Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

SUSE 12-SP3: SUSE-SU-2018:0012-2 High: PNG Buffer Overflow Issue

suse
Calendar Grey April 18, 2017
Scroller Suse
Debian Security Update for libpng resolves various concerns. Critical vulnerabilities patched to improve overall safety.
An update that fixes 7 vulnerabilities is now available

Summary

This update for tiff fixes the following issues: Security issues fixed: - CVE-2016-10272: LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "WRITE of size 2048" and libtiff/tif_next.c:64:9 (bsc#1031247). - CVE-2016-10271: tools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read and buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 1" and libtiff/tif_fax3.c:413:13 (bsc#1031249). - CVE-2016-10270: LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified

References

#1031247 #1031249 #1031250 #1031254 #1031255

#1031262 #1031263

Cross- CVE-2016-10266 CVE-2016-10267 CVE-2016-10268

CVE-2016-10269 CVE-2016-10270 CVE-2016-10271

CVE-2016-10272

Affected Products:

SUSE Linux Enterprise Software Development Kit 12-SP2

SUSE Linux Enterprise Software Development Kit 12-SP1

SUSE Linux Enterprise Server for Raspberry Pi 12-SP2

SUSE Linux Enterprise Server 12-SP2

SUSE Linux Enterprise Server 12-SP1

SUSE Linux Enterprise Desktop 12-SP2

SUSE Linux Enterprise Desktop 12-SP1

https://www.suse.com/security/cve/CVE-2016-10266.html

https://www.suse.com/security/cve/CVE-2016-10267.html

https://www.suse.com/security/cve/CVE-2016-10268.html

https://www.suse.com/security/cve/CVE-2016-10269.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2017:1044-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.