Описание
Security update for tiff
This update for tiff fixes the following issues:
- CVE-2022-3570: Fixed a potential crash in the tiffcrop utility (bsc#1205422).
- CVE-2022-3598: Fixed a potential crash in the tiffcrop utility (bsc#1204642).
Список пакетов
Image SLES12-SP5-Azure-SAP-BYOS
libtiff5-4.0.9-44.62.1
Image SLES12-SP5-Azure-SAP-On-Demand
libtiff5-4.0.9-44.62.1
Image SLES12-SP5-EC2-SAP-BYOS
libtiff5-4.0.9-44.62.1
Image SLES12-SP5-EC2-SAP-On-Demand
libtiff5-4.0.9-44.62.1
Image SLES12-SP5-GCE-SAP-BYOS
libtiff5-4.0.9-44.62.1
Image SLES12-SP5-GCE-SAP-On-Demand
libtiff5-4.0.9-44.62.1
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
libtiff5-4.0.9-44.62.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
libtiff5-4.0.9-44.62.1
SUSE Linux Enterprise Server 12 SP5
libtiff5-4.0.9-44.62.1
libtiff5-32bit-4.0.9-44.62.1
tiff-4.0.9-44.62.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
libtiff5-4.0.9-44.62.1
libtiff5-32bit-4.0.9-44.62.1
tiff-4.0.9-44.62.1
SUSE Linux Enterprise Software Development Kit 12 SP5
libtiff-devel-4.0.9-44.62.1
Ссылки
- Link for SUSE-SU-2023:0060-1
- E-Mail link for SUSE-SU-2023:0060-1
- SUSE Security Ratings
- SUSE Bug 1204642
- SUSE Bug 1205422
- SUSE CVE CVE-2022-3570 page
- SUSE CVE CVE-2022-3598 page
Описание
Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact
Затронутые продукты
Image SLES12-SP5-Azure-SAP-BYOS:libtiff5-4.0.9-44.62.1
Image SLES12-SP5-Azure-SAP-On-Demand:libtiff5-4.0.9-44.62.1
Image SLES12-SP5-EC2-SAP-BYOS:libtiff5-4.0.9-44.62.1
Image SLES12-SP5-EC2-SAP-On-Demand:libtiff5-4.0.9-44.62.1
Ссылки
- CVE-2022-3570
- SUSE Bug 1205422
Описание
LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit cfbb883b.
Затронутые продукты
Image SLES12-SP5-Azure-SAP-BYOS:libtiff5-4.0.9-44.62.1
Image SLES12-SP5-Azure-SAP-On-Demand:libtiff5-4.0.9-44.62.1
Image SLES12-SP5-EC2-SAP-BYOS:libtiff5-4.0.9-44.62.1
Image SLES12-SP5-EC2-SAP-On-Demand:libtiff5-4.0.9-44.62.1
Ссылки
- CVE-2022-3598
- SUSE Bug 1204642
- SUSE Bug 1206220