## This update for tiff fixes the following issues Security issues: * CVE-2025-8851: libtiff: LibTIFF Stack-based buffer overflow (bsc#1248278). * CVE-2026-4775: signed integer overflow in the `putcontig8bitYCbCr44tile` function (bsc#1260411). Non security issue: * QGIS can't export with GDAL- LERC codec, LERC library not found anywhere in the system (bsc#1257123). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-1007=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-1007=1 ## Package List:
* bsc#1248278
* bsc#1257123
* bsc#1260411
Cross-
* CVE-2018-7456
* CVE-2023-0800
* CVE-2023-0801
* CVE-2023-0802
* CVE-2023-0803
* CVE-2023-0804
* CVE-2025-8851
* CVE-2026-4775
CVSS scores:
* CVE-2018-7456 ( SUSE ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2018-7456 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2023-0800 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2023-0800 ( NVD ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2023-0800 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2023-0801 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2023-0801 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Get the latest Linux and open source security news straight to your inbox.