SUSE-SU-2022:4411-1

Details

This update for tiff fixes the following issues:

CVE-2022-3570: Fixed heap buffer overflows in tiffcrop.c (bsc#1205422).
CVE-2022-3598: Fixed out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c [bsc#1204642]

Affected Packages

libtiff-devel

SUSE Enterprise Storage 6SUSE Enterprise Storage 7SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP1-LTSSSUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS

Fixed in:

4.0.9-150000.45.22.1

libtiff5

SUSE Enterprise Storage 6SUSE Enterprise Storage 7SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP1-LTSSSUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS

Fixed in:

4.0.9-150000.45.22.1

libtiff5-32bit

SUSE Enterprise Storage 6SUSE Enterprise Storage 7SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP1-LTSSSUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS

Fixed in:

4.0.9-150000.45.22.1

tiff

SUSE Enterprise Storage 6SUSE Enterprise Storage 7SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP1-LTSSSUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS

Fixed in:

4.0.9-150000.45.22.1

libtiff-devel-32bit

openSUSE Leap 15.3openSUSE Leap 15.4

Fixed in:

4.0.9-150000.45.22.1

References

REPORT

https://bugzilla.suse.com/1204642

REPORT

https://bugzilla.suse.com/1205422

WEB

https://www.suse.com/security/cve/CVE-2022-3570

WEB

https://www.suse.com/security/cve/CVE-2022-3598

ADVISORY

https://www.suse.com/support/update/announcement/2022/suse-su-20224411-1/