Security update for tiff SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:1956-1 Final 1 1 2018-07-13T18:06:52Z current 2018-07-13T18:06:52Z 2018-07-13T18:06:52Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for tiff This update for tiff fixes the following security issues: These security issues were fixed: - CVE-2017-18013: Fixed a NULL pointer dereference in the tif_print.cTIFFPrintDirectory function that could have lead to denial of service (bsc#1074317). - CVE-2018-10963: Fixed an assertion failure in the TIFFWriteDirectorySec() function in tif_dirwrite.c, which allowed remote attackers to cause a denial of service via a crafted file (bsc#1092949). - CVE-2018-7456: Prevent a NULL Pointer dereference in the function TIFFPrintDirectory when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013 (bsc#1082825). - CVE-2017-11613: Prevent denial of service in the TIFFOpen function. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In the ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called based on td_imagelength. If the value of td_imagelength is set close to the amount of system memory, it will hang the system or trigger the OOM killer (bsc#1082332). - CVE-2018-8905: Prevent heap-based buffer overflow in the function LZWDecodeCompat via a crafted TIFF file (bsc#1086408). This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-security-announce/2018-07/msg00017.html E-Mail link for openSUSE-SU-2018:1956-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 15.0 libtiff-devel-4.0.9-lp150.4.3.1 libtiff-devel-32bit-4.0.9-lp150.4.3.1 libtiff5-4.0.9-lp150.4.3.1 libtiff5-32bit-4.0.9-lp150.4.3.1 tiff-4.0.9-lp150.4.3.1 libtiff-devel-4.0.9-lp150.4.3.1 as a component of openSUSE Leap 15.0 libtiff-devel-32bit-4.0.9-lp150.4.3.1 as a component of openSUSE Leap 15.0 libtiff5-4.0.9-lp150.4.3.1 as a component of openSUSE Leap 15.0 libtiff5-32bit-4.0.9-lp150.4.3.1 as a component of openSUSE Leap 15.0 tiff-4.0.9-lp150.4.3.1 as a component of openSUSE Leap 15.0 In LibTIFF 4.0.8, there is a denial of service vulnerability in the TIFFOpen function. A crafted input will lead to a denial of service attack. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In the ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called based on td_imagelength. If we set the value of td_imagelength close to the amount of system memory, it will hang the system or trigger the OOM killer. CVE-2017-11613 openSUSE Leap 15.0:libtiff-devel-32bit-4.0.9-lp150.4.3.1 openSUSE Leap 15.0:libtiff-devel-4.0.9-lp150.4.3.1 openSUSE Leap 15.0:libtiff5-32bit-4.0.9-lp150.4.3.1 openSUSE Leap 15.0:libtiff5-4.0.9-lp150.4.3.1 openSUSE Leap 15.0:tiff-4.0.9-lp150.4.3.1 low Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-07/msg00017.html https://www.suse.com/security/cve/CVE-2017-11613.html CVE-2017-11613 https://bugzilla.suse.com/1082332 SUSE Bug 1082332 https://bugzilla.suse.com/1106853 SUSE Bug 1106853 In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash. CVE-2017-18013 openSUSE Leap 15.0:libtiff-devel-32bit-4.0.9-lp150.4.3.1 openSUSE Leap 15.0:libtiff-devel-4.0.9-lp150.4.3.1 openSUSE Leap 15.0:libtiff5-32bit-4.0.9-lp150.4.3.1 openSUSE Leap 15.0:libtiff5-4.0.9-lp150.4.3.1 openSUSE Leap 15.0:tiff-4.0.9-lp150.4.3.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-07/msg00017.html https://www.suse.com/security/cve/CVE-2017-18013.html CVE-2017-18013 https://bugzilla.suse.com/1074317 SUSE Bug 1074317 https://bugzilla.suse.com/1082825 SUSE Bug 1082825 The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726. CVE-2018-10963 openSUSE Leap 15.0:libtiff-devel-32bit-4.0.9-lp150.4.3.1 openSUSE Leap 15.0:libtiff-devel-4.0.9-lp150.4.3.1 openSUSE Leap 15.0:libtiff5-32bit-4.0.9-lp150.4.3.1 openSUSE Leap 15.0:libtiff5-4.0.9-lp150.4.3.1 openSUSE Leap 15.0:tiff-4.0.9-lp150.4.3.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-07/msg00017.html https://www.suse.com/security/cve/CVE-2018-10963.html CVE-2018-10963 https://bugzilla.suse.com/1092949 SUSE Bug 1092949 A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.) CVE-2018-7456 openSUSE Leap 15.0:libtiff-devel-32bit-4.0.9-lp150.4.3.1 openSUSE Leap 15.0:libtiff-devel-4.0.9-lp150.4.3.1 openSUSE Leap 15.0:libtiff5-32bit-4.0.9-lp150.4.3.1 openSUSE Leap 15.0:libtiff5-4.0.9-lp150.4.3.1 openSUSE Leap 15.0:tiff-4.0.9-lp150.4.3.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-07/msg00017.html https://www.suse.com/security/cve/CVE-2018-7456.html CVE-2018-7456 https://bugzilla.suse.com/1074317 SUSE Bug 1074317 https://bugzilla.suse.com/1082825 SUSE Bug 1082825 In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps. CVE-2018-8905 openSUSE Leap 15.0:libtiff-devel-32bit-4.0.9-lp150.4.3.1 openSUSE Leap 15.0:libtiff-devel-4.0.9-lp150.4.3.1 openSUSE Leap 15.0:libtiff5-32bit-4.0.9-lp150.4.3.1 openSUSE Leap 15.0:libtiff5-4.0.9-lp150.4.3.1 openSUSE Leap 15.0:tiff-4.0.9-lp150.4.3.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-07/msg00017.html https://www.suse.com/security/cve/CVE-2018-8905.html CVE-2018-8905 https://bugzilla.suse.com/1086408 SUSE Bug 1086408