Security update for tiff SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2016:0160-1 Final 1 1 2016-01-18T17:38:18Z current 2016-01-18T17:38:18Z 2016-01-18T17:38:18Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for tiff This update to tiff 4.0.6 fixes the following issues: - CVE-2015-7554: Out-of-bounds write in the thumbnail and tiffcmp tools allowed attacker to cause a denial of service or have unspecified further impact (bsc#960341) - bsc#942690: potential out-of-bound write in NeXTDecode() (#2508) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-DESKTOP-12-2016-104,SUSE-SLE-DESKTOP-12-SP1-2016-104,SUSE-SLE-SDK-12-2016-104,SUSE-SLE-SDK-12-SP1-2016-104,SUSE-SLE-SERVER-12-2016-104,SUSE-SLE-SERVER-12-SP1-2016-104 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2016/suse-su-20160160-1/ Link for SUSE-SU-2016:0160-1 https://lists.suse.com/pipermail/sle-security-updates/2016-January/001808.html E-Mail link for SUSE-SU-2016:0160-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/942690 SUSE Bug 942690 https://bugzilla.suse.com/960341 SUSE Bug 960341 https://www.suse.com/security/cve/CVE-2015-7554/ SUSE CVE CVE-2015-7554 page SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12 SP1 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Software Development Kit 12 SP1 libtiff5-4.0.6-19.1 libtiff5-32bit-4.0.6-19.1 libtiff-devel-4.0.6-19.1 tiff-4.0.6-19.1 libtiff5-4.0.6-19.1 as a component of SUSE Linux Enterprise Desktop 12 libtiff5-32bit-4.0.6-19.1 as a component of SUSE Linux Enterprise Desktop 12 libtiff5-4.0.6-19.1 as a component of SUSE Linux Enterprise Desktop 12 SP1 libtiff5-32bit-4.0.6-19.1 as a component of SUSE Linux Enterprise Desktop 12 SP1 libtiff5-4.0.6-19.1 as a component of SUSE Linux Enterprise Server 12 libtiff5-32bit-4.0.6-19.1 as a component of SUSE Linux Enterprise Server 12 tiff-4.0.6-19.1 as a component of SUSE Linux Enterprise Server 12 libtiff5-4.0.6-19.1 as a component of SUSE Linux Enterprise Server 12 SP1 libtiff5-32bit-4.0.6-19.1 as a component of SUSE Linux Enterprise Server 12 SP1 tiff-4.0.6-19.1 as a component of SUSE Linux Enterprise Server 12 SP1 libtiff5-4.0.6-19.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 libtiff5-32bit-4.0.6-19.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 tiff-4.0.6-19.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 libtiff5-4.0.6-19.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 libtiff5-32bit-4.0.6-19.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 tiff-4.0.6-19.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 libtiff-devel-4.0.6-19.1 as a component of SUSE Linux Enterprise Software Development Kit 12 libtiff-devel-4.0.6-19.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP1 The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via crafted field data in an extension tag in a TIFF image. CVE-2015-7554 SUSE Linux Enterprise Desktop 12 SP1:libtiff5-32bit-4.0.6-19.1 SUSE Linux Enterprise Desktop 12 SP1:libtiff5-4.0.6-19.1 SUSE Linux Enterprise Desktop 12:libtiff5-32bit-4.0.6-19.1 SUSE Linux Enterprise Desktop 12:libtiff5-4.0.6-19.1 SUSE Linux Enterprise Server 12 SP1:libtiff5-32bit-4.0.6-19.1 SUSE Linux Enterprise Server 12 SP1:libtiff5-4.0.6-19.1 SUSE Linux Enterprise Server 12 SP1:tiff-4.0.6-19.1 SUSE Linux Enterprise Server 12:libtiff5-32bit-4.0.6-19.1 SUSE Linux Enterprise Server 12:libtiff5-4.0.6-19.1 SUSE Linux Enterprise Server 12:tiff-4.0.6-19.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libtiff5-32bit-4.0.6-19.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libtiff5-4.0.6-19.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:tiff-4.0.6-19.1 SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-32bit-4.0.6-19.1 SUSE Linux Enterprise Server for SAP Applications 12:libtiff5-4.0.6-19.1 SUSE Linux Enterprise Server for SAP Applications 12:tiff-4.0.6-19.1 SUSE Linux Enterprise Software Development Kit 12 SP1:libtiff-devel-4.0.6-19.1 SUSE Linux Enterprise Software Development Kit 12:libtiff-devel-4.0.6-19.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20160160-1/ https://www.suse.com/security/cve/CVE-2015-7554.html CVE-2015-7554 https://bugzilla.suse.com/1007276 SUSE Bug 1007276 https://bugzilla.suse.com/1017690 SUSE Bug 1017690 https://bugzilla.suse.com/1040322 SUSE Bug 1040322 https://bugzilla.suse.com/960341 SUSE Bug 960341 https://bugzilla.suse.com/974621 SUSE Bug 974621 https://bugzilla.suse.com/983436 SUSE Bug 983436