Lucene search

K
suseSuseSUSE-SU-2022:3690-1
HistoryOct 21, 2022 - 12:00 a.m.

Security update for tiff (important)

2022-10-2100:00:00
lists.opensuse.org
31
tiff
security update
vulnerabilities
installation
suse manager
opensuse leap
suse linux enterprise server
sap

EPSS

0.003

Percentile

68.1%

An update that fixes 9 vulnerabilities is now available.

Description:

This update for tiff fixes the following issues:

  • CVE-2022-2519: Fixed a double free in rotateImage() (bsc#1202968).
  • CVE-2022-2520: Fixed a assertion failure in rotateImage() (bsc#1202973).
  • CVE-2022-2521: Fixed invalid free in TIFFClose() (bsc#1202971).
  • CVE-2022-2867: Fixed out of bounds read and write in tiffcrop.c
    (bsc#1202466).
  • CVE-2022-2868: Fixed out of bounds read in reverseSamples16bits()
    (bsc#1202467).
  • CVE-2022-2869: Fixed out of bounds read and write in
    extractContigSamples8bits() (bsc#1202468).
  • CVE-2022-34526: Fixed stack overflow in the _TIFFVGetField function of
    Tiffsplit (bsc#1202026).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Leap Micro 5.2:

    zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3690=1

  • openSUSE Leap 15.4:

    zypper in -t patch openSUSE-SLE-15.4-2022-3690=1

  • openSUSE Leap 15.3:

    zypper in -t patch openSUSE-SLE-15.3-2022-3690=1

  • SUSE Manager Server 4.1:

    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3690=1

  • SUSE Manager Retail Branch Server 4.1:

    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3690=1

  • SUSE Manager Proxy 4.1:

    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3690=1

  • SUSE Linux Enterprise Server for SAP 15-SP2:

    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3690=1

  • SUSE Linux Enterprise Server for SAP 15-SP1:

    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3690=1

  • SUSE Linux Enterprise Server for SAP 15:

    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3690=1

  • SUSE Linux Enterprise Server 15-SP2-LTSS:

    zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3690=1

  • SUSE Linux Enterprise Server 15-SP2-BCL:

    zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3690=1

  • SUSE Linux Enterprise Server 15-SP1-LTSS:

    zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3690=1

  • SUSE Linux Enterprise Server 15-SP1-BCL:

    zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3690=1

  • SUSE Linux Enterprise Server 15-LTSS:

    zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3690=1

  • SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4:

    zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-3690=1

  • SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3:

    zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-3690=1

  • SUSE Linux Enterprise Module for Desktop Applications 15-SP3:

    zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-3690=1

  • SUSE Linux Enterprise Module for Basesystem 15-SP4:

    zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3690=1

  • SUSE Linux Enterprise Module for Basesystem 15-SP3:

    zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3690=1

  • SUSE Linux Enterprise Micro 5.3:

    zypper in -t patch SUSE-SLE-Micro-5.3-2022-3690=1

  • SUSE Linux Enterprise Micro 5.2:

    zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3690=1

  • SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:

    zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3690=1

  • SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:

    zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3690=1

  • SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:

    zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3690=1

  • SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:

    zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3690=1

  • SUSE Linux Enterprise High Performance Computing 15-LTSS:

    zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3690=1

  • SUSE Linux Enterprise High Performance Computing 15-ESPOS:

    zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3690=1

  • SUSE Enterprise Storage 7:

    zypper in -t patch SUSE-Storage-7-2022-3690=1

  • SUSE Enterprise Storage 6:

    zypper in -t patch SUSE-Storage-6-2022-3690=1

  • SUSE CaaS Platform 4.0:

    To install this update, use the SUSE CaaS Platform ‘skuba’ tool. It
    will inform you if it detects new updates and let you then trigger
    updating of the complete cluster in a controlled way.

Rows per page:
1-10 of 911