Bugzilla – Bug 914890
VUL-1: CVE-2014-8127 CVE-2014-8128 CVE-2014-8129 CVE-2014-8130: tiff: libtiff3: out-of-bounds read with malformed TIFF image in multiple tools
Last modified: 2017-01-08 00:17:49 UTC
rh#1185805 divide by zero was reported in the libtiff tiffdither tool: - CVE-2014-8130 libtiff: Divide By Zero in the tiffdither tool http://bugzilla.maptools.org/show_bug.cgi?id=2483 The above upstream bug was fixed by one of the commits that fix CVE-2014-8127 / CVE-2014-8128 / CVE-2014-8129 References: https://bugzilla.redhat.com/show_bug.cgi?id=1185817 https://bugzilla.redhat.com/show_bug.cgi?id=1185805 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8127 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8130 http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-8127.html http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-8130.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8130 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8127
Multiple out-of-bounds reads were reported in various libtiff tools: http://bugzilla.maptools.org/show_bug.cgi?id=2500 http://bugzilla.maptools.org/show_bug.cgi?id=2497 http://bugzilla.maptools.org/show_bug.cgi?id=2496 http://bugzilla.maptools.org/show_bug.cgi?id=2485 http://bugzilla.maptools.org/show_bug.cgi?id=2486 http://bugzilla.maptools.org/show_bug.cgi?id=2484 Above upstream bugs were fixed by the below commits: 2014-12-21 Even Rouault <even.rouault@spatialys.com> * tools/pal2rgb.c, tools/thumbnail.c: fix crash by disabling TIFFTAG_INKNAMES copying. The right fix would be to properly copy it, but not worth the burden for those esoteric utilities. http://bugzilla.maptools.org/show_bug.cgi?id=2484 (CVE-2014-8127) 2014-12-21 Even Rouault <even.rouault@spatialys.com> * tools/tiff2bw.c: when Photometric=RGB, the utility only works if SamplesPerPixel = 3. Enforce that http://bugzilla.maptools.org/show_bug.cgi?id=2485 (CVE-2014-8127) 2014-12-21 Even Rouault <even.rouault@spatialys.com> Fix various crasher bugs on fuzzed images. * libtiff/tif_dir.c: TIFFSetField(): refuse to set negative values for TIFFTAG_XRESOLUTION and TIFFTAG_YRESOLUTION that cause asserts when writing the directory * libtiff/tif_dirread.c: TIFFReadDirectory(): refuse to read ColorMap or TransferFunction if BitsPerSample has not yet been read, otherwise reading it later will cause user code to crash if BitsPerSample > 1 * libtiff/tif_getimage.c: TIFFRGBAImageOK(): return FALSE if LOGLUV with SamplesPerPixel != 3, or if CIELAB with SamplesPerPixel != 3 or BitsPerSample != 8 * libtiff/tif_next.c: in the "run mode", use tilewidth for tiled images instead of imagewidth to avoid crash * tools/bmp2tiff.c: fix crash due to int overflow related to input BMP dimensions * tools/tiff2pdf.c: fix crash due to invalid tile count (should likely be checked by libtiff too). Detect invalid settings of BitsPerSample/SamplesPerPixel for CIELAB / ITULAB * tools/tiffcrop.c: fix crash due to invalid TileWidth/TileHeight * tools/tiffdump.c: fix crash due to overflow of entry count.
Out-of-bounds read/write was reported in tiff2pdf libtiff tool: - CVE-2014-8129 libtiff: Out-of-bounds Read & Write in the tiff2pdf tool http://bugzilla.maptools.org/show_bug.cgi?id=2487 - CVE-2014-8129 libtiff: Out-of-bounds Read & Write in the tiff2pdf tool http://bugzilla.maptools.org/show_bug.cgi?id=2488 Above upstream bugs were fixed by the below commits: 2014-12-21 Even Rouault <even.rouault@spatialys.com> * libtiff/tif_next.c: check that BitsPerSample = 2. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2487 (CVE-2014-8129) 2014-12-21 Even Rouault <even.rouault@spatialys.com> Fix various crasher bugs on fuzzed images. * libtiff/tif_dir.c: TIFFSetField(): refuse to set negative values for TIFFTAG_XRESOLUTION and TIFFTAG_YRESOLUTION that cause asserts when writing the directory * libtiff/tif_dirread.c: TIFFReadDirectory(): refuse to read ColorMap or TransferFunction if BitsPerSample has not yet been read, otherwise reading it later will cause user code to crash if BitsPerSample > 1 * libtiff/tif_getimage.c: TIFFRGBAImageOK(): return FALSE if LOGLUV with SamplesPerPixel != 3, or if CIELAB with SamplesPerPixel != 3 or BitsPerSample != 8 * libtiff/tif_next.c: in the "run mode", use tilewidth for tiled images instead of imagewidth to avoid crash * tools/bmp2tiff.c: fix crash due to int overflow related to input BMP dimensions * tools/tiff2pdf.c: fix crash due to invalid tile count (should likely be checked by libtiff too). Detect invalid settings of BitsPerSample/SamplesPerPixel for CIELAB / ITULAB * tools/tiffcrop.c: fix crash due to invalid TileWidth/TileHeight * tools/tiffdump.c: fix crash due to overflow of entry count.
Multiple out-of-bounds writes were reported in various libtiff tools: - CVE-2014-8128 libtiff: Out-of-bounds Write in the thumbnail tool http://bugzilla.maptools.org/show_bug.cgi?id=2489 - CVE-2014-8128 libtiff: Out-of-bounds Write in the tiffdither tool http://bugzilla.maptools.org/show_bug.cgi?id=2490 - CVE-2014-8128 libtiff: Out-of-bounds Write in the tiffdither tool http://bugzilla.maptools.org/show_bug.cgi?id=2491 - CVE-2014-8128 libtiff: Out-of-bounds Write in the tiffdither tool http://bugzilla.maptools.org/show_bug.cgi?id=2492 - CVE-2014-8128 libtiff: Out-of-bounds Write in the thumbnail and tiffcmp tools http://bugzilla.maptools.org/show_bug.cgi?id=2493 - CVE-2014-8128 libtiff: Out-of-bounds Write in the tiff2pdf tool http://bugzilla.maptools.org/show_bug.cgi?id=2495 Above upstream bugs were fixed by the below commits: 2014-12-21 Even Rouault <even.rouault@spatialys.com> * tools/thumbnail.c: fix out-of-buffer write http://bugzilla.maptools.org/show_bug.cgi?id=2489 (CVE-2014-8128) 2014-12-21 Even Rouault <even.rouault@spatialys.com> * libtiff/tif_next.c: check that BitsPerSample = 2. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2487 (CVE-2014-8129) 2014-12-21 Even Rouault <even.rouault@spatialys.com> * tools/thumbnail.c, tools/tiffcmp.c: only read/write TIFFTAG_GROUP3OPTIONS or TIFFTAG_GROUP4OPTIONS if compression is COMPRESSION_CCITTFAX3 or COMPRESSION_CCITTFAX4 http://bugzilla.maptools.org/show_bug.cgi?id=2493 (CVE-2014-8128) 2014-12-21 Even Rouault <even.rouault@spatialys.com> Fix various crasher bugs on fuzzed images. * libtiff/tif_dir.c: TIFFSetField(): refuse to set negative values for TIFFTAG_XRESOLUTION and TIFFTAG_YRESOLUTION that cause asserts when writing the directory * libtiff/tif_dirread.c: TIFFReadDirectory(): refuse to read ColorMap or TransferFunction if BitsPerSample has not yet been read, otherwise reading it later will cause user code to crash if BitsPerSample > 1 * libtiff/tif_getimage.c: TIFFRGBAImageOK(): return FALSE if LOGLUV with SamplesPerPixel != 3, or if CIELAB with SamplesPerPixel != 3 or BitsPerSample != 8 * libtiff/tif_next.c: in the "run mode", use tilewidth for tiled images instead of imagewidth to avoid crash * tools/bmp2tiff.c: fix crash due to int overflow related to input BMP dimensions * tools/tiff2pdf.c: fix crash due to invalid tile count (should likely be checked by libtiff too). Detect invalid settings of BitsPerSample/SamplesPerPixel for CIELAB / ITULAB * tools/tiffcrop.c: fix crash due to invalid TileWidth/TileHeight * tools/tiffdump.c: fix crash due to overflow of entry count. 2014-12-21 Even Rouault <even.rouault@spatialys.com> * tools/tiff2pdf.c: check return code of TIFFGetField() when reading TIFFTAG_SAMPLESPERPIXEL The below bugs are not yet fixed: - CVE-2014-8128 libtiff: Out-of-bounds Write in the thumbnail and tiffcmp tools http://bugzilla.maptools.org/show_bug.cgi?id=2499 - CVE-2014-8128 libtiff: Out-of-bounds Writes in the tiffdither tool http://bugzilla.maptools.org/show_bug.cgi?id=2501
To sum up: (In reply to Victor Pereira from comment #1) > Multiple out-of-bounds reads were reported in various libtiff tools: CVE-2014-8127 (In reply to Victor Pereira from comment #2) > Out-of-bounds read/write was reported in tiff2pdf libtiff tool: CVE-2014-8129 (In reply to Victor Pereira from comment #3) > Multiple out-of-bounds writes were reported in various libtiff tools: CVE-2014-8128 (In reply to Victor Pereira from comment #0) > divide by zero was reported in the libtiff tiffdither tool: CVE-2014-8130
(In reply to Victor Pereira from comment #0) > rh#1185805 > > divide by zero was reported in the libtiff tiffdither tool: > > - CVE-2014-8130 libtiff: Divide By Zero in the tiffdither tool > http://bugzilla.maptools.org/show_bug.cgi?id=2483 > > The above upstream bug was fixed by one of the commits that fix > CVE-2014-8127 / CVE-2014-8128 / CVE-2014-8129 Actually, as far as I tested, it is the PatchSet 2805 as listed with cvsps what surpress division by zero for the testcase from said upstream bug: --------------------- PatchSet 2805 Date: 2012/11/18 19:51:52 Author: bfriesen Branch: HEAD Tag: (none) Log: * libtiff/tif_{unix,vms,win32}.c (_TIFFmalloc): ANSI C does not require malloc() to return NULL pointer if requested allocation size is zero. Assure that _TIFFmalloc does. Members: ChangeLog:1.924->1.925 libtiff/tif_unix.c:1.23->1.24 libtiff/tif_vms.c:1.11->1.12 libtiff/tif_win32.c:1.39->1.40 Index: libtiff/libtiff/tif_unix.c diff -u libtiff/libtiff/tif_unix.c:1.23 libtiff/libtiff/tif_unix.c:1.24 --- libtiff/libtiff/tif_unix.c:1.23 Fri Jun 1 16:40:59 2012 +++ libtiff/libtiff/tif_unix.c Sun Nov 18 12:51:52 2012 @@ -257,6 +257,9 @@ void* _TIFFmalloc(tmsize_t s) { + if (s == 0) + return ((void *) NULL); + return (malloc((size_t) s)); }
Make this bug 'master'.
Created attachment 623440 [details] patches agains 3.8.2
Created attachment 623441 [details] patches against 4.0.3
In 10 patches we fix all problems I am aware of (this bug, bug 916925 bug 916927) except: (1) CVE-2015-1547 covered by bug 916425; there is no related upstream commit or bug number known to me so far (2) part of CVE-2014-8128, see the end of comment 3; covered by http://bugzilla.maptools.org/show_bug.cgi?id=2499 (3) part of CVE-2014-8128, see the end of comment 3; covered by http://bugzilla.maptools.org/show_bug.cgi?id=2501
(In reply to Petr Gajdos from comment #9) > (1) CVE-2015-1547 covered by bug 916425; there is no related upstream commit Typo here, 916925 obviously.
(In reply to Petr Gajdos from comment #9) > (1) CVE-2015-1547 covered by bug 916425; there is no related upstream commit > or bug number known to me so far Do not know how to reproduce with given reproducer. > (2) part of CVE-2014-8128, see the end of comment 3; covered by > http://bugzilla.maptools.org/show_bug.cgi?id=2499 Reproduces reliably with 4.0.3 and 3.8.2. > (3) part of CVE-2014-8128, see the end of comment 3; covered by > http://bugzilla.maptools.org/show_bug.cgi?id=2501 Can't reproduce the segfault with both 4.0.3 and 3.8.2.
(In reply to Petr Gajdos from comment #11) > (In reply to Petr Gajdos from comment #9) > > (1) CVE-2015-1547 covered by bug 916425; there is no related upstream commit > > or bug number known to me so far > > Do not know how to reproduce with given reproducer. > > > (2) part of CVE-2014-8128, see the end of comment 3; covered by > > http://bugzilla.maptools.org/show_bug.cgi?id=2499 > > Reproduces reliably with 4.0.3 and 3.8.2. > > > (3) part of CVE-2014-8128, see the end of comment 3; covered by > > http://bugzilla.maptools.org/show_bug.cgi?id=2501 > > Can't reproduce the segfault with both 4.0.3 and 3.8.2. Same results for CVS snapshot.
(In reply to Petr Gajdos from comment #11) > (In reply to Petr Gajdos from comment #9) > > (1) CVE-2015-1547 covered by bug 916425; there is no related upstream commit > > or bug number known to me so far > > Do not know how to reproduce with given reproducer. The fix is part of PatchSet 2876, see bug 916925 comment 5.
hi, thanks for the analysis. Do you know already which code streams are affected? t
(In reply to Victor Pereira from comment #14) > hi, thanks for the analysis. Do you know already which code streams are > affected? 4.0.3 (Factory, 13.2, 13.1, sle12) and 3.8.2 (sle11, sle10).
(In reply to Petr Gajdos from comment #11) > > (3) part of CVE-2014-8128, see the end of comment 3; covered by > > http://bugzilla.maptools.org/show_bug.cgi?id=2501 > > Can't reproduce the segfault with both 4.0.3 and 3.8.2. That was because I had enough memory.
(3): fsdither() do not check if local four allocs succeded. I have suggested a patch upstream: http://bugzilla.maptools.org/show_bug.cgi?id=2501#c8
(2): it seems,that it relates to TIFFReadDirectory: Warning, Unknown field with tag 317 (0x13d) encountered.
(3): proposed two patches upstream: http://bugzilla.maptools.org/show_bug.cgi?id=2499#c9 and http://bugzilla.maptools.org/show_bug.cgi?id=2499#c10
Packages submitted.
openSUSE-SU-2015:0450-1: An update that fixes 6 vulnerabilities is now available. Category: security (moderate) Bug References: 914890,916925,916927 CVE References: CVE-2014-8127,CVE-2014-8128,CVE-2014-8129,CVE-2014-8130,CVE-2014-9655,CVE-2015-1547 Sources used: openSUSE 13.2 (src): tiff-4.0.3-10.4.1 openSUSE 13.1 (src): tiff-4.0.3-8.4.1
Created attachment 627442 [details] libtiff_poc.tar.gz QA: libtiff_poc.tar.gz poc files.
Created attachment 627443 [details] libtiff_cmd QA: libtiff_cmd to run all the POCs
(In reply to Petr Gajdos from comment #23) > (3): proposed two patches upstream: > http://bugzilla.maptools.org/show_bug.cgi?id=2499#c9 > and > http://bugzilla.maptools.org/show_bug.cgi?id=2499#c10 These patches are not correct, see: http://bugzilla.maptools.org/show_bug.cgi?id=2499#c11
I have the following regression bug: I can't convert correctly to a TIFF file using imagemagick anymore using libtiff5 4.0.3-10.4.1. (in opensuse 13.2). When I revert the update and go back to 4.0.3-10.1.2 , conversion is working well. It seems to correlate with this bug and there has been the same issue (maybe) in Ubuntu, but they found a fix, that may help here. This link: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=27323&p=121206&hilit=tiff#p121206 Inspired me to have a look at: https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/1439186 "SECURITY REGRESSION: regression when saving TIFF files with compression predictor (LP: #1439186)"
Please attach testcase and command you use so I can play with it.
Created attachment 632533 [details] Source file to create testcase for broken conversion to tiff
Created attachment 632534 [details] Converted file to show broken conversion to tiff
I have attached the testfile frog.jpg to reproduce the error. # convert -version Version: ImageMagick 6.8.9-8 Q16 x86_64 2014-11-18 http://www.imagemagick.org Copyright: Copyright (C) 1999-2014 ImageMagick Studio LLC Features: DPC Modules OpenMP Delegates: bzlib cairo djvu fftw fontconfig freetype jbig jng jp2 jpeg lcms lqr ltdl lzma openexr pangocairo png rsvg tiff webp wmf x xml zlib # rpm -q libtiff5 libtiff5-4.0.3-10.4.1.x86_64 # convert -verbose frog.jpg -depth 8 -compress lzw test.tiff frog.jpg JPEG 799x599 799x599+0+0 8-bit sRGB 106KB 0.000u 0:00.000 frog.jpg=>test.tiff JPEG 799x599 799x599+0+0 8-bit sRGB 779KB 0.050u 0:00.029 The target file "test.tiff" is created but the image is "distorted" when viewed.
Thanks (needinfo was provided).
I can reproduce the regression and can confirm that after removing tiff-handle-TIFFTAG_CONSECUTIVEBADFAXLINES.patch tiff-handle-TIFFTAG_PREDICTOR.patch I propose to remove these patches and wait until someone fix the issue correctly.
Takeshi, could you please double check that libtiff from http://download.opensuse.org/repositories/home:/pgajdos:/maintenance:/tiff/ fixes the regression for you? Make sure that you have correct libtiff rpm: ------------------------------------------------------------------- Tue Apr 28 15:13:52 UTC 2015 - pgajdos@suse.com - fix regression caused by previous update [bnc#914890] removed: - tiff-handle-TIFFTAG_CONSECUTIVEBADFAXLINES.patch - tiff-handle-TIFFTAG_PREDICTOR.patch
Thanks for looking into this. I can confirm that the following libtiff5 produces correct tiff images. # rpm -q libtiff5 libtiff5-4.0.3-10.7.1.x86_64 # convert --version Version: ImageMagick 6.8.9-8 Q16 x86_64 2014-11-18 http://www.imagemagick.org Copyright: Copyright (C) 1999-2014 ImageMagick Studio LLC Features: DPC Modules OpenMP Delegates: bzlib cairo djvu fftw fontconfig freetype jbig jng jp2 jpeg lcms lqr ltdl lzma openexr pangocairo png rsvg tiff webp wmf x xml zlib # convert -verbose frog.jpg -depth 8 -compress lzw test.tiff frog.jpg JPEG 799x599 799x599+0+0 8-bit sRGB 106KB 0.000u 0:00.009 frog.jpg=>test.tiff JPEG 799x599 799x599+0+0 8-bit sRGB 779KB 0.030u 0:00.020
Maintenance, could you please look at mr#304504?
Still unfixed known tiff issues: http://bugzilla.maptools.org/show_bug.cgi?id=2499 http://bugzilla.maptools.org/show_bug.cgi?id=2508 2499 could be fixed other way than just removed patches: do not let tiffcmp and thumbnail check for TIFFTAG_CONSECUTIVEBADFAXLINES and TIFFTAG_PREDICTOR. I have no clue so far how to fix 2508.
Thanks for submission. We will release as soon as possible
openSUSE-RU-2015:0826-1: An update that has one recommended fix can now be installed. Category: recommended (important) Bug References: 914890 CVE References: Sources used: openSUSE 13.2 (src): tiff-4.0.3-10.7.1 openSUSE 13.1 (src): tiff-4.0.3-8.7.1
I have submitted 4.0.4 into 13.1 and 13.2: see mr#314654.
I have submitted 4.0.4 into sle12, too: sr#61340
Submitted packages without wrong tiff-handle-TIFFTAG_CONSECUTIVEBADFAXLINES.patch and tiff-handle-TIFFTAG_PREDICTOR.patch: 11: sr#61342 10sp3: sr#61344 Enjoy
Reassigning to new maintainer: To sum up: to my knowledge, all known segfaults are fixed via submitrequest listed above, exept that three listed in two bugs in comment 45. I tried to write patches for two of them (tiff bug 2499), but that caused regressions. I guess there is another way how to fix it: to let the tools not check tags in question, but didn't try.
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2015-07-15. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/62163
openSUSE-SU-2015:1213-1: An update that fixes 6 vulnerabilities is now available. Category: security (moderate) Bug References: 914890,916925,916927 CVE References: CVE-2014-8127,CVE-2014-8128,CVE-2014-8129,CVE-2014-8130,CVE-2014-9655,CVE-2015-1547 Sources used: openSUSE 13.2 (src): tiff-4.0.4-10.10.1 openSUSE 13.1 (src): tiff-4.0.4-8.10.1
unfixed issues split out to bug 942690 cve assignment might be a mess on them.
SUSE-SU-2015:1420-1: An update that fixes 5 vulnerabilities is now available. Category: security (moderate) Bug References: 914890,916927 CVE References: CVE-2014-8127,CVE-2014-8128,CVE-2014-8129,CVE-2014-8130,CVE-2014-9655 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): tiff-3.8.2-141.160.1 SUSE Linux Enterprise Software Development Kit 11-SP3 (src): tiff-3.8.2-141.160.1 SUSE Linux Enterprise Server for VMWare 11-SP3 (src): tiff-3.8.2-141.160.1 SUSE Linux Enterprise Server 11-SP4 (src): tiff-3.8.2-141.160.1 SUSE Linux Enterprise Server 11-SP3 (src): tiff-3.8.2-141.160.1 SUSE Linux Enterprise Desktop 11-SP4 (src): tiff-3.8.2-141.160.1 SUSE Linux Enterprise Desktop 11-SP3 (src): tiff-3.8.2-141.160.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): tiff-3.8.2-141.160.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): tiff-3.8.2-141.160.1
SUSE-SU-2015:1475-1: An update that fixes 5 vulnerabilities is now available. Category: security (moderate) Bug References: 914890,916927 CVE References: CVE-2014-8127,CVE-2014-8128,CVE-2014-8129,CVE-2014-8130,CVE-2014-9655 Sources used: SUSE Linux Enterprise Software Development Kit 12 (src): tiff-4.0.4-12.2 SUSE Linux Enterprise Server 12 (src): tiff-4.0.4-12.2 SUSE Linux Enterprise Desktop 12 (src): tiff-4.0.4-12.2
The fixed have been released, assigning to default
All done, closing.
openSUSE-SU-2016:3035-1: An update that fixes 14 vulnerabilities is now available. Category: security (important) Bug References: 1007280,1010161,1010163,1011103,1011107,914890,974449,974840,984813,984815,987351 CVE References: CVE-2014-8127,CVE-2015-7554,CVE-2015-8665,CVE-2015-8683,CVE-2016-3622,CVE-2016-3658,CVE-2016-5321,CVE-2016-5323,CVE-2016-5652,CVE-2016-5875,CVE-2016-9273,CVE-2016-9297,CVE-2016-9448,CVE-2016-9453 Sources used: openSUSE 13.2 (src): tiff-4.0.7-10.35.1
SUSE-SU-2016:3301-1: An update that fixes 11 vulnerabilities is now available. Category: security (moderate) Bug References: 1007280,1010161,1010163,1011103,1011107,914890,974449,974840,984813,984815,987351 CVE References: CVE-2014-8127,CVE-2016-3622,CVE-2016-3658,CVE-2016-5321,CVE-2016-5323,CVE-2016-5652,CVE-2016-5875,CVE-2016-9273,CVE-2016-9297,CVE-2016-9448,CVE-2016-9453 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP2 (src): tiff-4.0.7-35.1 SUSE Linux Enterprise Software Development Kit 12-SP1 (src): tiff-4.0.7-35.1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src): tiff-4.0.7-35.1 SUSE Linux Enterprise Server 12-SP2 (src): tiff-4.0.7-35.1 SUSE Linux Enterprise Server 12-SP1 (src): tiff-4.0.7-35.1 SUSE Linux Enterprise Desktop 12-SP2 (src): tiff-4.0.7-35.1 SUSE Linux Enterprise Desktop 12-SP1 (src): tiff-4.0.7-35.1
openSUSE-SU-2017:0074-1: An update that fixes 11 vulnerabilities is now available. Category: security (moderate) Bug References: 1007280,1010161,1010163,1011103,1011107,914890,974449,974840,984813,984815,987351 CVE References: CVE-2014-8127,CVE-2016-3622,CVE-2016-3658,CVE-2016-5321,CVE-2016-5323,CVE-2016-5652,CVE-2016-5875,CVE-2016-9273,CVE-2016-9297,CVE-2016-9448,CVE-2016-9453 Sources used: openSUSE Leap 42.2 (src): tiff-4.0.7-12.1 openSUSE Leap 42.1 (src): tiff-4.0.7-12.1