openSUSE-SU-2018:3948-1

Опубликовано: 29 нояб. 2018

Источник: suse-cvrf

Описание

Security update for tiff

This update for tiff fixes the following issues:

Security issues fixed:

CVE-2018-12900: Fixed heap-based buffer overflow in the cpSeparateBufToContigBuf (bsc#1099257).
CVE-2018-18661: Fixed NULL pointer dereference in the function LZWDecode in the file tif_lzw.c (bsc#1113672).
CVE-2018-18557: Fixed JBIG decode can lead to out-of-bounds write (bsc#1113094).

Non-security issues fixed:

asan_build: build ASAN included
debug_build: build more suitable for debugging

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.0

libtiff-devel-4.0.9-lp150.4.9.1

libtiff-devel-32bit-4.0.9-lp150.4.9.1

libtiff5-4.0.9-lp150.4.9.1

libtiff5-32bit-4.0.9-lp150.4.9.1

tiff-4.0.9-lp150.4.9.1

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2018-11/msg00050.html
E-Mail link for openSUSE-SU-2018:3948-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file.

Затронутые продукты

openSUSE Leap 15.0:libtiff-devel-32bit-4.0.9-lp150.4.9.1

openSUSE Leap 15.0:libtiff-devel-4.0.9-lp150.4.9.1

openSUSE Leap 15.0:libtiff5-32bit-4.0.9-lp150.4.9.1

openSUSE Leap 15.0:libtiff5-4.0.9-lp150.4.9.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-12900.html
CVE-2018-12900
https://bugzilla.suse.com/1099257
SUSE Bug 1099257
https://bugzilla.suse.com/1125113
SUSE Bug 1125113

Описание

LibTIFF 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write.

Затронутые продукты

openSUSE Leap 15.0:libtiff-devel-32bit-4.0.9-lp150.4.9.1

openSUSE Leap 15.0:libtiff-devel-4.0.9-lp150.4.9.1

openSUSE Leap 15.0:libtiff5-32bit-4.0.9-lp150.4.9.1

openSUSE Leap 15.0:libtiff5-4.0.9-lp150.4.9.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-18557.html
CVE-2018-18557
https://bugzilla.suse.com/1113094
SUSE Bug 1113094

Описание

An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c.

Затронутые продукты

openSUSE Leap 15.0:libtiff-devel-32bit-4.0.9-lp150.4.9.1

openSUSE Leap 15.0:libtiff-devel-4.0.9-lp150.4.9.1

openSUSE Leap 15.0:libtiff5-32bit-4.0.9-lp150.4.9.1

openSUSE Leap 15.0:libtiff5-4.0.9-lp150.4.9.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-18661.html
CVE-2018-18661
https://bugzilla.suse.com/1113672
SUSE Bug 1113672

openSUSE-SU-2018:3948-1

Описание

Список пакетов

openSUSE Leap 15.0

Ссылки

Уязвимость: CVE-2018-12900

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2018-18557

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2018-18661

Описание

Затронутые продукты

Ссылки