Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

SUSE: 2018:4191-1 Moderate Severity TIFF Memory Vulnerabilities

suse
Calendar Grey December 19, 2018
Dist Suse Esm H88
The recent tiff update addresses a variety of vulnerabilities, notably denial of service, buffer overflow risks, and concerns regarding memory safety in SUSE systems.
An update that fixes 6 vulnerabilities is now available

Summary

This update for tiff fixes the following issues: Security issues fixed: - CVE-2018-19210: Fixed NULL pointer dereference in the TIFFWriteDirectorySec function (bsc#1115717). - CVE-2017-12944: Fixed denial of service issue in the TIFFReadDirEntryArray function (bsc#1054594). - CVE-2016-10094: Fixed heap-based buffer overflow in the _tiffWriteProc function (bsc#1017693). - CVE-2016-10093: Fixed heap-based buffer overflow in the _TIFFmemcpy function (bsc#1017693). - CVE-2016-10092: Fixed heap-based buffer overflow in the TIFFReverseBits function (bsc#1017693). - CVE-2016-6223: Fixed out-of-bounds read on memory-mapped files in TIFFReadRawStrip1() and TIFFReadRawTile1() (bsc#990460). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods

References

#1017693 #1054594 #1115717 #990460

Cross- CVE-2016-10092 CVE-2016-10093 CVE-2016-10094

CVE-2016-6223 CVE-2017-12944 CVE-2018-19210

Affected Products:

SUSE Linux Enterprise Software Development Kit 12-SP4

SUSE Linux Enterprise Software Development Kit 12-SP3

SUSE Linux Enterprise Server 12-SP4

SUSE Linux Enterprise Server 12-SP3

SUSE Linux Enterprise Desktop 12-SP4

SUSE Linux Enterprise Desktop 12-SP3

https://www.suse.com/security/cve/CVE-2016-10092.html

https://www.suse.com/security/cve/CVE-2016-10093.html

https://www.suse.com/security/cve/CVE-2016-10094.html

https://www.suse.com/security/cve/CVE-2016-6223.html

https://www.suse.com/security/cve/CVE-2017-12944.html

https://www.suse.com/security/cve/CVE-2018-19210.html

Announcement ID: SUSE-SU-2018:4191-1
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here