Security update for tiff SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2018:1472-1 Final 1 1 2018-05-30T07:08:57Z current 2018-05-30T07:08:57Z 2018-05-30T07:08:57Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for tiff This update for tiff fixes the following issues: Security issues fixed: - CVE-2016-5315: The setByteArray function in tif_dir.c allowed remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image. (bsc#984809) - CVE-2016-10267: LibTIFF allowed remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_ojpeg.c:816:8. (bsc#1017694) - CVE-2016-10269: LibTIFF allowed remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to 'READ of size 512' and libtiff/tif_unix.c:340:2. (bsc#1031254) - CVE-2016-10270: LibTIFF allowed remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to 'READ of size 8' and libtiff/tif_read.c:523:22. (bsc#1031250) - CVE-2017-18013: In LibTIFF, there was a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash. (bsc#1074317) - CVE-2017-7593: tif_read.c did not ensure that tif_rawdata is properly initialized, which might have allowed remote attackers to obtain sensitive information from process memory via a crafted image. (bsc#1033129) - CVE-2017-7595: The JPEGSetupEncode function in tiff_jpeg.c allowed remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image. (bsc#1033127) - CVE-2017-7596: LibTIFF had an 'outside the range of representable values of type float' undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033126) - CVE-2017-7597: tif_dirread.c had an 'outside the range of representable values of type float' undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033120) - CVE-2017-7599: LibTIFF had an 'outside the range of representable values of type short' undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033113) - CVE-2017-7600: LibTIFF had an 'outside the range of representable values of type unsigned char' undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033112) - CVE-2017-7601: LibTIFF had a 'shift exponent too large for 64-bit type long' undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033111) - CVE-2017-7602: LibTIFF had a signed integer overflow, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033109) - Multiple divide by zero issues - CVE-2016-5314: Buffer overflow in the PixarLogDecode function in tif_pixarlog.c allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr. (bsc#987351 bsc#984808 bsc#984831) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). sdksp4-tiff-13631,slessp4-tiff-13631 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2018/suse-su-20181472-1/ Link for SUSE-SU-2018:1472-1 https://lists.suse.com/pipermail/sle-security-updates/2018-May/004101.html E-Mail link for SUSE-SU-2018:1472-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1017694 SUSE Bug 1017694 https://bugzilla.suse.com/1031250 SUSE Bug 1031250 https://bugzilla.suse.com/1031254 SUSE Bug 1031254 https://bugzilla.suse.com/1033109 SUSE Bug 1033109 https://bugzilla.suse.com/1033111 SUSE Bug 1033111 https://bugzilla.suse.com/1033112 SUSE Bug 1033112 https://bugzilla.suse.com/1033113 SUSE Bug 1033113 https://bugzilla.suse.com/1033120 SUSE Bug 1033120 https://bugzilla.suse.com/1033126 SUSE Bug 1033126 https://bugzilla.suse.com/1033127 SUSE Bug 1033127 https://bugzilla.suse.com/1033129 SUSE Bug 1033129 https://bugzilla.suse.com/1074317 SUSE Bug 1074317 https://bugzilla.suse.com/984808 SUSE Bug 984808 https://bugzilla.suse.com/984809 SUSE Bug 984809 https://bugzilla.suse.com/984831 SUSE Bug 984831 https://bugzilla.suse.com/987351 SUSE Bug 987351 https://www.suse.com/security/cve/CVE-2016-10267/ SUSE CVE CVE-2016-10267 page https://www.suse.com/security/cve/CVE-2016-10269/ SUSE CVE CVE-2016-10269 page https://www.suse.com/security/cve/CVE-2016-10270/ SUSE CVE CVE-2016-10270 page https://www.suse.com/security/cve/CVE-2016-5314/ SUSE CVE CVE-2016-5314 page https://www.suse.com/security/cve/CVE-2016-5315/ SUSE CVE CVE-2016-5315 page https://www.suse.com/security/cve/CVE-2017-18013/ SUSE CVE CVE-2017-18013 page https://www.suse.com/security/cve/CVE-2017-7593/ SUSE CVE CVE-2017-7593 page https://www.suse.com/security/cve/CVE-2017-7595/ SUSE CVE CVE-2017-7595 page https://www.suse.com/security/cve/CVE-2017-7596/ SUSE CVE CVE-2017-7596 page https://www.suse.com/security/cve/CVE-2017-7597/ SUSE CVE CVE-2017-7597 page https://www.suse.com/security/cve/CVE-2017-7599/ SUSE CVE CVE-2017-7599 page https://www.suse.com/security/cve/CVE-2017-7600/ SUSE CVE CVE-2017-7600 page https://www.suse.com/security/cve/CVE-2017-7601/ SUSE CVE CVE-2017-7601 page https://www.suse.com/security/cve/CVE-2017-7602/ SUSE CVE CVE-2017-7602 page SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 libtiff-devel-3.8.2-141.169.6.1 libtiff-devel-32bit-3.8.2-141.169.6.1 libtiff3-3.8.2-141.169.6.1 libtiff3-32bit-3.8.2-141.169.6.1 libtiff3-x86-3.8.2-141.169.6.1 tiff-3.8.2-141.169.6.1 libtiff3-3.8.2-141.169.6.1 as a component of SUSE Linux Enterprise Server 11 SP4 libtiff3-32bit-3.8.2-141.169.6.1 as a component of SUSE Linux Enterprise Server 11 SP4 libtiff3-x86-3.8.2-141.169.6.1 as a component of SUSE Linux Enterprise Server 11 SP4 tiff-3.8.2-141.169.6.1 as a component of SUSE Linux Enterprise Server 11 SP4 libtiff3-3.8.2-141.169.6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 libtiff3-32bit-3.8.2-141.169.6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 libtiff3-x86-3.8.2-141.169.6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 tiff-3.8.2-141.169.6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 libtiff-devel-3.8.2-141.169.6.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 libtiff-devel-32bit-3.8.2-141.169.6.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_ojpeg.c:816:8. CVE-2016-10267 SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1 SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1 SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1 SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20181472-1/ https://www.suse.com/security/cve/CVE-2016-10267.html CVE-2016-10267 https://bugzilla.suse.com/1017694 SUSE Bug 1017694 https://bugzilla.suse.com/1031262 SUSE Bug 1031262 LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6 and 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 512" and libtiff/tif_unix.c:340:2. CVE-2016-10269 SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1 SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1 SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1 SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20181472-1/ https://www.suse.com/security/cve/CVE-2016-10269.html CVE-2016-10269 https://bugzilla.suse.com/1017693 SUSE Bug 1017693 https://bugzilla.suse.com/1031254 SUSE Bug 1031254 LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 8" and libtiff/tif_read.c:523:22. CVE-2016-10270 SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1 SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1 SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1 SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20181472-1/ https://www.suse.com/security/cve/CVE-2016-10270.html CVE-2016-10270 https://bugzilla.suse.com/1031250 SUSE Bug 1031250 Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr. CVE-2016-5314 SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1 SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1 SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1 SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1 moderate 5.8 AV:N/AC:M/Au:N/C:N/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20181472-1/ https://www.suse.com/security/cve/CVE-2016-5314.html CVE-2016-5314 https://bugzilla.suse.com/984831 SUSE Bug 984831 https://bugzilla.suse.com/987351 SUSE Bug 987351 The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image. CVE-2016-5315 SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1 SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1 SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1 SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20181472-1/ https://www.suse.com/security/cve/CVE-2016-5315.html CVE-2016-5315 https://bugzilla.suse.com/984809 SUSE Bug 984809 In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash. CVE-2017-18013 SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1 SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1 SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1 SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20181472-1/ https://www.suse.com/security/cve/CVE-2017-18013.html CVE-2017-18013 https://bugzilla.suse.com/1074317 SUSE Bug 1074317 https://bugzilla.suse.com/1082825 SUSE Bug 1082825 tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image. CVE-2017-7593 SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1 SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1 SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1 SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20181472-1/ https://www.suse.com/security/cve/CVE-2017-7593.html CVE-2017-7593 https://bugzilla.suse.com/1033129 SUSE Bug 1033129 The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image. CVE-2017-7595 SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1 SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1 SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1 SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20181472-1/ https://www.suse.com/security/cve/CVE-2017-7595.html CVE-2017-7595 https://bugzilla.suse.com/1033111 SUSE Bug 1033111 https://bugzilla.suse.com/1033127 SUSE Bug 1033127 LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. CVE-2017-7596 SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1 SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1 SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1 SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20181472-1/ https://www.suse.com/security/cve/CVE-2017-7596.html CVE-2017-7596 https://bugzilla.suse.com/1033112 SUSE Bug 1033112 https://bugzilla.suse.com/1033113 SUSE Bug 1033113 https://bugzilla.suse.com/1033120 SUSE Bug 1033120 https://bugzilla.suse.com/1033126 SUSE Bug 1033126 tif_dirread.c in LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. CVE-2017-7597 SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1 SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1 SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1 SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1 moderate 2.6 AV:N/AC:H/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20181472-1/ https://www.suse.com/security/cve/CVE-2017-7597.html CVE-2017-7597 https://bugzilla.suse.com/1033112 SUSE Bug 1033112 https://bugzilla.suse.com/1033113 SUSE Bug 1033113 https://bugzilla.suse.com/1033120 SUSE Bug 1033120 https://bugzilla.suse.com/1033126 SUSE Bug 1033126 LibTIFF 4.0.7 has an "outside the range of representable values of type short" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. CVE-2017-7599 SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1 SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1 SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1 SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20181472-1/ https://www.suse.com/security/cve/CVE-2017-7599.html CVE-2017-7599 https://bugzilla.suse.com/1033112 SUSE Bug 1033112 https://bugzilla.suse.com/1033113 SUSE Bug 1033113 https://bugzilla.suse.com/1033120 SUSE Bug 1033120 https://bugzilla.suse.com/1033126 SUSE Bug 1033126 LibTIFF 4.0.7 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. CVE-2017-7600 SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1 SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1 SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1 SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1 low 2.6 AV:N/AC:H/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20181472-1/ https://www.suse.com/security/cve/CVE-2017-7600.html CVE-2017-7600 https://bugzilla.suse.com/1033112 SUSE Bug 1033112 https://bugzilla.suse.com/1033113 SUSE Bug 1033113 https://bugzilla.suse.com/1033120 SUSE Bug 1033120 https://bugzilla.suse.com/1033126 SUSE Bug 1033126 LibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. CVE-2017-7601 SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1 SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1 SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1 SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1 low 2.6 AV:N/AC:H/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20181472-1/ https://www.suse.com/security/cve/CVE-2017-7601.html CVE-2017-7601 https://bugzilla.suse.com/1033111 SUSE Bug 1033111 https://bugzilla.suse.com/1033127 SUSE Bug 1033127 LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. CVE-2017-7602 SUSE Linux Enterprise Server 11 SP4:libtiff3-3.8.2-141.169.6.1 SUSE Linux Enterprise Server 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1 SUSE Linux Enterprise Server 11 SP4:libtiff3-x86-3.8.2-141.169.6.1 SUSE Linux Enterprise Server 11 SP4:tiff-3.8.2-141.169.6.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-3.8.2-141.169.6.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-32bit-3.8.2-141.169.6.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libtiff3-x86-3.8.2-141.169.6.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:tiff-3.8.2-141.169.6.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-3.8.2-141.169.6.1 SUSE Linux Enterprise Software Development Kit 11 SP4:libtiff-devel-32bit-3.8.2-141.169.6.1 moderate 2.6 AV:N/AC:H/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20181472-1/ https://www.suse.com/security/cve/CVE-2017-7602.html CVE-2017-7602 https://bugzilla.suse.com/1033109 SUSE Bug 1033109