Package Release Info

tiff-4.0.9-45.5.1

Update Info: SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-480
Available in Package Hub : 15 SP4 Subpackages Updates

platforms

AArch64
ppc64le
s390x
x86-64

subpackages

libtiff5-32bit
tiff

Change Logs

* Mon Jan 17 2022 mvetter@suse.com 
- security update: Fix buffer overwrite
  * CVE-2019-17546[bsc#1154365]
    + tiff-CVE-2019-17546.patch
- security update: Fix heap based buffer overflow in pal2rgb
  * CVE-2017-17095[bsc#1071031]
    + tiff-CVE-2017-17095.patch
- security update: Fix OOB in _TIFFmemcpy
  * CVE-2022-22844[bsc#1194539]
    + tiff-CVE-2022-22844.patch
- security update: Fix memory allocation failure in tif_read.c
  * CVE-2020-35521[bsc#1182808] CVE-2020-35522[bsc#1182809]
    + tiff-CVE-2020-35521,CVE-2020-35522.patch
- security update: Fix DOS via invertImage()
  * CVE-2020-19131[bsc#1190312]
    + tiff-CVE-2020-19131.patch
- security update: Fix heap-based buffer overflow in TIFF2PDF tool
  * CVE-2020-35524[bsc#1182812]
    + tiff-CVE-2020-35524.patch
- security update: Fix integer overflow in tif_getimage
  * CVE-2020-35523 [bsc#1182811]
    + tiff-CVE-2020-35523.patch
Version: 4.0.9-150000.45.44.1
* Wed May 29 2024 mvetter@suse.com 
- security update:
  * CVE-2023-3164 [bsc#1212233]
    Fix heap buffer overflow in tiffcrop
    + tiff-CVE-2023-3164.patch
Version: 4.0.9-150000.45.41.1
* Wed Mar 13 2024 mvetter@suse.com 
- security update:
  * CVE-2023-40745[bsc#1214687] CVE-2023-41175[bsc#1214686] [bsc#1221187]
    CVE-2023-38288[bsc#1213590]
    Fix potential int overflow in raw2tiff.c and tiffcp.c
    Rename tiff-CVE-2023-38288.patch into
    tiff-CVE-2023-38288,CVE-2023-40745,CVE-2023-41175.patch
Version: 4.0.9-150000.45.38.1
* Fri Jan 26 2024 mvetter@suse.com 
- security update:
  * CVE-2023-52356 [bsc#1219213]
    Fix segfault in TIFFReadRGBATileExt()
    + tiff-CVE-2023-52356.patch
Version: 4.0.9-150000.45.35.1
* Wed Dec 06 2023 mvetter@suse.com 
- security update:
  * CVE-2023-2731 [bsc#1211478]
    Fix null pointer deference in LZWDecode()
    This patch also contains a required commit which is marked
    to fix CVE-2022-1622 [bsc#1199483] but we are not vulnerable
    to that CVE because relevant code is not present.
    + tiff-CVE-2023-2731.patch
  * CVE-2023-26965 [bsc#1212398]
    Fix heap-based use after free in loadImage()
    + tiff-CVE-2023-26965.patch
  * CVE-2022-40090 [bsc#1214680]
    Fix infinite loop in TIFFReadDirectory()
    + tiff-CVE-2022-40090.patch
  * CVE-2023-1916 [bsc#1210231]
    Fix out-of-bounds read in extractImageSection()
    + tiff-CVE-2023-1916.patch
Version: 4.0.9-150000.45.32.1
* Mon Oct 30 2023 mvetter@suse.com 
- security update:
  * CVE-2023-38289 [bsc#1213589]
    + tiff-CVE-2023-38289.patch
  * CVE-2023-38288 [bsc#1213590]
    + tiff-CVE-2023-38288.patch
  * CVE-2023-3576 [bsc#1213273]
    + tiff-CVE-2023-3576.patch
  * CVE-2020-18768 [bsc#1214574]
    + tiff-CVE-2020-18768.patch
  * CVE-2023-26966 [bsc#1212881]
    + tiff-CVE-2023-26966.patch
  * CVE-2023-3618 [bsc#1213274]
    + tiff-CVE-2023-3618.patch
  * CVE-2023-2908 [bsc#1212888]
    + tiff-CVE-2023-2908.patch
  * CVE-2023-3316 [bsc#1212535]
    + tiff-CVE-2023-3316.patch
Version: 4.0.9-150000.45.28.1
* Fri May 19 2023 mvetter@suse.com 
- security update:
  * CVE-2023-0795 [bsc#1208226]
  * CVE-2023-0796 [bsc#1208227]
  * CVE-2023-0797 [bsc#1208228]
  * CVE-2023-0798 [bsc#1208229]
  * CVE-2023-0799 [bsc#1208230]
  * CVE-2023-25433 [bsc#1212883]
    + tiff-CVE-2023-0795,CVE-2023-0796,CVE-2023-0797,CVE-2023-0798,CVE-2023-0799.patch
  * CVE-2023-0800 [bsc#1208231]
  * CVE-2023-0801 [bsc#1208232]
  * CVE-2023-0802 [bsc#1208233]
  * CVE-2023-0803 [bsc#1208234]
  * CVE-2023-0804 [bsc#1208236]
    + tiff-CVE-2023-0800,CVE-2023-0801,CVE-2023-0802,CVE-2023-0803,CVE-2023-0804.patch
Version: 4.0.9-45.2.1
Version: 4.0.9-150000.45.8.1
* Fri May 06 2022 mvetter@suse.com 
- security update
  * CVE-2022-0561 [bsc#1195964]
    + tiff-CVE-2022-0561.patch
  * CVE-2022-0562 [bsc#1195965]
    + tiff-CVE-2022-0562.patch
  * CVE-2022-0865 [bsc#1197066]
    + tiff-CVE-2022-0865.patch
  * CVE-2022-0909 [bsc#1197072]
    + tiff-CVE-2022-0909.patch
  * CVE-2022-0924 [bsc#1197073]
    + tiff-CVE-2022-0924.patch
  * CVE-2022-0908 [bsc#1197074]
    + tiff-CVE-2022-0908.patch
* Fri May 06 2022 mvetter@suse.com 
- security update
  * CVE-2022-1056 [bsc#1197631]
  * CVE-2022-0891 [bsc#1197068]
    + tiff-CVE-2022-1056,CVE-2022-0891.patch
Version: 4.0.9-150000.45.25.1
* Thu Jan 26 2023 mvetter@suse.com 
- security update:
  * CVE-2022-48281 [bsc#1207413]
    + tiff-CVE-2022-48281.patch
Version: 4.0.9-150000.45.22.1
* Fri Nov 18 2022 fstrba@suse.com 
- security update:
  * CVE-2022-3570 [bsc#1205422]
  * CVE-2022-3598 [bsc#1204642]
    + tiff-CVE-2022-3598,3570.patch
Version: 4.0.9-150000.45.19.1
* Sun Nov 13 2022 mvetter@suse.com 
- security update:
  * CVE-2022-3597 [bsc#1204641]
  * CVE-2022-3626 [bsc#1204644]
  * CVE-2022-3627 [bsc#1204645]
    + tiff-CVE-2022-3597,CVE-2022-3626,CVE-2022-3627.patch
  * CVE-2022-3599 [bsc#1204643]
    + tiff-CVE-2022-3599.patch
  * CVE-2022-3970 [bsc#1205392]
    + tiff-CVE-2022-3970.patch
Version: 4.0.9-150000.45.16.1
* Mon Oct 17 2022 mvetter@suse.com 
- security update:
  * CVE-2022-2519 [bsc#1202968]
  * CVE-2022-2520 [bsc#1202973]
  * CVE-2022-2521 [bsc#1202971]
    + tiff-CVE-2022-2519,CVE-2022-2520,CVE-2022-2521.patch
  * CVE-2022-2867 [bsc#1202466]
  * CVE-2022-2868 [bsc#1202467]
  * CVE-2022-2869 [bsc#1202468]
    + tiff-CVE-2022-2867,CVE-2022-2868,CVE-2022-2869.patch
* Wed Aug 03 2022 mvetter@suse.com 
- CVE-2022-34266 [bsc#1201971] and [bsc#1201723]:
  Rename tiff-CVE-2022-0561.patch to
  tiff-CVE-2022-0561,CVE-2022-34266.patch
  This CVE is actually a duplicate.
* Mon Aug 01 2022 mvetter@suse.com 
- security update:
  * CVE-2022-34526 [bsc#1202026]
    + tiff-CVE-2022-34526.patch
Version: 4.0.9-150000.45.11.1
* Wed Jul 06 2022 mvetter@suse.com 
- security update
  * CVE-2022-2056 [bsc#1201176]
  * CVE-2022-2057 [bsc#1201175]
  * CVE-2022-2058 [bsc#1201174]
    + tiff-CVE-2022-2056,CVE-2022-2057,CVE-2022-2058.patch