SUSE-SU-2022:4411-1

Details

Description of the patch:

This update for tiff fixes the following issues:

CVE-2022-3570: Fixed heap buffer overflows in tiffcrop.c (bsc#1205422).
CVE-2022-3598: Fixed out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c [bsc#1204642]

Affected Packages

libtiff-devel

SUSE Enterprise Storage 6SUSE Enterprise Storage 7SUSE Enterprise Storage 7.1SUSE Linux Enterprise Desktop 15 SP3SUSE Linux Enterprise Desktop 15 SP4

Fixed in:

4.0.9-150000.45.22.1

libtiff5

SUSE Enterprise Storage 6SUSE Enterprise Storage 7SUSE Enterprise Storage 7.1SUSE Linux Enterprise Desktop 15 SP3SUSE Linux Enterprise Desktop 15 SP4

Fixed in:

4.0.9-150000.45.22.1

libtiff5-32bit

SUSE Enterprise Storage 6SUSE Enterprise Storage 7SUSE Linux Enterprise Desktop 15 SP4SUSE Linux Enterprise High Performance Computing 15SUSE Linux Enterprise High Performance Computing 15 SP1

Fixed in:

4.0.9-150000.45.22.1

tiff

SUSE Linux Enterprise Module for Package Hub 15 SP3SUSE Linux Enterprise Module for Package Hub 15 SP4openSUSE Leap 15.3openSUSE Leap 15.4

Fixed in:

4.0.9-150000.45.22.1

libtiff-devel-32bit

openSUSE Leap 15.3openSUSE Leap 15.4

Fixed in:

4.0.9-150000.45.22.1

References

ADVISORY