767854 – (CVE-2012-2088) VUL-0: CVE-2012-2088: libtiff: type conversion flaw

Bug 767854 (CVE-2012-2088) - VUL-0: CVE-2012-2088: libtiff: type conversion flaw

Summary: VUL-0: CVE-2012-2088: libtiff: type conversion flaw

Status:	RESOLVED FIXED

Alias:	CVE-2012-2088

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P2 - High Severity: Major
Target Milestone:	---
Deadline:	2012-06-29
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:	maint:released:sle10-sp3:48017 maint:...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2012-06-20 08:54 UTC by Matthias Weckbecker
Modified:	2013-11-07 12:55 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
-- libtiff_CVE-2012-2088.patch (5.02 KB, patch) 2012-06-20 09:00 UTC, Matthias Weckbecker	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Matthias Weckbecker 2012-06-20 08:54:32 UTC

Similar to bnc#767852, but apparently not quite the same. It got additional
patches.

Comment 1 Matthias Weckbecker 2012-06-20 09:00:58 UTC

Created attachment 495574 [details]
-- libtiff_CVE-2012-2088.patch

Comment 2 Bernhard Wiedemann 2012-06-20 10:00:32 UTC

This is an autogenerated message for OBS integration:
This bug (767854) was mentioned in
https://build.opensuse.org/request/show/125510 Factory / tiff

Comment 3 Matthias Weckbecker 2012-06-20 11:15:34 UTC

SLE11-SP-{1,2} + SLE10-SP-{3,4} affected.

Comment 4 Petr Gajdos 2012-06-20 13:12:12 UTC

openSUSE: mr#125536

Comment 5 Petr Gajdos 2012-06-22 09:08:39 UTC

9sp3:  sr#19843
10sp3: sr#19844
11:    sr#19845

Comment 6 Swamp Workflow Management 2012-06-22 12:01:49 UTC

The SWAMPID for this issue is 48014.
This issue was rated as important.
Please submit fixed packages until 2012-06-29.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.

Comment 7 Swamp Workflow Management 2012-07-04 07:09:41 UTC

openSUSE-SU-2012:0829-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 767852,767854
CVE References: CVE-2012-2088,CVE-2012-2113
Sources used:
openSUSE 12.1 (src):    tiff-3.9.5-8.7.1
openSUSE 11.4 (src):    tiff-3.9.4-28.1

Comment 8 Bernhard Wiedemann 2012-07-10 10:00:20 UTC

This is an autogenerated message for OBS integration:
This bug (767854) was mentioned in
https://build.opensuse.org/request/show/127461 Evergreen:11.2 / tiff

Comment 9 Bernhard Wiedemann 2012-07-13 06:00:44 UTC

This is an autogenerated message for OBS integration:
This bug (767854) was mentioned in
https://build.opensuse.org/request/show/127792 Evergreen:11.2 / tiff

Comment 10 Matthias Weckbecker 2012-07-19 13:02:29 UTC

released

Comment 11 Swamp Workflow Management 2012-07-19 13:08:51 UTC

Update released for: libtiff, tiff
Products:
SUSE-CORE 9-SP3-TERADATA (x86_64)

Comment 12 Swamp Workflow Management 2012-07-19 13:09:14 UTC

Update released for: libtiff, libtiff-32bit, libtiff-devel, libtiff-devel-32bit, tiff, tiff-debuginfo
Products:
SLE-SERVER 10-SP3-TERADATA (x86_64)

Comment 13 Swamp Workflow Management 2012-07-19 15:12:11 UTC

Update released for: libtiff, libtiff-32bit, libtiff-64bit, libtiff-devel, libtiff-devel-32bit, libtiff-devel-64bit, libtiff-x86, tiff, tiff-debuginfo
Products:
SLE-DESKTOP 10-SP4 (i386, x86_64)
SLE-SDK 10-SP4 (i386, ia64, ppc, s390x, x86_64)
SLE-SERVER 10-SP4 (i386, ia64, ppc, s390x, x86_64)

Comment 14 Swamp Workflow Management 2012-07-19 17:07:11 UTC

Update released for: libtiff-devel, libtiff-devel-32bit, libtiff3, libtiff3-32bit, libtiff3-x86, tiff, tiff-debuginfo, tiff-debugsource
Products:
SLE-DEBUGINFO 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP1 (i386, x86_64)
SLE-DESKTOP 11-SP1-FOR-SP2 (i386, x86_64)
SLE-SDK 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLE-SDK 11-SP1-FOR-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP1 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP1-FOR-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP1-TERADATA (x86_64)
SLES4VMWARE 11-SP1 (i386, x86_64)

Comment 15 Swamp Workflow Management 2013-11-07 12:55:38 UTC

Update released for: libtiff, libtiff-32bit, libtiff-devel, libtiff-devel-32bit, tiff, tiff-debuginfo
Products:
SLE-SERVER 10-SP3-LTSS (i386, s390x, x86_64)