SUSE-SU-2022:4411-1

Опубликовано: 13 дек. 2022

Источник: suse-cvrf

Описание

Security update for tiff

This update for tiff fixes the following issues:

CVE-2022-3570: Fixed heap buffer overflows in tiffcrop.c (bsc#1205422).
CVE-2022-3598: Fixed out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c [bsc#1204642]

Список пакетов

Container suse/nginx:latest

libtiff5-4.0.9-150000.45.22.1

Container suse/rmt-nginx:latest

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP2-SAP-Azure

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP2-SAP-BYOS-Azure

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP2-SAP-BYOS-EC2-HVM

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP2-SAP-BYOS-GCE

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP2-SAP-EC2-HVM

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP2-SAP-GCE

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP3-SAP-Azure-LI-BYOS-Production

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP3-SAP-BYOS-Azure

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP3-SAP-BYOS-EC2-HVM

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP3-SAP-BYOS-GCE

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP3-SAPCAL-Azure

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP3-SAPCAL-EC2-HVM

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP3-SAPCAL-GCE

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP4-Hardened-BYOS

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP4-Hardened-BYOS-Azure

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP4-Hardened-BYOS-EC2

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP4-Hardened-BYOS-GCE

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP4-SAP

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP4-SAP-Azure

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP4-SAP-Azure-LI-BYOS

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP4-SAP-Azure-LI-BYOS-Production

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP4-SAP-Azure-VLI-BYOS

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP4-SAP-BYOS

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP4-SAP-BYOS-Azure

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP4-SAP-BYOS-EC2

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP4-SAP-BYOS-GCE

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP4-SAP-EC2

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP4-SAP-GCE

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP4-SAP-Hardened

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP4-SAP-Hardened-Azure

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP4-SAP-Hardened-BYOS

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP4-SAP-Hardened-BYOS-Azure

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP4-SAP-Hardened-BYOS-EC2

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP4-SAP-Hardened-BYOS-GCE

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP4-SAP-Hardened-EC2

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP4-SAP-Hardened-GCE

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP4-SAPCAL

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP4-SAPCAL-Azure

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP4-SAPCAL-EC2

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP4-SAPCAL-GCE

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP4-SUSE-Rancher-Setup-BYOS

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP4-SUSE-Rancher-Setup-BYOS-EC2

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP5-Hardened-BYOS-Azure

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP5-Hardened-BYOS-EC2

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP5-Hardened-BYOS-GCE

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP5-SAP-Azure

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP5-SAP-Azure-3P

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP5-SAP-Azure-LI-BYOS

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP5-SAP-Azure-LI-BYOS-Production

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP5-SAP-Azure-VLI-BYOS

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP5-SAP-BYOS-Azure

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP5-SAP-BYOS-EC2

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP5-SAP-BYOS-GCE

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP5-SAP-EC2

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP5-SAP-GCE

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP5-SAP-Hardened-Azure

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP5-SAP-Hardened-BYOS-Azure

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP5-SAP-Hardened-BYOS-EC2

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP5-SAP-Hardened-BYOS-GCE

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP5-SAP-Hardened-EC2

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP5-SAP-Hardened-GCE

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP5-SAPCAL-Azure

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP5-SAPCAL-EC2

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP5-SAPCAL-GCE

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP6-SAP-Azure-LI-BYOS

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP6-SAP-Azure-LI-BYOS-Production

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP6-SAP-Azure-VLI-BYOS

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP6-SAP-BYOS

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP6-SAP-BYOS-Azure

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP6-SAP-BYOS-EC2

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP6-SAP-BYOS-GCE

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP6-SAP-Hardened

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP6-SAP-Hardened-Azure

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP6-SAP-Hardened-BYOS

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP6-SAP-Hardened-BYOS-Azure

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP6-SAP-Hardened-BYOS-EC2

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP6-SAP-Hardened-BYOS-GCE

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP6-SAP-Hardened-EC2

libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP6-SAP-Hardened-GCE

libtiff5-4.0.9-150000.45.22.1

SUSE Enterprise Storage 6

libtiff-devel-4.0.9-150000.45.22.1

libtiff5-4.0.9-150000.45.22.1

libtiff5-32bit-4.0.9-150000.45.22.1

SUSE Enterprise Storage 7

libtiff-devel-4.0.9-150000.45.22.1

libtiff5-4.0.9-150000.45.22.1

libtiff5-32bit-4.0.9-150000.45.22.1

SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS

libtiff-devel-4.0.9-150000.45.22.1

libtiff5-4.0.9-150000.45.22.1

libtiff5-32bit-4.0.9-150000.45.22.1

SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS

libtiff-devel-4.0.9-150000.45.22.1

libtiff5-4.0.9-150000.45.22.1

libtiff5-32bit-4.0.9-150000.45.22.1

SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS

libtiff-devel-4.0.9-150000.45.22.1

libtiff5-4.0.9-150000.45.22.1

libtiff5-32bit-4.0.9-150000.45.22.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

libtiff-devel-4.0.9-150000.45.22.1

libtiff5-4.0.9-150000.45.22.1

libtiff5-32bit-4.0.9-150000.45.22.1

SUSE Linux Enterprise High Performance Computing 15-ESPOS

libtiff-devel-4.0.9-150000.45.22.1

libtiff5-4.0.9-150000.45.22.1

libtiff5-32bit-4.0.9-150000.45.22.1

SUSE Linux Enterprise High Performance Computing 15-LTSS

libtiff-devel-4.0.9-150000.45.22.1

libtiff5-4.0.9-150000.45.22.1

libtiff5-32bit-4.0.9-150000.45.22.1

SUSE Linux Enterprise Micro 5.2

libtiff5-4.0.9-150000.45.22.1

SUSE Linux Enterprise Micro 5.3

libtiff5-4.0.9-150000.45.22.1

SUSE Linux Enterprise Module for Basesystem 15 SP3

libtiff-devel-4.0.9-150000.45.22.1

libtiff5-4.0.9-150000.45.22.1

SUSE Linux Enterprise Module for Basesystem 15 SP4

libtiff-devel-4.0.9-150000.45.22.1

libtiff5-4.0.9-150000.45.22.1

libtiff5-32bit-4.0.9-150000.45.22.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP3

libtiff5-32bit-4.0.9-150000.45.22.1

SUSE Linux Enterprise Module for Package Hub 15 SP3

libtiff5-32bit-4.0.9-150000.45.22.1

tiff-4.0.9-150000.45.22.1

SUSE Linux Enterprise Module for Package Hub 15 SP4

tiff-4.0.9-150000.45.22.1

SUSE Linux Enterprise Server 15 SP1-BCL

libtiff-devel-4.0.9-150000.45.22.1

libtiff5-4.0.9-150000.45.22.1

libtiff5-32bit-4.0.9-150000.45.22.1

SUSE Linux Enterprise Server 15 SP1-LTSS

libtiff-devel-4.0.9-150000.45.22.1

libtiff5-4.0.9-150000.45.22.1

libtiff5-32bit-4.0.9-150000.45.22.1

SUSE Linux Enterprise Server 15 SP2-BCL

libtiff-devel-4.0.9-150000.45.22.1

libtiff5-4.0.9-150000.45.22.1

libtiff5-32bit-4.0.9-150000.45.22.1

SUSE Linux Enterprise Server 15 SP2-LTSS

libtiff-devel-4.0.9-150000.45.22.1

libtiff5-4.0.9-150000.45.22.1

libtiff5-32bit-4.0.9-150000.45.22.1

SUSE Linux Enterprise Server 15-LTSS

libtiff-devel-4.0.9-150000.45.22.1

libtiff5-4.0.9-150000.45.22.1

libtiff5-32bit-4.0.9-150000.45.22.1

SUSE Linux Enterprise Server for SAP Applications 15

libtiff-devel-4.0.9-150000.45.22.1

libtiff5-4.0.9-150000.45.22.1

libtiff5-32bit-4.0.9-150000.45.22.1

SUSE Linux Enterprise Server for SAP Applications 15 SP1

libtiff-devel-4.0.9-150000.45.22.1

libtiff5-4.0.9-150000.45.22.1

libtiff5-32bit-4.0.9-150000.45.22.1

SUSE Linux Enterprise Server for SAP Applications 15 SP2

libtiff-devel-4.0.9-150000.45.22.1

libtiff5-4.0.9-150000.45.22.1

libtiff5-32bit-4.0.9-150000.45.22.1

SUSE Manager Proxy 4.1

libtiff-devel-4.0.9-150000.45.22.1

libtiff5-4.0.9-150000.45.22.1

libtiff5-32bit-4.0.9-150000.45.22.1

SUSE Manager Retail Branch Server 4.1

libtiff-devel-4.0.9-150000.45.22.1

libtiff5-4.0.9-150000.45.22.1

libtiff5-32bit-4.0.9-150000.45.22.1

SUSE Manager Server 4.1

libtiff-devel-4.0.9-150000.45.22.1

libtiff5-4.0.9-150000.45.22.1

libtiff5-32bit-4.0.9-150000.45.22.1

openSUSE Leap 15.3

libtiff-devel-4.0.9-150000.45.22.1

libtiff-devel-32bit-4.0.9-150000.45.22.1

libtiff5-4.0.9-150000.45.22.1

libtiff5-32bit-4.0.9-150000.45.22.1

tiff-4.0.9-150000.45.22.1

openSUSE Leap 15.4

libtiff-devel-4.0.9-150000.45.22.1

libtiff-devel-32bit-4.0.9-150000.45.22.1

libtiff5-4.0.9-150000.45.22.1

libtiff5-32bit-4.0.9-150000.45.22.1

tiff-4.0.9-150000.45.22.1

openSUSE Leap Micro 5.2

libtiff5-4.0.9-150000.45.22.1

openSUSE Leap Micro 5.3

libtiff5-4.0.9-150000.45.22.1

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20224411-1/
Link for SUSE-SU-2022:4411-1
https://lists.suse.com/pipermail/sle-security-updates/2022-December/013217.html
E-Mail link for SUSE-SU-2022:4411-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1204642
SUSE Bug 1204642
https://bugzilla.suse.com/1205422
SUSE Bug 1205422
https://www.suse.com/security/cve/CVE-2022-3570/
SUSE CVE CVE-2022-3570 page
https://www.suse.com/security/cve/CVE-2022-3598/
SUSE CVE CVE-2022-3598 page

Описание

Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact

Затронутые продукты

Container suse/nginx:latest:libtiff5-4.0.9-150000.45.22.1

Container suse/rmt-nginx:latest:libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production:libtiff5-4.0.9-150000.45.22.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-3570.html
CVE-2022-3570
https://bugzilla.suse.com/1205422
SUSE Bug 1205422

Описание

LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit cfbb883b.

Затронутые продукты

Container suse/nginx:latest:libtiff5-4.0.9-150000.45.22.1

Container suse/rmt-nginx:latest:libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:libtiff5-4.0.9-150000.45.22.1

Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production:libtiff5-4.0.9-150000.45.22.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-3598.html
CVE-2022-3598
https://bugzilla.suse.com/1204642
SUSE Bug 1204642
https://bugzilla.suse.com/1206220
SUSE Bug 1206220