openSUSE: 2022:0480-1 important: tiff


   openSUSE Security Update: Security update for tiff
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2022:0480-1
Rating:             important
References:         #1071031 #1154365 #1182808 #1182809 #1182811 
                    #1182812 #1190312 #1194539 
Cross-References:   CVE-2017-17095 CVE-2019-17546 CVE-2020-19131
                    CVE-2020-35521 CVE-2020-35522 CVE-2020-35523
                    CVE-2020-35524 CVE-2022-22844
CVSS scores:
                    CVE-2017-17095 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2017-17095 (SUSE): 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2019-17546 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2019-17546 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2020-19131 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2020-19131 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2020-35521 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2020-35521 (SUSE): 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H
                    CVE-2020-35522 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
                    CVE-2020-35522 (SUSE): 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H
                    CVE-2020-35523 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2020-35523 (SUSE): 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
                    CVE-2020-35524 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2020-35524 (SUSE): 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
                    CVE-2022-22844 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products:
                    openSUSE Leap 15.3
                    openSUSE Leap 15.4
______________________________________________________________________________

   An update that fixes 8 vulnerabilities is now available.

Description:

   This update for tiff fixes the following issues:

   - CVE-2017-17095: Fixed DoS in tools/pal2rgb.c in pal2rgb (bsc#1071031).
   - CVE-2019-17546: Fixed integer overflow that potentially causes a
     heap-based buffer overflow via a crafted RGBA image (bsc#1154365).
   - CVE-2020-19131: Fixed buffer overflow in tiffcrop that may cause DoS via
     the invertImage() function (bsc#1190312).
   - CVE-2020-35521: Fixed memory allocation failure in tif_read.c
     (bsc#1182808).
   - CVE-2020-35522: Fixed memory allocation failure in tif_pixarlog.c
     (bsc#1182809).
   - CVE-2020-35523: Fixed integer overflow in tif_getimage.c (bsc#1182811).
   - CVE-2020-35524: Fixed heap-based buffer overflow in TIFF2PDF tool
     (bsc#1182812).
   - CVE-2022-22844: Fixed out-of-bounds read in _TIFFmemcpy in tif_unix.c
     (bsc#1194539).


Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Leap 15.4:

      zypper in -t patch openSUSE-SLE-15.4-2022-480=1

   - openSUSE Leap 15.3:

      zypper in -t patch openSUSE-SLE-15.3-2022-480=1



Package List:

   - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):

      libtiff-devel-4.0.9-45.5.1
      libtiff5-4.0.9-45.5.1
      libtiff5-debuginfo-4.0.9-45.5.1
      tiff-4.0.9-45.5.1
      tiff-debuginfo-4.0.9-45.5.1
      tiff-debugsource-4.0.9-45.5.1

   - openSUSE Leap 15.4 (x86_64):

      libtiff-devel-32bit-4.0.9-45.5.1
      libtiff5-32bit-4.0.9-45.5.1
      libtiff5-32bit-debuginfo-4.0.9-45.5.1

   - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):

      libtiff-devel-4.0.9-45.5.1
      libtiff5-4.0.9-45.5.1
      libtiff5-debuginfo-4.0.9-45.5.1
      tiff-4.0.9-45.5.1
      tiff-debuginfo-4.0.9-45.5.1
      tiff-debugsource-4.0.9-45.5.1

   - openSUSE Leap 15.3 (x86_64):

      libtiff-devel-32bit-4.0.9-45.5.1
      libtiff5-32bit-4.0.9-45.5.1
      libtiff5-32bit-debuginfo-4.0.9-45.5.1


References:

   https://www.suse.com/security/cve/CVE-2017-17095.html
   https://www.suse.com/security/cve/CVE-2019-17546.html
   https://www.suse.com/security/cve/CVE-2020-19131.html
   https://www.suse.com/security/cve/CVE-2020-35521.html
   https://www.suse.com/security/cve/CVE-2020-35522.html
   https://www.suse.com/security/cve/CVE-2020-35523.html
   https://www.suse.com/security/cve/CVE-2020-35524.html
   https://www.suse.com/security/cve/CVE-2022-22844.html
   https://bugzilla.suse.com/1071031
   https://bugzilla.suse.com/1154365
   https://bugzilla.suse.com/1182808
   https://bugzilla.suse.com/1182809
   https://bugzilla.suse.com/1182811
   https://bugzilla.suse.com/1182812
   https://bugzilla.suse.com/1190312
   https://bugzilla.suse.com/1194539

What Are You Looking For?

openSUSE: 2022:0480-1 important: tiff

Description

Patch

Package List

References

From Heartbleed to Now: Evolving Threats in OpenSSL and How to Guard Against Them

Security Highlights from KubeCon + CloudNativeCon 2023

Kubernetes Security on AWS: A Practical Guide

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits

News

Advisories

HOWTOs

Features

A Complete Guide to Torrenting Safely in 2024

Cloud Security Basics for Small Businesses

Scanning and Defending Networks with Nmap

CISA Issues Urgent Warning Over Active Exploitation of Looney Tunables glibc Bug

Cyber Law in the Realm of Open-Source Software Security

About Us

Powered By

What Are You Looking For?

openSUSE: 2022:0480-1 important: tiff

Description

Patch

Package List

References

Get the Latest News & Insights

Related News

News

Advisories

HOWTOs

Features

About Us

Powered By