Security update for libtiff

SUSE Security Update: Security update for libtiff
Announcement ID: SUSE-SU-2013:1639-1
Rating: moderate
References: #753362 #767852 #767854 #770816 #781995 #787892 #788741 #791607 #817573 #818117 #834477 #834779 #834788
Affected Products:
  • SUSE Linux Enterprise Server 10 SP3 LTSS
    		•

    An update that fixes 13 vulnerabilities is now available.

    Description:


    This tiff LTSS roll up update fixes several security issues.

    * CVE-2013-4232 CVE-2013-4231: buffer overflows/use
    after free problem
    * CVE-2013-4243: libtiff (gif2tiff): heap-based buffer
    overflow in readgifimage()
    * CVE-2013-4244: libtiff (gif2tiff): OOB Write in LZW
    decompressor
    * CVE-2013-1961: Stack-based buffer overflow with
    malformed image-length and resolution
    * CVE-2013-1960: Heap-based buffer overflow in
    t2_process_jpeg_strip()
    * CVE-2012-4447: Heap-buffer overflow when processing a
    TIFF image with PixarLog Compression
    * CVE-2012-4564: Added a ppm2tiff missing return value
    check
    * CVE-2012-5581: Fixed Stack based buffer overflow when
    handling DOTRANGE tags
    * CVE-2012-3401: Fixed Heap-based buffer overflow due
    to improper initialization of T2P context struct pointer
    * CVE-2012-2113: integer overflow leading to heap-based
    buffer overflow when parsing crafted tiff files
    * Another heap-based memory corruption in the tiffp2s
    commandline tool has been fixed [bnc#788741]
    * CVE-2012-2088: A type conversion flaw in libtiff has
    been fixed.
    * CVE-2012-1173: A heap based buffer overflow in
    TIFFReadRGBAImageOriented was fixed.

    Security Issue references:

    * CVE-2012-1173
    >
    * CVE-2012-2088
    >
    * CVE-2012-2113
    >
    * CVE-2012-3401
    >
    * CVE-2012-4447
    >
    * CVE-2012-4564
    >
    * CVE-2012-5581
    >
    * CVE-2013-1960
    >
    * CVE-2013-1961
    >
    * CVE-2013-4231
    >
    * CVE-2013-4232
    >
    * CVE-2013-4243
    >
    * CVE-2013-4244
    >

    Package List:

    • SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64):
    • libtiff-3.8.2-5.36.1
    • libtiff-devel-3.8.2-5.36.1
    • tiff-3.8.2-5.36.1
    • SUSE Linux Enterprise Server 10 SP3 LTSS (s390x x86_64):
    • libtiff-32bit-3.8.2-5.36.1
    • libtiff-devel-32bit-3.8.2-5.36.1

    References:

    • http://support.novell.com/security/cve/CVE-2012-1173.html
    • http://support.novell.com/security/cve/CVE-2012-2088.html
    • http://support.novell.com/security/cve/CVE-2012-2113.html
    • http://support.novell.com/security/cve/CVE-2012-3401.html
    • http://support.novell.com/security/cve/CVE-2012-4447.html
    • http://support.novell.com/security/cve/CVE-2012-4564.html
    • http://support.novell.com/security/cve/CVE-2012-5581.html
    • http://support.novell.com/security/cve/CVE-2013-1960.html
    • http://support.novell.com/security/cve/CVE-2013-1961.html
    • http://support.novell.com/security/cve/CVE-2013-4231.html
    • http://support.novell.com/security/cve/CVE-2013-4232.html
    • http://support.novell.com/security/cve/CVE-2013-4243.html
    • http://support.novell.com/security/cve/CVE-2013-4244.html
    • https://bugzilla.novell.com/753362
    • https://bugzilla.novell.com/767852
    • https://bugzilla.novell.com/767854
    • https://bugzilla.novell.com/770816
    • https://bugzilla.novell.com/781995
    • https://bugzilla.novell.com/787892
    • https://bugzilla.novell.com/788741
    • https://bugzilla.novell.com/791607
    • https://bugzilla.novell.com/817573
    • https://bugzilla.novell.com/818117
    • https://bugzilla.novell.com/834477
    • https://bugzilla.novell.com/834779
    • https://bugzilla.novell.com/834788
    • http://download.suse.com/patch/finder/?keywords=db898b28994a0ce2b1deaf3ee47ec36c