Security update for tiff SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2017:0453-1 Final 1 1 2017-02-13T10:40:44Z current 2017-02-13T10:40:44Z 2017-02-13T10:40:44Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for tiff This update for tiff fixes the following issues: - A crafted TIFF image could cause a crash and potential code execution when processed by the 'tiffcp' utility (CVE-2017-5225, bsc#1019611). Also a regression from the version update to 4.0.7 was fixed in handling TIFFTAG_FAXRECVPARAMS. (bsc#1022103) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-DESKTOP-12-SP1-2017-231,SUSE-SLE-DESKTOP-12-SP2-2017-231,SUSE-SLE-RPI-12-SP2-2017-231,SUSE-SLE-SDK-12-SP1-2017-231,SUSE-SLE-SDK-12-SP2-2017-231,SUSE-SLE-SERVER-12-SP1-2017-231,SUSE-SLE-SERVER-12-SP2-2017-231 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2017/suse-su-20170453-1/ Link for SUSE-SU-2017:0453-1 https://lists.suse.com/pipermail/sle-security-updates/2017-February/002639.html E-Mail link for SUSE-SU-2017:0453-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1019611 SUSE Bug 1019611 https://bugzilla.suse.com/1022103 SUSE Bug 1022103 https://www.suse.com/security/cve/CVE-2017-5225/ SUSE CVE CVE-2017-5225 page SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP1 SUSE Linux Enterprise Server for SAP Applications 12 SP2 SUSE Linux Enterprise Software Development Kit 12 SP1 SUSE Linux Enterprise Software Development Kit 12 SP2 libtiff5-4.0.7-40.1 libtiff5-32bit-4.0.7-40.1 tiff-4.0.7-40.1 libtiff-devel-4.0.7-40.1 libtiff5-4.0.7-40.1 as a component of SUSE Linux Enterprise Desktop 12 SP1 libtiff5-32bit-4.0.7-40.1 as a component of SUSE Linux Enterprise Desktop 12 SP1 libtiff5-4.0.7-40.1 as a component of SUSE Linux Enterprise Desktop 12 SP2 libtiff5-32bit-4.0.7-40.1 as a component of SUSE Linux Enterprise Desktop 12 SP2 libtiff5-4.0.7-40.1 as a component of SUSE Linux Enterprise Server 12 SP1 libtiff5-32bit-4.0.7-40.1 as a component of SUSE Linux Enterprise Server 12 SP1 tiff-4.0.7-40.1 as a component of SUSE Linux Enterprise Server 12 SP1 libtiff5-4.0.7-40.1 as a component of SUSE Linux Enterprise Server 12 SP2 libtiff5-32bit-4.0.7-40.1 as a component of SUSE Linux Enterprise Server 12 SP2 tiff-4.0.7-40.1 as a component of SUSE Linux Enterprise Server 12 SP2 libtiff5-4.0.7-40.1 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 tiff-4.0.7-40.1 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 libtiff5-4.0.7-40.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 libtiff5-32bit-4.0.7-40.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 tiff-4.0.7-40.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 libtiff5-4.0.7-40.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 libtiff5-32bit-4.0.7-40.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 tiff-4.0.7-40.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 libtiff-devel-4.0.7-40.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP1 libtiff-devel-4.0.7-40.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP2 LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample value. CVE-2017-5225 SUSE Linux Enterprise Desktop 12 SP1:libtiff5-32bit-4.0.7-40.1 SUSE Linux Enterprise Desktop 12 SP1:libtiff5-4.0.7-40.1 SUSE Linux Enterprise Desktop 12 SP2:libtiff5-32bit-4.0.7-40.1 SUSE Linux Enterprise Desktop 12 SP2:libtiff5-4.0.7-40.1 SUSE Linux Enterprise Server 12 SP1:libtiff5-32bit-4.0.7-40.1 SUSE Linux Enterprise Server 12 SP1:libtiff5-4.0.7-40.1 SUSE Linux Enterprise Server 12 SP1:tiff-4.0.7-40.1 SUSE Linux Enterprise Server 12 SP2:libtiff5-32bit-4.0.7-40.1 SUSE Linux Enterprise Server 12 SP2:libtiff5-4.0.7-40.1 SUSE Linux Enterprise Server 12 SP2:tiff-4.0.7-40.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libtiff5-4.0.7-40.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tiff-4.0.7-40.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libtiff5-32bit-4.0.7-40.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libtiff5-4.0.7-40.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:tiff-4.0.7-40.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-32bit-4.0.7-40.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libtiff5-4.0.7-40.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:tiff-4.0.7-40.1 SUSE Linux Enterprise Software Development Kit 12 SP1:libtiff-devel-4.0.7-40.1 SUSE Linux Enterprise Software Development Kit 12 SP2:libtiff-devel-4.0.7-40.1 moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170453-1/ https://www.suse.com/security/cve/CVE-2017-5225.html CVE-2017-5225 https://bugzilla.suse.com/1019611 SUSE Bug 1019611