You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa tiff

Sigurnosni nedostaci programskog paketa tiff

openSUSE Security Update: Security update for tiff
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:4256-1
Rating: moderate
References: #1017693 #1054594 #1115717 #990460
Cross-References: CVE-2016-10092 CVE-2016-10093 CVE-2016-10094
CVE-2016-6223 CVE-2017-12944 CVE-2018-19210

Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that fixes 6 vulnerabilities is now available.

Description:

This update for tiff fixes the following issues:

Security issues fixed:

– CVE-2018-19210: Fixed NULL pointer dereference in the
TIFFWriteDirectorySec function (bsc#1115717).
– CVE-2017-12944: Fixed denial of service issue in the
TIFFReadDirEntryArray function (bsc#1054594).
– CVE-2016-10094: Fixed heap-based buffer overflow in the _tiffWriteProc
function (bsc#1017693).
– CVE-2016-10093: Fixed heap-based buffer overflow in the _TIFFmemcpy
function (bsc#1017693).
– CVE-2016-10092: Fixed heap-based buffer overflow in the TIFFReverseBits
function (bsc#1017693).
– CVE-2016-6223: Fixed out-of-bounds read on memory-mapped files in
TIFFReadRawStrip1() and TIFFReadRawTile1() (bsc#990460).

This update was imported from the SUSE:SLE-12:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-1598=1

Package List:

– openSUSE Leap 42.3 (i586 x86_64):

libtiff-devel-4.0.9-43.1
libtiff5-4.0.9-43.1
libtiff5-debuginfo-4.0.9-43.1
tiff-4.0.9-43.1
tiff-debuginfo-4.0.9-43.1
tiff-debugsource-4.0.9-43.1

– openSUSE Leap 42.3 (x86_64):

libtiff-devel-32bit-4.0.9-43.1
libtiff5-32bit-4.0.9-43.1
libtiff5-debuginfo-32bit-4.0.9-43.1

References:

https://www.suse.com/security/cve/CVE-2016-10092.html
https://www.suse.com/security/cve/CVE-2016-10093.html
https://www.suse.com/security/cve/CVE-2016-10094.html
https://www.suse.com/security/cve/CVE-2016-6223.html
https://www.suse.com/security/cve/CVE-2017-12944.html
https://www.suse.com/security/cve/CVE-2018-19210.html
https://bugzilla.suse.com/1017693
https://bugzilla.suse.com/1054594
https://bugzilla.suse.com/1115717
https://bugzilla.suse.com/990460


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

Top
More in Preporuke
Sigurnosni nedostatak programske biblioteke libnettle

Otkriven je sigurnosni nedostatak programske biblioteke libnettle za operacijski sustav openSUSE. Otkriveni nedostatak potencijalnim napadačima omogućuje otkrivanje osjetljivih informacija. Savjetuje...

Close