Security update for tiff SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2018:3289-1 Final 1 1 2018-10-22T13:30:31Z current 2018-10-22T13:30:31Z 2018-10-22T13:30:31Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for tiff This update for tiff fixes the following issues: - CVE-2018-17100: There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file. (bsc#1108637) - CVE-2018-17101: There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. (bsc#1108627) - CVE-2018-17795: The function t2p_write_pdf in tiff2pdf.c allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935. (bsc#1110358) - CVE-2018-16335: newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. This is a different vulnerability than CVE-2018-15209. (bsc#1106853) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-DESKTOP-12-SP3-2018-2375,SUSE-SLE-SDK-12-SP3-2018-2375,SUSE-SLE-SERVER-12-SP3-2018-2375 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2018/suse-su-20183289-1/ Link for SUSE-SU-2018:3289-1 https://lists.suse.com/pipermail/sle-security-updates/2018-October/004759.html E-Mail link for SUSE-SU-2018:3289-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1106853 SUSE Bug 1106853 https://bugzilla.suse.com/1108627 SUSE Bug 1108627 https://bugzilla.suse.com/1108637 SUSE Bug 1108637 https://bugzilla.suse.com/1110358 SUSE Bug 1110358 https://www.suse.com/security/cve/CVE-2017-11613/ SUSE CVE CVE-2017-11613 page https://www.suse.com/security/cve/CVE-2017-9935/ SUSE CVE CVE-2017-9935 page https://www.suse.com/security/cve/CVE-2018-16335/ SUSE CVE CVE-2018-16335 page https://www.suse.com/security/cve/CVE-2018-17100/ SUSE CVE CVE-2018-17100 page https://www.suse.com/security/cve/CVE-2018-17101/ SUSE CVE CVE-2018-17101 page https://www.suse.com/security/cve/CVE-2018-17795/ SUSE CVE CVE-2018-17795 page SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Software Development Kit 12 SP3 libtiff5-4.0.9-44.24.1 libtiff5-32bit-4.0.9-44.24.1 libtiff-devel-4.0.9-44.24.1 tiff-4.0.9-44.24.1 libtiff5-4.0.9-44.24.1 as a component of SUSE Linux Enterprise Desktop 12 SP3 libtiff5-32bit-4.0.9-44.24.1 as a component of SUSE Linux Enterprise Desktop 12 SP3 libtiff5-4.0.9-44.24.1 as a component of SUSE Linux Enterprise Server 12 SP3 libtiff5-32bit-4.0.9-44.24.1 as a component of SUSE Linux Enterprise Server 12 SP3 tiff-4.0.9-44.24.1 as a component of SUSE Linux Enterprise Server 12 SP3 libtiff5-4.0.9-44.24.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 libtiff5-32bit-4.0.9-44.24.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 tiff-4.0.9-44.24.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 libtiff-devel-4.0.9-44.24.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP3 In LibTIFF 4.0.8, there is a denial of service vulnerability in the TIFFOpen function. A crafted input will lead to a denial of service attack. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In the ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called based on td_imagelength. If we set the value of td_imagelength close to the amount of system memory, it will hang the system or trigger the OOM killer. CVE-2017-11613 SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.9-44.24.1 SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.9-44.24.1 SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.9-44.24.1 SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.9-44.24.1 SUSE Linux Enterprise Server 12 SP3:tiff-4.0.9-44.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.9-44.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.9-44.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.9-44.24.1 SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.9-44.24.1 low 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20183289-1/ https://www.suse.com/security/cve/CVE-2017-11613.html CVE-2017-11613 https://bugzilla.suse.com/1082332 SUSE Bug 1082332 https://bugzilla.suse.com/1106853 SUSE Bug 1106853 In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free. Given these possibilities, it probably could cause arbitrary code execution. CVE-2017-9935 SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.9-44.24.1 SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.9-44.24.1 SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.9-44.24.1 SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.9-44.24.1 SUSE Linux Enterprise Server 12 SP3:tiff-4.0.9-44.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.9-44.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.9-44.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.9-44.24.1 SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.9-44.24.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20183289-1/ https://www.suse.com/security/cve/CVE-2017-9935.html CVE-2017-9935 https://bugzilla.suse.com/1046077 SUSE Bug 1046077 https://bugzilla.suse.com/1074318 SUSE Bug 1074318 https://bugzilla.suse.com/1108606 SUSE Bug 1108606 https://bugzilla.suse.com/1110358 SUSE Bug 1110358 newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. This is a different vulnerability than CVE-2018-15209. CVE-2018-16335 SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.9-44.24.1 SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.9-44.24.1 SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.9-44.24.1 SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.9-44.24.1 SUSE Linux Enterprise Server 12 SP3:tiff-4.0.9-44.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.9-44.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.9-44.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.9-44.24.1 SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.9-44.24.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20183289-1/ https://www.suse.com/security/cve/CVE-2018-16335.html CVE-2018-16335 https://bugzilla.suse.com/1106853 SUSE Bug 1106853 An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file. CVE-2018-17100 SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.9-44.24.1 SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.9-44.24.1 SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.9-44.24.1 SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.9-44.24.1 SUSE Linux Enterprise Server 12 SP3:tiff-4.0.9-44.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.9-44.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.9-44.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.9-44.24.1 SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.9-44.24.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20183289-1/ https://www.suse.com/security/cve/CVE-2018-17100.html CVE-2018-17100 https://bugzilla.suse.com/1108637 SUSE Bug 1108637 An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. CVE-2018-17101 SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.9-44.24.1 SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.9-44.24.1 SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.9-44.24.1 SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.9-44.24.1 SUSE Linux Enterprise Server 12 SP3:tiff-4.0.9-44.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.9-44.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.9-44.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.9-44.24.1 SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.9-44.24.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20183289-1/ https://www.suse.com/security/cve/CVE-2018-17101.html CVE-2018-17101 https://bugzilla.suse.com/1108627 SUSE Bug 1108627 The function t2p_write_pdf in tiff2pdf.c in LibTIFF 4.0.9 and earlier allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935. CVE-2018-17795 SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.9-44.24.1 SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.9-44.24.1 SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.9-44.24.1 SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.9-44.24.1 SUSE Linux Enterprise Server 12 SP3:tiff-4.0.9-44.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-32bit-4.0.9-44.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libtiff5-4.0.9-44.24.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:tiff-4.0.9-44.24.1 SUSE Linux Enterprise Software Development Kit 12 SP3:libtiff-devel-4.0.9-44.24.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20183289-1/ https://www.suse.com/security/cve/CVE-2018-17795.html CVE-2018-17795 https://bugzilla.suse.com/1046077 SUSE Bug 1046077 https://bugzilla.suse.com/1110358 SUSE Bug 1110358