-4.0.9-150000.45.8.1
Ссылки
- CVE-2022-1056
- SUSE Bug 1197631