Security update for tiff

Announcement ID:	SUSE-SU-2018:1472-1
Rating:	moderate
References:	bsc#1017694 bsc#1031250 bsc#1031254 bsc#1033109 bsc#1033111 bsc#1033112 bsc#1033113 bsc#1033120 bsc#1033126 bsc#1033127 bsc#1033129 bsc#1074317 bsc#984808 bsc#984809 bsc#984831 bsc#987351
Cross-References:	CVE-2016-10267 CVE-2016-10269 CVE-2016-10270 CVE-2016-5314 CVE-2016-5315 CVE-2017-18013 CVE-2017-7593 CVE-2017-7595 CVE-2017-7596 CVE-2017-7597 CVE-2017-7599 CVE-2017-7600 CVE-2017-7601 CVE-2017-7602
CVSS scores:	CVE-2016-10267 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2016-10269 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2016-10270 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2016-5314 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2016-5315 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-18013 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-18013 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-7593 ( SUSE ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2017-7593 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2017-7595 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-7596 ( SUSE ): 7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2017-7596 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2017-7597 ( SUSE ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2017-7597 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2017-7599 ( SUSE ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2017-7599 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2017-7600 ( SUSE ): 3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2017-7600 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2017-7601 ( SUSE ): 3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2017-7601 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2017-7602 ( SUSE ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2017-7602 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:	SLES for SAP Applications 11-SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4

An update that solves 14 vulnerabilities and has two security fixes can now be installed.

Description:

This update for tiff fixes the following issues:

Security issues fixed:

• CVE-2016-5315: The setByteArray function in tif_dir.c allowed remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image. (bsc#984809)
• CVE-2016-10267: LibTIFF allowed remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_ojpeg.c:816:8. (bsc#1017694)
• CVE-2016-10269: LibTIFF allowed remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 512" and libtiff/tif_unix.c:340:2. (bsc#1031254)
• CVE-2016-10270: LibTIFF allowed remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 8" and libtiff/tif_read.c:523:22. (bsc#1031250)
• CVE-2017-18013: In LibTIFF, there was a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash. (bsc#1074317)
• CVE-2017-7593: tif_read.c did not ensure that tif_rawdata is properly initialized, which might have allowed remote attackers to obtain sensitive information from process memory via a crafted image. (bsc#1033129)
• CVE-2017-7595: The JPEGSetupEncode function in tiff_jpeg.c allowed remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image. (bsc#1033127)
• CVE-2017-7596: LibTIFF had an "outside the range of representable values of type float" undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033126)
• CVE-2017-7597: tif_dirread.c had an "outside the range of representable values of type float" undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033120)
• CVE-2017-7599: LibTIFF had an "outside the range of representable values of type short" undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033113)
• CVE-2017-7600: LibTIFF had an "outside the range of representable values of type unsigned char" undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033112)
• CVE-2017-7601: LibTIFF had a "shift exponent too large for 64-bit type long" undefined behavior issue, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033111)
• CVE-2017-7602: LibTIFF had a signed integer overflow, which might have allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (bsc#1033109)
• Multiple divide by zero issues
• CVE-2016-5314: Buffer overflow in the PixarLogDecode function in tif_pixarlog.c allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr. (bsc#987351 bsc#984808 bsc#984831)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Software Development Kit 11 SP4
  zypper in -t patch sdksp4-tiff-13631=1
• SUSE Linux Enterprise Server 11 SP4
  zypper in -t patch slessp4-tiff-13631=1
• SLES for SAP Applications 11-SP4
  zypper in -t patch slessp4-tiff-13631=1

Package List:

• SUSE Linux Enterprise Software Development Kit 11 SP4 (s390x x86_64 i586 ppc64 ia64)
  • libtiff-devel-3.8.2-141.169.6.1
• SUSE Linux Enterprise Software Development Kit 11 SP4 (ppc64 s390x x86_64)
  • libtiff-devel-32bit-3.8.2-141.169.6.1
• SUSE Linux Enterprise Server 11 SP4 (s390x x86_64 i586 ppc64 ia64)
  • libtiff3-3.8.2-141.169.6.1
  • tiff-3.8.2-141.169.6.1
• SUSE Linux Enterprise Server 11 SP4 (ia64)
  • libtiff3-x86-3.8.2-141.169.6.1
• SUSE Linux Enterprise Server 11 SP4 (ppc64 s390x x86_64)
  • libtiff3-32bit-3.8.2-141.169.6.1
• SLES for SAP Applications 11-SP4 (ppc64 x86_64)
  • libtiff3-32bit-3.8.2-141.169.6.1
  • libtiff3-3.8.2-141.169.6.1
  • tiff-3.8.2-141.169.6.1

References:

• https://www.suse.com/security/cve/CVE-2016-10267.html
• https://www.suse.com/security/cve/CVE-2016-10269.html
• https://www.suse.com/security/cve/CVE-2016-10270.html
• https://www.suse.com/security/cve/CVE-2016-5314.html
• https://www.suse.com/security/cve/CVE-2016-5315.html
• https://www.suse.com/security/cve/CVE-2017-18013.html
• https://www.suse.com/security/cve/CVE-2017-7593.html
• https://www.suse.com/security/cve/CVE-2017-7595.html
• https://www.suse.com/security/cve/CVE-2017-7596.html
• https://www.suse.com/security/cve/CVE-2017-7597.html
• https://www.suse.com/security/cve/CVE-2017-7599.html
• https://www.suse.com/security/cve/CVE-2017-7600.html
• https://www.suse.com/security/cve/CVE-2017-7601.html
• https://www.suse.com/security/cve/CVE-2017-7602.html
• https://bugzilla.suse.com/show_bug.cgi?id=1017694
• https://bugzilla.suse.com/show_bug.cgi?id=1031250
• https://bugzilla.suse.com/show_bug.cgi?id=1031254
• https://bugzilla.suse.com/show_bug.cgi?id=1033109
• https://bugzilla.suse.com/show_bug.cgi?id=1033111
• https://bugzilla.suse.com/show_bug.cgi?id=1033112
• https://bugzilla.suse.com/show_bug.cgi?id=1033113
• https://bugzilla.suse.com/show_bug.cgi?id=1033120
• https://bugzilla.suse.com/show_bug.cgi?id=1033126
• https://bugzilla.suse.com/show_bug.cgi?id=1033127
• https://bugzilla.suse.com/show_bug.cgi?id=1033129
• https://bugzilla.suse.com/show_bug.cgi?id=1074317
• https://bugzilla.suse.com/show_bug.cgi?id=984808
• https://bugzilla.suse.com/show_bug.cgi?id=984809
• https://bugzilla.suse.com/show_bug.cgi?id=984831
• https://bugzilla.suse.com/show_bug.cgi?id=987351