SUSE-SU-2023:0199-1

Опубликовано: 27 янв. 2023

Источник: suse-cvrf

Описание

Security update for tiff

This update for tiff fixes the following issues:

CVE-2022-48281: Fixed a buffer overflow that could be triggered via a crafted image (bsc#1207413).

Список пакетов

Image SLES12-SP5-Azure-SAP-BYOS

libtiff5-4.0.9-44.65.1

Image SLES12-SP5-Azure-SAP-On-Demand

libtiff5-4.0.9-44.65.1

Image SLES12-SP5-EC2-SAP-BYOS

libtiff5-4.0.9-44.65.1

Image SLES12-SP5-EC2-SAP-On-Demand

libtiff5-4.0.9-44.65.1

Image SLES12-SP5-GCE-SAP-BYOS

libtiff5-4.0.9-44.65.1

Image SLES12-SP5-GCE-SAP-On-Demand

libtiff5-4.0.9-44.65.1

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production

libtiff5-4.0.9-44.65.1

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production

libtiff5-4.0.9-44.65.1

SUSE Linux Enterprise Server 12 SP2-BCL

libtiff5-4.0.9-44.65.1

libtiff5-32bit-4.0.9-44.65.1

tiff-4.0.9-44.65.1

SUSE Linux Enterprise Server 12 SP4-LTSS

libtiff5-4.0.9-44.65.1

libtiff5-32bit-4.0.9-44.65.1

tiff-4.0.9-44.65.1

SUSE Linux Enterprise Server 12 SP5

libtiff5-4.0.9-44.65.1

libtiff5-32bit-4.0.9-44.65.1

tiff-4.0.9-44.65.1

SUSE Linux Enterprise Server for SAP Applications 12 SP4

libtiff5-4.0.9-44.65.1

libtiff5-32bit-4.0.9-44.65.1

tiff-4.0.9-44.65.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5

libtiff5-4.0.9-44.65.1

libtiff5-32bit-4.0.9-44.65.1

tiff-4.0.9-44.65.1

SUSE Linux Enterprise Software Development Kit 12 SP5

libtiff-devel-4.0.9-44.65.1

SUSE OpenStack Cloud 9

libtiff5-4.0.9-44.65.1

libtiff5-32bit-4.0.9-44.65.1

tiff-4.0.9-44.65.1

SUSE OpenStack Cloud Crowbar 9

libtiff5-4.0.9-44.65.1

libtiff5-32bit-4.0.9-44.65.1

tiff-4.0.9-44.65.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20230199-1/
Link for SUSE-SU-2023:0199-1
https://lists.suse.com/pipermail/sle-security-updates/2023-January/013560.html
E-Mail link for SUSE-SU-2023:0199-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1207413
SUSE Bug 1207413
https://www.suse.com/security/cve/CVE-2022-48281/
SUSE CVE CVE-2022-48281 page

Описание

processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF image.

Затронутые продукты

Image SLES12-SP5-Azure-SAP-BYOS:libtiff5-4.0.9-44.65.1

Image SLES12-SP5-Azure-SAP-On-Demand:libtiff5-4.0.9-44.65.1

Image SLES12-SP5-EC2-SAP-BYOS:libtiff5-4.0.9-44.65.1

Image SLES12-SP5-EC2-SAP-On-Demand:libtiff5-4.0.9-44.65.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-48281.html
CVE-2022-48281
https://bugzilla.suse.com/1207413
SUSE Bug 1207413
https://bugzilla.suse.com/1208655
SUSE Bug 1208655
https://bugzilla.suse.com/1209328
SUSE Bug 1209328
https://bugzilla.suse.com/1209937
SUSE Bug 1209937

SUSE-SU-2023:0199-1

Описание

Список пакетов

Image SLES12-SP5-Azure-SAP-BYOS

Image SLES12-SP5-Azure-SAP-On-Demand

Image SLES12-SP5-EC2-SAP-BYOS

Image SLES12-SP5-EC2-SAP-On-Demand

Image SLES12-SP5-GCE-SAP-BYOS

Image SLES12-SP5-GCE-SAP-On-Demand

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production

SUSE Linux Enterprise Server 12 SP2-BCL

SUSE Linux Enterprise Server 12 SP4-LTSS

SUSE Linux Enterprise Server 12 SP5

SUSE Linux Enterprise Server for SAP Applications 12 SP4

SUSE Linux Enterprise Server for SAP Applications 12 SP5

SUSE Linux Enterprise Software Development Kit 12 SP5

SUSE OpenStack Cloud 9

SUSE OpenStack Cloud Crowbar 9

Ссылки

Уязвимость: CVE-2022-48281

Описание

Затронутые продукты

Ссылки