Security update for tiff
This update for tiff fixes the following issues:
Security issues fixed:
- CVE-2016-5314: Fixed an out-of-bounds write in PixarLogDecode() function (boo#984831)
- CVE-2016-5316: Fixed an out-of-bounds read in PixarLogCleanup() function in tif_pixarlog.c (boo#984837)
- CVE-2016-5317: Fixed an out-of-bounds write in PixarLogDecode() function in libtiff.so (boo#984842)
- CVE-2016-5320: Fixed an out-of-bounds write in PixarLogDecode() function in tif_pixarlog.c (boo#984808)
- CVE-2016-5875: Fixed a heap-based buffer overflow when using the PixarLog compressionformat (boo#987351)
Bugs fixed:
- boo#964225: Fixed writes for invalid images (upstream bug #2522)
-
Submitted by
Fridrich Strba (fstrba)
Fixed bugs
bnc#987351
VUL-1: CVE-2016-5875: tiff: heap-based buffer overflow when using the PixarLog compressionformat
bnc#984842
VUL-1: tiff: CVE-2016-5317: Out-of-bounds write in PixarLogDecode() function in libtiff.so
bnc#984808
VUL-1: tiff: CVE-2016-5320: Out-of-bounds write in PixarLogDecode() function in tif_pixarlog.c
bnc#964225
VUL-1: CVE-2015-8781, CVE-2015-8782, CVE-2015-8783: tiff: out-of-bounds writes for invalid images
bnc#984837
VUL-0: tiff: CVE-2016-5316: Out-of-bounds read in PixarLogCleanup() function in tif_pixarlog.c
bnc#984831
VUL-1: tiff: CVE-2016-5314: Out-of-bounds write in PixarLogDecode() function
