Lucene search
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2022-1882-1.NASLHistoryMay 31, 2022 - 12:00 a.m.
SUSE SLED15 / SLES15 Security Update : tiff (SUSE-SU-2022:1882-1)
2022-05-3100:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1882-1 advisory.
-
Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712.
(CVE-2022-0561) -
Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c. (CVE-2022-0562)
-
Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045.
(CVE-2022-0865) -
A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact (CVE-2022-0891)
-
Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.
(CVE-2022-0908) -
Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa.
(CVE-2022-0909) -
Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4.
(CVE-2022-0924) -
Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd.
(CVE-2022-1056)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# SUSE update advisory SUSE-SU-2022:1882-1. The text itself
# is copyright (C) SUSE.
##
include('compat.inc');
if (description)
{
script_id(161682);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/14");
script_cve_id(
"CVE-2022-0561",
"CVE-2022-0562",
"CVE-2022-0865",
"CVE-2022-0891",
"CVE-2022-0908",
"CVE-2022-0909",
"CVE-2022-0924",
"CVE-2022-1056"
);
script_xref(name:"SuSE", value:"SUSE-SU-2022:1882-1");
script_name(english:"SUSE SLED15 / SLES15 Security Update : tiff (SUSE-SU-2022:1882-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by
multiple vulnerabilities as referenced in the SUSE-SU-2022:1882-1 advisory.
- Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in
tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF
file. For users that compile libtiff from sources, the fix is available with commit eecb0712.
(CVE-2022-0561)
- Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c
in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users
that compile libtiff from sources, a fix is available with commit 561599c. (CVE-2022-0562)
- Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted
tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045.
(CVE-2022-0865)
- A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0
allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could
result into application crash, potential information disclosure or any other context-dependent impact
(CVE-2022-0891)
- Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in
tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.
(CVE-2022-0908)
- Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a
crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa.
(CVE-2022-0909)
- Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a
crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4.
(CVE-2022-0924)
- Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a
crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd.
(CVE-2022-1056)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1195964");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1195965");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197066");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197068");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197072");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197073");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197074");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1197631");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-0561");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-0562");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-0865");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-0891");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-0908");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-0909");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-0924");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-1056");
# https://lists.suse.com/pipermail/sle-security-updates/2022-May/011182.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?011dbb0d");
script_set_attribute(attribute:"solution", value:
"Update the affected libtiff-devel, libtiff5 and / or libtiff5-32bit packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-0891");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/02/11");
script_set_attribute(attribute:"patch_publication_date", value:"2022/05/30");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/05/31");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libtiff-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libtiff5");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libtiff5-32bit");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item("Host/SuSE/release");
if (isnull(os_release) || os_release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
var os_ver = pregmatch(pattern: "^(SLE(S|D)(?:_SAP)?\d+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');
os_ver = os_ver[1];
if (! preg(pattern:"^(SLED15|SLED_SAP15|SLES15|SLES_SAP15)$", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15', 'SUSE (' + os_ver + ')');
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);
var service_pack = get_kb_item("Host/SuSE/patchlevel");
if (isnull(service_pack)) service_pack = "0";
if (os_ver == "SLED15" && (! preg(pattern:"^(3|4)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLED15 SP3/4", os_ver + " SP" + service_pack);
if (os_ver == "SLED_SAP15" && (! preg(pattern:"^(3|4)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLED_SAP15 SP3/4", os_ver + " SP" + service_pack);
if (os_ver == "SLES15" && (! preg(pattern:"^(0|1|2|3|4)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES15 SP0/1/2/3/4", os_ver + " SP" + service_pack);
if (os_ver == "SLES_SAP15" && (! preg(pattern:"^(0|1|2|3|4)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES_SAP15 SP0/1/2/3/4", os_ver + " SP" + service_pack);
var pkgs = [
{'reference':'libtiff-devel-4.0.9-150000.45.8.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},
{'reference':'libtiff5-32bit-4.0.9-150000.45.8.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},
{'reference':'libtiff5-4.0.9-150000.45.8.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},
{'reference':'libtiff-devel-4.0.9-150000.45.8.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},
{'reference':'libtiff5-32bit-4.0.9-150000.45.8.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},
{'reference':'libtiff5-4.0.9-150000.45.8.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},
{'reference':'libtiff-devel-4.0.9-150000.45.8.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},
{'reference':'libtiff5-32bit-4.0.9-150000.45.8.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},
{'reference':'libtiff5-4.0.9-150000.45.8.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},
{'reference':'libtiff-devel-4.0.9-150000.45.8.1', 'sp':'3', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
{'reference':'libtiff-devel-4.0.9-150000.45.8.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
{'reference':'libtiff5-32bit-4.0.9-150000.45.8.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
{'reference':'libtiff5-32bit-4.0.9-150000.45.8.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
{'reference':'libtiff5-4.0.9-150000.45.8.1', 'sp':'3', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
{'reference':'libtiff5-4.0.9-150000.45.8.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
{'reference':'libtiff-devel-4.0.9-150000.45.8.1', 'sp':'4', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
{'reference':'libtiff-devel-4.0.9-150000.45.8.1', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
{'reference':'libtiff5-32bit-4.0.9-150000.45.8.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
{'reference':'libtiff5-32bit-4.0.9-150000.45.8.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
{'reference':'libtiff5-4.0.9-150000.45.8.1', 'sp':'4', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
{'reference':'libtiff5-4.0.9-150000.45.8.1', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
{'reference':'libtiff-devel-4.0.9-150000.45.8.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},
{'reference':'libtiff-devel-4.0.9-150000.45.8.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},
{'reference':'libtiff5-32bit-4.0.9-150000.45.8.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},
{'reference':'libtiff5-4.0.9-150000.45.8.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},
{'reference':'libtiff5-4.0.9-150000.45.8.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},
{'reference':'libtiff-devel-4.0.9-150000.45.8.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},
{'reference':'libtiff-devel-4.0.9-150000.45.8.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},
{'reference':'libtiff-devel-4.0.9-150000.45.8.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},
{'reference':'libtiff-devel-4.0.9-150000.45.8.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},
{'reference':'libtiff5-32bit-4.0.9-150000.45.8.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},
{'reference':'libtiff5-32bit-4.0.9-150000.45.8.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15', 'sles-ltss-release-15']},
{'reference':'libtiff5-4.0.9-150000.45.8.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},
{'reference':'libtiff5-4.0.9-150000.45.8.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},
{'reference':'libtiff5-4.0.9-150000.45.8.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},
{'reference':'libtiff5-4.0.9-150000.45.8.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},
{'reference':'libtiff-devel-4.0.9-150000.45.8.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},
{'reference':'libtiff-devel-4.0.9-150000.45.8.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2', 'sles-release-15.2']},
{'reference':'libtiff5-32bit-4.0.9-150000.45.8.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2', 'sles-release-15.2']},
{'reference':'libtiff5-4.0.9-150000.45.8.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},
{'reference':'libtiff5-4.0.9-150000.45.8.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2', 'sles-release-15.2']},
{'reference':'libtiff-devel-4.0.9-150000.45.8.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},
{'reference':'libtiff-devel-4.0.9-150000.45.8.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},
{'reference':'libtiff5-32bit-4.0.9-150000.45.8.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},
{'reference':'libtiff5-4.0.9-150000.45.8.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},
{'reference':'libtiff5-4.0.9-150000.45.8.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},
{'reference':'libtiff-devel-4.0.9-150000.45.8.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},
{'reference':'libtiff-devel-4.0.9-150000.45.8.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},
{'reference':'libtiff5-32bit-4.0.9-150000.45.8.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},
{'reference':'libtiff5-4.0.9-150000.45.8.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},
{'reference':'libtiff5-4.0.9-150000.45.8.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},
{'reference':'libtiff-devel-4.0.9-150000.45.8.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},
{'reference':'libtiff-devel-4.0.9-150000.45.8.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},
{'reference':'libtiff5-32bit-4.0.9-150000.45.8.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-desktop-applications-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},
{'reference':'libtiff5-32bit-4.0.9-150000.45.8.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-desktop-applications-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},
{'reference':'libtiff5-4.0.9-150000.45.8.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},
{'reference':'libtiff5-4.0.9-150000.45.8.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},
{'reference':'libtiff-devel-4.0.9-150000.45.8.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},
{'reference':'libtiff-devel-4.0.9-150000.45.8.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},
{'reference':'libtiff5-32bit-4.0.9-150000.45.8.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},
{'reference':'libtiff5-32bit-4.0.9-150000.45.8.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},
{'reference':'libtiff5-4.0.9-150000.45.8.1', 'sp':'4', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},
{'reference':'libtiff5-4.0.9-150000.45.8.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-basesystem-release-15.4', 'sled-release-15.4', 'sles-release-15.4']},
{'reference':'libtiff-devel-4.0.9-150000.45.8.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},
{'reference':'libtiff5-4.0.9-150000.45.8.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},
{'reference':'libtiff-devel-4.0.9-150000.45.8.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},
{'reference':'libtiff5-4.0.9-150000.45.8.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},
{'reference':'libtiff-devel-4.0.9-150000.45.8.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},
{'reference':'libtiff5-4.0.9-150000.45.8.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']}
];
var ltss_caveat_required = FALSE;
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var exists_check = NULL;
var rpm_spec_vers_cmp = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (reference && _release) {
if (exists_check) {
var check_flag = 0;
foreach var check (exists_check) {
if (!rpm_exists(release:_release, rpm:check)) continue;
if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;
check_flag++;
}
if (!check_flag) continue;
}
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
}
}
if (flag)
{
var ltss_plugin_caveat = NULL;
if(ltss_caveat_required) ltss_plugin_caveat = '\n' +
'NOTE: This vulnerability check contains fixes that apply to\n' +
'packages only available in SUSE Enterprise Linux Server LTSS\n' +
'repositories. Access to these package security updates require\n' +
'a paid SUSE LTSS subscription.\n';
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get() + ltss_plugin_caveat
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libtiff-devel / libtiff5 / libtiff5-32bit');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | suse_linux | libtiff-devel | p-cpe:/a:novell:suse_linux:libtiff-devel |
| novell | suse_linux | libtiff5 | p-cpe:/a:novell:suse_linux:libtiff5 |
| novell | suse_linux | libtiff5-32bit | p-cpe:/a:novell:suse_linux:libtiff5-32bit |
| novell | suse_linux | 15 | cpe:/o:novell:suse_linux:15 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1056
www.nessus.org/u?011dbb0d
bugzilla.suse.com/1195964
bugzilla.suse.com/1195965
bugzilla.suse.com/1197066
bugzilla.suse.com/1197068
bugzilla.suse.com/1197072
bugzilla.suse.com/1197073
bugzilla.suse.com/1197074
bugzilla.suse.com/1197631
www.suse.com/security/cve/CVE-2022-0561
www.suse.com/security/cve/CVE-2022-0562
www.suse.com/security/cve/CVE-2022-0865
www.suse.com/security/cve/CVE-2022-0891
www.suse.com/security/cve/CVE-2022-0908
www.suse.com/security/cve/CVE-2022-0909
www.suse.com/security/cve/CVE-2022-0924
www.suse.com/security/cve/CVE-2022-1056
Related
suse
suse
Security update for tiff (important)
2022-05-30 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2022:1882-1)
2022-05-31 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:1667-1)
2022-05-17 00:00:00
openSUSE: Security Advisory for tiff (SUSE-SU-2022:1882-1)
2022-05-31 00:00:00
nessus
nessus
SUSE SLES12 Security Update : tiff (SUSE-SU-2022:1667-1)
2022-05-17 00:00:00
EulerOS 2.0 SP3 : libtiff (EulerOS-SA-2022-1739)
2022-05-26 00:00:00
RHEL 8 : libtiff (RHSA-2022:7585)
2022-11-08 00:00:00
ibm
ibm
mageia
mageia
Updated libtiff packages fix security vulnerability
2022-03-28 19:23:37
Updated libtiff packages fix security vulnerability
2022-03-06 13:40:17
oraclelinux
oraclelinux
libtiff security update
2022-11-15 00:00:00
libtiff security update
2022-11-22 00:00:00
redhat
redhat
(RHSA-2022:7585) Moderate: libtiff security update
2022-11-08 06:23:40
(RHSA-2022:8194) Moderate: libtiff security update
2022-11-15 06:18:19
almalinux
almalinux
Moderate: libtiff security update
2022-11-08 00:00:00
Moderate: libtiff security update
2022-11-15 00:00:00
osv
osv
tiff - security update
2022-03-24 00:00:00
Moderate: libtiff security update
2022-11-08 00:00:00
Moderate: libtiff security update
2022-11-08 06:23:40
archlinux
archlinux
[ASA-202204-6] libtiff: multiple issues
2022-04-05 00:00:00
rocky
rocky
libtiff security update
2022-11-08 06:23:40
debian
debian
[SECURITY] [DSA 5108-1] tiff security update
2022-03-24 18:55:21
[SECURITY] [DLA 2932-1] tiff security update
2022-03-06 17:18:56
fedora
fedora
[SECURITY] Fedora 35 Update: libtiff-4.3.0-6.fc35
2022-03-31 01:15:26
[SECURITY] Fedora 36 Update: libtiff-4.3.0-6.fc36
2022-04-03 00:15:59
[SECURITY] Fedora 35 Update: libtiff-4.3.0-4.fc35
2022-03-02 16:10:57
cloudfoundry
cloudfoundry
USN-5421-1: LibTIFF vulnerabilities | Cloud Foundry
2022-07-29 00:00:00
USN-5523-2: LibTIFF vulnerabilities | Cloud Foundry
2022-09-29 00:00:00
ubuntu
ubuntu
LibTIFF vulnerabilities
2022-05-16 00:00:00
LibTIFF vulnerabilities
2022-07-19 00:00:00
LibTIFF vulnerabilities
2022-09-12 00:00:00
gentoo
gentoo
LibTIFF: Multiple Vulnerabilities
2022-10-31 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2022-4.0-0169
2022-04-03 00:00:00
Important Photon OS Security Update - PHSA-2022-0169
2022-04-03 00:00:00
Important Photon OS Security Update - PHSA-2022-0458
2022-03-30 00:00:00
ubuntucve
ubuntucve
amazon
amazon
Medium: libtiff
2022-07-28 20:38:00
Medium: libtiff
2022-04-25 22:56:00
Medium: libtiff
2022-05-31 23:50:00
rosalinux
rosalinux
Advisory ROSA-SA-2024-2338
2024-02-06 08:15:12
cve
cve
debiancve
debiancve
prion
prion
Null pointer dereference
2022-02-11 18:15:00
Design/Logic Flaw
2022-03-11 18:15:00
Input validation
2022-03-11 18:15:00
alpinelinux
alpinelinux
veracode
veracode
Denial Of Service (DoS)
2022-04-22 04:50:53
Out-of-Bounds Read
2022-03-15 05:02:54
Denial Of Service (DoS)
2022-04-21 20:53:24
redhatcve
redhatcve
cbl_mariner
cbl_mariner
CVE-2022-0924 affecting package libtiff 4.3.0-1
2022-04-26 20:17:07
CVE-2022-0562 affecting package libtiff 4.3.0-1
2022-04-26 20:17:07
CVE-2022-0562 affecting package libtiff 4.1.0-3
2022-04-07 06:04:01
Related for SUSE_SU-2022-1882-1.NASL