Описание
Security update for tiff
This update for tiff fixes the following issues:
- CVE-2023-2731: Fix null pointer deference in LZWDecode() (bsc#1211478).
- CVE-2023-1916: Fix out-of-bounds read in extractImageSection() (bsc#1210231).
- CVE-2023-26965: Fix heap-based use after free in loadImage() (bsc#1212398).
- CVE-2022-40090: Fix infinite loop in TIFFReadDirectory() (bsc#1214680).
Список пакетов
Container suse/nginx:latest
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP2-SAP-Azure
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP2-SAP-BYOS-Azure
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP3-SAP-BYOS-Azure
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP3-SAP-BYOS-EC2-HVM
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP3-SAP-BYOS-GCE
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP3-SAPCAL-Azure
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP3-SAPCAL-EC2-HVM
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP3-SAPCAL-GCE
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP4-Hardened-BYOS
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP4-Hardened-BYOS-Azure
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP4-Hardened-BYOS-EC2
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP4-Hardened-BYOS-GCE
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP4-SAP
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP4-SAP-Azure
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP4-SAP-Azure-LI-BYOS
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP4-SAP-Azure-LI-BYOS-Production
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP4-SAP-Azure-VLI-BYOS
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP4-SAP-BYOS
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP4-SAP-BYOS-Azure
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP4-SAP-BYOS-EC2
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP4-SAP-BYOS-GCE
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP4-SAP-EC2
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP4-SAP-GCE
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP4-SAP-Hardened
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP4-SAP-Hardened-Azure
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP4-SAP-Hardened-BYOS
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP4-SAP-Hardened-BYOS-Azure
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP4-SAP-Hardened-BYOS-EC2
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP4-SAP-Hardened-BYOS-GCE
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP4-SAP-Hardened-GCE
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP4-SAPCAL
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP4-SAPCAL-Azure
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP4-SAPCAL-EC2
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP4-SAPCAL-GCE
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP4-SUSE-Rancher-Setup-BYOS
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP4-SUSE-Rancher-Setup-BYOS-EC2
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP5-Hardened-BYOS-Azure
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP5-Hardened-BYOS-EC2
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP5-Hardened-BYOS-GCE
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP5-SAP-Azure-3P
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP5-SAP-Azure-LI-BYOS
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP5-SAP-Azure-LI-BYOS-Production
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP5-SAP-Azure-VLI-BYOS
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP5-SAP-BYOS-Azure
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP5-SAP-BYOS-EC2
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP5-SAP-BYOS-GCE
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP5-SAP-Hardened-Azure
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP5-SAP-Hardened-BYOS-Azure
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP5-SAP-Hardened-BYOS-EC2
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP5-SAP-Hardened-BYOS-GCE
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP5-SAP-Hardened-GCE
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP5-SAPCAL-Azure
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP5-SAPCAL-EC2
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP5-SAPCAL-GCE
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP6-SAP-Azure-LI-BYOS
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP6-SAP-Azure-LI-BYOS-Production
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP6-SAP-Azure-VLI-BYOS
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP6-SAP-BYOS
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP6-SAP-BYOS-Azure
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP6-SAP-BYOS-EC2
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP6-SAP-BYOS-GCE
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP6-SAP-Hardened
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP6-SAP-Hardened-Azure
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP6-SAP-Hardened-BYOS
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP6-SAP-Hardened-BYOS-Azure
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP6-SAP-Hardened-BYOS-EC2
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP6-SAP-Hardened-BYOS-GCE
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP6-SAP-Hardened-EC2
libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP6-SAP-Hardened-GCE
libtiff5-4.0.9-150000.45.35.1
SUSE Enterprise Storage 7.1
libtiff-devel-4.0.9-150000.45.35.1
libtiff5-4.0.9-150000.45.35.1
libtiff5-32bit-4.0.9-150000.45.35.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
libtiff-devel-4.0.9-150000.45.35.1
libtiff5-4.0.9-150000.45.35.1
libtiff5-32bit-4.0.9-150000.45.35.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
libtiff-devel-4.0.9-150000.45.35.1
libtiff5-4.0.9-150000.45.35.1
libtiff5-32bit-4.0.9-150000.45.35.1
SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS
libtiff-devel-4.0.9-150000.45.35.1
libtiff5-4.0.9-150000.45.35.1
libtiff5-32bit-4.0.9-150000.45.35.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
libtiff-devel-4.0.9-150000.45.35.1
libtiff5-4.0.9-150000.45.35.1
libtiff5-32bit-4.0.9-150000.45.35.1
SUSE Linux Enterprise Micro 5.2
libtiff5-4.0.9-150000.45.35.1
SUSE Linux Enterprise Micro 5.3
libtiff5-4.0.9-150000.45.35.1
SUSE Linux Enterprise Micro 5.4
libtiff5-4.0.9-150000.45.35.1
SUSE Linux Enterprise Micro 5.5
libtiff5-4.0.9-150000.45.35.1
SUSE Linux Enterprise Module for Basesystem 15 SP4
libtiff-devel-4.0.9-150000.45.35.1
libtiff5-4.0.9-150000.45.35.1
libtiff5-32bit-4.0.9-150000.45.35.1
SUSE Linux Enterprise Module for Basesystem 15 SP5
libtiff-devel-4.0.9-150000.45.35.1
libtiff5-4.0.9-150000.45.35.1
libtiff5-32bit-4.0.9-150000.45.35.1
SUSE Linux Enterprise Module for Package Hub 15 SP4
tiff-4.0.9-150000.45.35.1
SUSE Linux Enterprise Module for Package Hub 15 SP5
tiff-4.0.9-150000.45.35.1
SUSE Linux Enterprise Server 15 SP1-LTSS
libtiff-devel-4.0.9-150000.45.35.1
libtiff5-4.0.9-150000.45.35.1
libtiff5-32bit-4.0.9-150000.45.35.1
SUSE Linux Enterprise Server 15 SP2-LTSS
libtiff-devel-4.0.9-150000.45.35.1
libtiff5-4.0.9-150000.45.35.1
libtiff5-32bit-4.0.9-150000.45.35.1
SUSE Linux Enterprise Server 15 SP3-LTSS
libtiff-devel-4.0.9-150000.45.35.1
libtiff5-4.0.9-150000.45.35.1
libtiff5-32bit-4.0.9-150000.45.35.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
libtiff-devel-4.0.9-150000.45.35.1
libtiff5-4.0.9-150000.45.35.1
libtiff5-32bit-4.0.9-150000.45.35.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
libtiff-devel-4.0.9-150000.45.35.1
libtiff5-4.0.9-150000.45.35.1
libtiff5-32bit-4.0.9-150000.45.35.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
libtiff-devel-4.0.9-150000.45.35.1
libtiff5-4.0.9-150000.45.35.1
libtiff5-32bit-4.0.9-150000.45.35.1
openSUSE Leap 15.4
libtiff-devel-4.0.9-150000.45.35.1
libtiff-devel-32bit-4.0.9-150000.45.35.1
libtiff5-4.0.9-150000.45.35.1
libtiff5-32bit-4.0.9-150000.45.35.1
tiff-4.0.9-150000.45.35.1
openSUSE Leap 15.5
libtiff-devel-4.0.9-150000.45.35.1
libtiff-devel-32bit-4.0.9-150000.45.35.1
libtiff5-4.0.9-150000.45.35.1
libtiff5-32bit-4.0.9-150000.45.35.1
tiff-4.0.9-150000.45.35.1
openSUSE Leap Micro 5.3
libtiff5-4.0.9-150000.45.35.1
openSUSE Leap Micro 5.4
libtiff5-4.0.9-150000.45.35.1
Ссылки
- Link for SUSE-SU-2023:4869-1
- E-Mail link for SUSE-SU-2023:4869-1
- SUSE Security Ratings
- SUSE Bug 1199483
- SUSE Bug 1210231
- SUSE Bug 1211478
- SUSE Bug 1212398
- SUSE Bug 1214680
- SUSE CVE CVE-2022-1622 page
- SUSE CVE CVE-2022-40090 page
- SUSE CVE CVE-2023-1916 page
- SUSE CVE CVE-2023-26965 page
- SUSE CVE CVE-2023-2731 page
Описание
LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.
Затронутые продукты
Container suse/nginx:latest:libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP2-SAP-Azure:libtiff5-4.0.9-150000.45.35.1
Ссылки
- CVE-2022-1622
- SUSE Bug 1199483
Описание
An issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attackers to cause a denial of service via crafted TIFF file.
Затронутые продукты
Container suse/nginx:latest:libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP2-SAP-Azure:libtiff5-4.0.9-150000.45.35.1
Ссылки
- CVE-2022-40090
- SUSE Bug 1214680
Описание
A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure. This issue affects libtiff versions 4.x.
Затронутые продукты
Container suse/nginx:latest:libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP2-SAP-Azure:libtiff5-4.0.9-150000.45.35.1
Ссылки
- CVE-2023-1916
- SUSE Bug 1210231
Описание
loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image.
Затронутые продукты
Container suse/nginx:latest:libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP2-SAP-Azure:libtiff5-4.0.9-150000.45.35.1
Ссылки
- CVE-2023-26965
- SUSE Bug 1212398
- SUSE Bug 1219472
Описание
A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service.
Затронутые продукты
Container suse/nginx:latest:libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:libtiff5-4.0.9-150000.45.35.1
Image SLES15-SP2-SAP-Azure:libtiff5-4.0.9-150000.45.35.1
Ссылки
- CVE-2023-2731
- SUSE Bug 1211478