SUSE-SU-2019:3058-1

Details

This update for tiff fixes the following issues:

Security issues fixed:

CVE-2019-14973: Fixed an improper check which was depended on the compiler which could have led to integer overflow (bsc#1146608).
CVE-2016-5102: Fixed a buffer overflow in readgifimage() (bsc#983268)
CVE-2018-17000: Fixed a NULL pointer dereference in the _TIFFmemcmp function (bsc#1108606).
CVE-2019-6128: Fixed a memory leak in the TIFFFdOpen function in tif_unix.c (bsc#1121626).
CVE-2019-7663: Fixed an invalid address dereference in the TIFFWriteDirectoryTagTransfer function in libtiff/tif_dirwrite.c (bsc#1125113)

Affected Packages

libtiff5

SUSE Linux Enterprise Desktop 12 SP4SUSE Linux Enterprise Server 12 SP4SUSE Linux Enterprise Server 12 SP5SUSE Linux Enterprise Server for SAP Applications 12 SP4SUSE Linux Enterprise Server for SAP Applications 12 SP5

Fixed in:

4.0.9-44.42.1

libtiff5-32bit

SUSE Linux Enterprise Desktop 12 SP4SUSE Linux Enterprise Server 12 SP4SUSE Linux Enterprise Server 12 SP5SUSE Linux Enterprise Server for SAP Applications 12 SP4SUSE Linux Enterprise Server for SAP Applications 12 SP5

Fixed in:

4.0.9-44.42.1

tiff

SUSE Linux Enterprise Desktop 12 SP4SUSE Linux Enterprise Server 12 SP4SUSE Linux Enterprise Server 12 SP5SUSE Linux Enterprise Server for SAP Applications 12 SP4SUSE Linux Enterprise Server for SAP Applications 12 SP5

Fixed in:

4.0.9-44.42.1

libtiff-devel

SUSE Linux Enterprise Software Development Kit 12 SP4SUSE Linux Enterprise Software Development Kit 12 SP5

Fixed in:

4.0.9-44.42.1

References

REPORT

https://bugzilla.suse.com/1108606

REPORT

https://bugzilla.suse.com/1121626

REPORT