Security update for tiff
This update for tiff to version 4.0.9 fixes the following issues:
Security issues fixed:
- CVE-2014-8128: Fix out-of-bounds read with malformed TIFF image in multiple tools (bsc#969783).
- CVE-2015-7554: Fix invalid write in tiffsplit / _TIFFVGetField (bsc#960341).
- CVE-2016-10095: Fix stack-based buffer overflow in _TIFFVGetField (tif_dir.c) (bsc#1017690).
- CVE-2016-5318: Fix stackoverflow in thumbnail (bsc#983436).
- CVE-2017-16232: Fix memory-based DoS in tiff2bw (bsc#1069213).
This update was imported from the SUSE:SLE-12:Update update project.
-
Submitted by
Fridrich Strba (fstrba)
Fixed bugs
bnc#960341
VUL-0: CVE-2015-7554: tiff: libtiff: invalid write in tiffsplit / _TIFFVGetField
bnc#1069213
VUL-1: CVE-2017-16232: tiff: memory-based DoS in tiff2bw
bnc#983436
VUL-0: CVE-2016-5318: tiff: stackoverflow in thumbnail
bnc#969783
Security Fix request for SLES 11 SP1 LTSS: libtiff3 - CVE-2014-8127 - CVE-2014-9655
bnc#1017690
VUL-0: CVE-2016-10095: libtiff: stack-based buffer overflow in _TIFFVGetField (tif_dir.c)
